Despite encryption, a study released today identifies standard email as the number one way unauthorized data leaves a federal agency.
According to the study, 80% of Federal information security managers fear data loss through encrypted email, and 58% state that encryption makes it harder to detect data leaving.
The study also reveals that despite security measures, Federal information security and email management professionals state that standard work email is the main culprit in releasing unauthorized data. Specifically, the study found:
- 83% of agencies provide users with the ability to encrypt outbound email
- One in four agencies rate the security of their current email solution an “A”
- Approximately one in four Feds see email encryption as a problem today and 51% of information security professionals see email encryption becoming a more significant problem in the next five years
The study also points out that while 79% of Federal information security and email management professionals say cybersecurity is a top priority, only one in four give the security of their current email solution an “A.”
Yet 83% of federal agencies provide users with the ability to encrypt outbound email. Email is the number one way unauthorized data, including classified and sensitive information, leaves federal agencies followed by agency-issued mobile devices and USB flash drives. In a number of cases, the very encryption that may be used to ensure the security of information becomes the tool for hiding sensitive information as it leaves through the email gateway.
Most agencies — 84% — believe that they are safe and support the inspection of desktop-encrypted email. However, to effectively support the inspection of desktop-encrypted emails, agencies must validate all email users, have proper email polices in place and ensure users must follow correct email policies.
Currently, 47% of agencies cite the need for better email policies and 45% report that employees do not follow these policies. In fact, even if these three conditions are met, agencies may be unable to enforce email policies unless their email gateways explicitly decrypt and scan desktop-encrypted email.
“Email encryption is an important tool for protecting sensitive information, but agencies must be sure that encryption is not making outbound emails so opaque that sensitive information can pass through without detection,” said Michael Dayton, senior vice president, security solutions group, Axway, which sponsored the study. “Agencies themselves may be providing the tools by which Federal workers are leaking critical information – intentionally or not.”
Information security professionals also reported seeing email encryption becoming a more significant problem for federal agencies in the next five years.
The study also explores file sharing through email, especially when the files being shared contain critical data. The ability to enforce encryption of certain documents in an automated way and also provide Federal agencies with the ability to decrypt files is key to ensuring secure file sharing through email.
Federal information security and email management professionals say the top barriers to securing federal email are lack of budget, lack of employees adhering to security policies, the rise of mobile technology and lack of training.
The study is based on an online survey of 203 Federal government information security and email management professionals in June and July 2012.