Cloud Based Email Security

Cyberattacks on businesses are increasing and email is the most common attack vector, as it provides threat actors with easy access to employees, who can be tricked into taking actions that provide attackers with access to networks and sensitive data. One of the best ways to prevent attacks is to implement an advanced cloud based email security solution that serves as a gateway through which all emails must pass. All emails – inbound and outbound – are subjected to a range of checks to identify and block malicious emails and prevent data loss.

Email security is required for compliance with many business regulations, including the Health Insurance Portability and Accountability Act (HIPAA) for healthcare organizations and their business associates, the EU’s General Data Protection Regulations for any business that provides products or services to EU citizens, and other regulations including the Security Standards for Federal Information Systems, 2nd Edition (SOC 2), FedRAMP, and PCI DSS, all of which have provisions that require email security measures to be implemented.

In addition to implementing an email security solution for blocking phishing attacks and malware/ransomware, it is also important to protect sensitive information in transit. This is a requirement for HIPAA compliance and many other regulations to prevent protected health information (PHI) or personally identifiable information (PII) from being accessed by unauthorized individuals. If emails are encrypted, you can ensure that only authorized individuals can view the content of messages.

Cloud Based Email Security Solutions

There are several advantages to using cloud based email security solutions rather than on-premises solutions, even if you have an on-premises email server. For the majority of businesses, cloud based email security is the best option due to the flexibility and scalability provided, ease of maintenance, and a lower cost. With an on-premises solution, the hardware needs to be purchased, maintained, and upgraded. With cloud-based email security, the service provider will provide the hardware, maintain it, and upgrade it, and that cost is spread across many thousands of users. That means cloud based email security solutions are generally the lowest cost option. There is also the flexibility and scalability of the cloud, which can adapt easily to the changing needs of businesses.

Secure Email Gateways / Spam Filters

Cloud based email security solutions are used to block email-borne threats such as phishing attacks, malware, ransomware, botnets, and social engineering attacks. These secure email gateways reside in the cloud and are accessed via a web-based interface. All scans of emails are performed in the cloud, and only cleaned emails are delivered.

These solutions – often called secure email gateways or spam filters – need to have certain features to protect against increasingly sophisticated attacks. All will provide a good level of protection against spam email and will block upward of 99% of these productivity-draining emails. Blocking malware can be more of a challenge. You should look for a cloud based email security solution that incorporates signature-based and behavior-based detection. Signature-based detection is used to block known malware threats and is driven by antivirus engines. AV engines can only detect malware that has previously been identified, when a signature has been added to the malware definition lists. Zero-day (new) malware threats will not be blocked, which is why files need to be analyzed for their behavior in a sandbox.  Choose an email security solution with sandboxing for maximum protection.

It is a similar story with phishing protection. Cloud based email security solutions will perform several checks of messages to identify phishing content, and will block messages sent from blacklisted IP addresses that have previously been used for spamming, phishing, or malware distribution. Checks will also be performed for the presence of certain phrases or keywords that indicate phishing, with messages scored and sent to a quarantine folder if a threshold is exceeded. Look for an email security solution that has an AI or machine learning component that can predict new phishing attacks, as malicious actors are constantly developing new campaigns to bypass standard spam filters.

Email security solutions that incorporate SPF, DKIM, and DMARC will help to block email impersonation, which is commonly used in business email compromise/email account compromise, and phishing attacks. Outbound filters with data loss prevention (DLP) capabilities are recommended, as these can identify sensitive data types in emails and prevent emails containing that information from being sent externally to protect against insider threats and mistakes by employees. Outbound scanning can also identify compromised mailboxes that are being used for spamming, malware distribution, or phishing/BEC attacks.

Email Encryption

It is important to protect emails from unauthorized access in transit. By default, emails are sent in plaintext, which means message content – and attachments – can be viewed if they are intercepted, and there are several points in the journey of an email when data could be viewed by unauthorized individuals. By encrypting emails in transit, you will ensure that the messages cannot be intercepted, with end-to-end encryption providing the greatest level of protection. Standard email encryption – using Transport Layer Security – will protect emails from interception from mail server to mail server, but end-to-end encryption will ensure that only the intended recipient can view emails, with them requiring to authenticate before messages are decrypted.

Email encryption can be a challenge to implement, but several cybersecurity companies offer email encryption under the software-as-a-service model, which makes it easy to implement and does not require the recipients of emails to also have the same software installed. If for any reason the email cannot be delivered, it will be sent to a secure cloud gateway where the recipient can authenticate to view the message. These solutions allow businesses to add additional controls, such as preventing forwarding, printing, or copying and pasting from emails, while providing the option to recall messages, set timespans after which emails are deleted, and track who has read emails.

Summary

These email security solutions are important for protecting against cyberattacks and for ensuring sensitive data remains private and confidential. They can help to ensure compliance and will prevent costly data breaches and regulatory fines. Cloud based email security solutions take a lot of the complexity out of securing email, with many SaaS solutions serving as set-and-forget solutions that require little maintenance, and they can be low-cost solutions, typically costing just a few dollars per user per year.