Welcome to the second installment of our look into the future of the email security market! In our previous entry, we looked at the continued relevance of the Secure Email Gateway (SEG) and discussed how Cisco’s Cloud Email Security (CES) provides our customers with versatile and comprehensive configuration and security options. This time, we’ll be exploring the simplicity and appeal of emerging cloud email security technologies.
The simplification of anything is always sensational. This was true when noted British philosopher Gilbert Chesterton wrote it in 1903 and a little over a century later, it still rings true today. Now, it’s cloud technologies that offer a way to sensationally simplify the administration and operation of key business technologies. From the office applications we all use on a daily basis, it is now a viable option for administrators to move keystone technologies such as their Identity and Access (Active Directory and LDAP) or their Email server (Exchange) to the cloud.
This allows your administrators to leverage the scale, resilience, and upgradability inherent in cloud architectures to simplify their operational practices and maximize their use of expensive skills and resources on higher-value activities. After all, it’s far more effective for your email administrator to focus on the email policies that are unique to your business instead of worrying about the availability and scale of your Exchange server — never mind the nightmare of applying the latest and greatest security patches!
However sensational this is, simply moving your Exchange server to Office 365 (O365) does not mean that all the concerns of the past are gone. Email continues to hold its title as the number one threat vector. The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) recently announced that between January 2014 and October 2019, they had received complaints totaling over $2.1 billion in actual losses from Business Email Compromise (BEC) scams targeting Microsoft Office 365 and Google G Suite. BEC, also known as Email Account Compromise (EAC), is a form of fraud in which criminals use social engineering, deception, or other intrusion techniques to conduct unauthorized transfers of funds from a business to a fictitious supplier. The cybercriminals behind this invest in developing and designing phishing kits that target these cloud platforms, and in the words of the FBI “particularly Office 365 given its dominant market share.”
So, what can be done?
Put simply, the base security in Office 365 needs some augmentation. Microsoft offers several options to enhance the base security of the product via additional Advanced Threat Protection (ATP) 1 or 2 plans, or the Enterprise E5 offer. These add additional security around areas such as Safe Attachments, Safe Links/URLs, Phishing Protection as well as reporting and visibility options. The very existence of these products from Microsoft points to the need for customers to consider their security and how best to adjust that security to fit their specific needs. Naturally, there are options available from other vendors, including Cisco, to help address this need!
In this era of APIs, Microsoft has built Office 365 from the ground up with cloud capabilities like the Graph API that allow for the enrichment of native functionality. In fact, Gartner recently created a market category to track these solutions, which they’ve dubbed the Cloud Email Security Supplements (CESS) market segment. Moreover, Gartner also recommends a CESS to address gaps in the advanced threat capabilities of existing solutions. In our next blog, we will be examining in more detail what supplementary security is and the problems it addresses.
If you would like to learn more about how Cisco Cloud Email Security can improve your approach to cloud email security, be sure to check out the following: