Mimecast chief scientist looks at how ‘making it easier’ increases email security
Speaking at the 2011 ITWeb Security Summit, Dr. Nathaniel Borenstein, Mimecast‘s chief scientist looks at how making life easier for users protects the business in the long term by accepting new realities.
Corporate email security is under threat from a new generation of workers and the problem is no longer tech ignorance but tech savvy. Their lifelong exposure to technology means they expect a great deal more from their email.
Mimecast’s Generation Gmail research conducted in late 2010 found that the corporate policies and technology systems put in place several technological generations ago have reached their limit and are now creating security threats by encouraging workers to work around, rather than within, the corporate email environment.
In his talk, Dr. Borenstein makes it clear that getting employees to care about the risks is only part of the solution. “Employers must take responsibility for closing the generation gap through a combination of email systems, policy and culture. The issues of security, storage, usability and flexibility can’t be solved through policy alone, and employers who attempt to do so are fighting a losing battle,” says Dr. Borenstein.
The Generation Gmail report found that corporate email users under 25 are putting businesses at risk with an overly casual attitude that sees company intellectual property flowing outside the organisation and being saved on public servers. A staggering 85% of under 25-year-olds admitted to sending work related information to or from their personal accounts. These are frequently free web-based systems.
“The way to tackle this is not by force. These people are not trying to be ‘irresponsible’. Punishing them is not the solution. Warning your workforce not to do things that seem to harmlessly aid them in their jobs, such as sending work emails to a personal account so they can work on documents at home, will only breed resentment. Employees will nearly always choose forbidden workarounds that enable them to work as they want, rather than operate within approved systems they feel limits productivity,” says Dr. Borenstein. “To them it just makes sense.”
Dr. Borenstein suggests that the answer is to make doing the right things as easy as doing the wrong thing. “We need to create the path of least resistance. The most natural and easy way to do any task should also be the most secure way,” he says. “
“Make life easier for the workforce. Don’t require them to enter a VPN just to access email, don’t give them inferior mail tools for home use and don’t give them any storage quota at all. Make sure your systems are super reliable and, above all, focus on educating, not dictating, about security,” says Dr. Borenstein.
One reason the unnecessary restrictions are often in place is that in-house networks are complex to manage, have data storage quotas and need experts to manage them. “Most companies don’t have the resources to have experts in everything, but thankfully, this is an area where cloud computing lives up to the hype,” says Dr. Borenstein.
The cloud has the power to take away much of the complexity of implementing and maintaining access-from-anywhere corporate email systems. “A good cloud provider can easily address the needs of the new generation and protect the businesses. By outsourcing many of the problems and empowering rather than restricting workers, IT administrators can use the cloud to regain control of their workforce, improve the security of company IP, do more with less and keep those demanding Generation Gmail workers happy,” concludes Dr. Borenstein.