Jay HeiserI don’t know why certain topics come in waves. I’ve had three questions so far this week on the topic of using email for sensitive data.
Internet email was designed back in the day when the Internet was smaller than any of today’s enterprises. SMTP is an insecure protocol that transfers email messages in clear text. The original Internet mail file storage formats were all ASCII text, and the only reason they are in a more database-like format now is for efficiency reasons.
Email is not meant to be secure, and there is no really good way to keep privileged admins from looking at backups, the message server, or personal email files. While that undoubtedly happens, it isn’t anywhere close to being the biggest source of email loss. Authorized recipients forwarding mail unexpectedly is the biggest source of leakage, followed by people sitting down at logged in terminals.
Email is a sieve–not a piggy bank. It should only be used for non-critical messages, and any attempt to improve email security should be a sign that you need to look at other forms of collaboration that actually can be secured.
Comments Off
Category: security Tags:
