Mitigating the data exposure risk of cloud-based email

Of the concerns people have about cloud security today, data control and data loss rank high—just second behind BYOD according to Infonetic’s April 2013 report. No wonder the market for cloud-based security services is growing at 69%.

Despite the popularity of texting and social networking, email remains the preferred method of communication in the enterprise, transporting not only the data within the messages themselves but via the attachments they carry with them.

While most large enterprises have had the management and security of email mostly under control for sometime, the migration of email to the cloud requires proper planning and new methods of management to keep sensitive data from getting into the wrong hands—whether its unlawfully transferred or stolen, or simply accidentally sent where it shouldn’t have been.

For enterprises that are moving email to the cloud, here are some points to keep in mind:

  • Consider a hybrid approach; keeping high-value email user accounts on-premises, maintaining strict management and encryption of their message flow, while allowing rank-and-file users onto the cloud where most providers don’t have the robust policy engines or the robust message encryption required to ensure the strictest level of data security.
  • Even the basic policy enforcement and spam filtering offered by cloud providers may require access to your Active Directory and other LDAP sources. This creates security and privacy concerns that should be discussed among your team.
  • Identify which applications are tied to your messaging infrastructure and keep on-site. This is of the utmost importance as they may require access to data that you will not want exposed to the Internet.
  • Realising unless you go private, the cloud is a publicly shared resource using shared resources and comingled databases and logs, which means forensics, log data, auditing, messaging tracking and other features you get on-premises either aren’t available in the cloud at all or can take days to request it from the cloud service providers.
  • A company may feel comfortable with and trust its cloud provider after performing due diligence, but cloud service providers often have a multitude of partners—data center partners, storage and back-up, for example—who they themselves have partnerships with. 

    These partners or the companies that later acquire them could have different privacy policies, terms of service, and even other partners that may be unknown but still have access to your data. It’s important to have a complete view of the entities that your data may be exposed to so you can make informed decisions and reduce your company’s risk exposure when moving email to the cloud.
Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

cwolfhugel
24 Jul 2013, 8:50 p.m.

Will cloud service providers resist as much as you would do before providing, eventually on illegal basis, your data to government agency?

Reply