CCSK Guide
26Oct/11Off

Securing Emails in the Cloud

As many enterprises and government organizations have begun to shift their IT infrastructures to cloud computing, and various SaaS (software-as-a-service) options have appeared to be the solution to cutting costs and improving operational efficiency, it’s time we took a look at the security and privacy of data in the cloud, in particular, data that is transmitted through emails.

Before we delve into the troubling news, it’s important to note that cloud security is a significant area of concern for many organizations in the process of increasing the amount of data they are putting in the cloud. According to leading technical research firms, such as Forrester and Gartner, major enterprise concerns include the viability of cloud vendors, user access, data privacy, regulatory compliance and data location.

Email Data Leaks

Each minute, around 2.8 billion emails are sent worldwide. This is an immense amount of data being shared and transmitted, which means that it is essential that this area can pose huge security vulnerabilities in many organizations. Unfortunately, the majority of email data breaches (both accidental and deliberate) go unreported. However, it’s clear that legal, financial and other implications of such breaches are significant.

Email Security Concerns

In the past, organizations have said that email posed too high a risk to trust to third-party service providers. However, with the recent rise in the adoption of cloud computing, particularly SaaS, more and more organizations are entrusting their email services to the cloud. The two most pressing security concerns are data segregation and user access rights.

The basic concept in cloud computing is the sharing of infrastructure between different businesses, which enables cost reduction and improved resource utilization. One organization’s data may end up on the same hard drive as other organizations’ information, which forces security experts to take a look at the physical and logical separation of information on these shared infrastructures. Other areas of concern include backups and lost or stolen hard drives.

User access rights consist of “who?” and “how?” Essentially, users are permitted access to information by their cloud service provider. Although cloud providers’ access control systems may meet or even exceed security standards, the risk of malicious or accidental user breaches are always present.

Certain organizations may be strongly committed to security, performing background checks on their employees, or other extensive screening processes to ensure that data is handled by the right people. By contrast, other organizations may neglect such practices all together. As the saying goes, security is only as good as the weakest link.

Hybrid Security Strategies

After considering the potential security risks and vulnerabilities of email in the cloud, it’s important that organizations consider a strategy that will enable them to leverage the security of corporate systems as well as the efficiencies and other advantages of cloud services. Security experts suggest a hybrid email strategy in which email can be handled both in and out of the cloud.

Hybrid strategies allow organizations to control the data that moves between the enterprise and the cloud infrastructures. Basically, such strategies rely on content analysis, classification of email and user-driven approaches. As content authors, users would be most capable to make essential data-handling decisions. Ideally, this approach would eliminate any delays and/or false positives that might occur with a server-based approach.

Such a strategy means that users are responsible for preventing emails from being read by unauthorized parties, or even from leaving the enterprise infrastructure at all. Ultimately, this can help to raise end-user awareness regarding data handling, thus reinforcing the enterprise’s security policies and fostering best practices.

Summary

This article takes a look at the security of email in the cloud. While the majority of email data breaches go unreported, the reality remains that the legal and financial implications of such breaches are significant. There are two main security concerns around email security: data segregation and user access rights. Finally, the article explores hybrid security strategies, in which email is safely handled both in and out of the cloud.

CCSK Exam Preparation

In preparation for the Certificate of Cloud Security Knowledge (CCSK), a security professional should be comfortable with topics related to this post, including:

  • Multi-Tenancy (Domain 1)
  • Enterprise and Information Risk Management (Domain 2)
  • Third Party Management Recommendations (Domain 2)
  • Provider Selection (Domain 8)
  • Recommended Provider Tools and Capabilities (Domain 9)

Enjoy this article?

Consider subscribing to our rss feed!

Tagged as: , , , , , Comments Off
Comments (0) Trackbacks (0)

Sorry, the comment form is closed at this time.

No trackbacks yet.

» «

Login

Sponsored Links

Tags

access control Amazon Amazon EC2 API audit authentication authorization best practices compliance contracts CSA data breach data breaches data security disaster recovery encryption EU google government IaaS IAM identity identity federation interoperability lock-in management Microsoft open source PaaS portability private cloud provider selection public cloud risk management risks SaaS security SOA standards threats trends vendors virtualization virtual machines vulnerabilities

Archives

Meta



Our mission: Provide reliable and accurate information to cloud security professionals seeking CCSK certification.



We expect individuals seeking the Certificate of Cloud Security Knowledge will find our information specifically targeted at their CCSK pursuit useful. Our test preparation software and forums give candidates a higher chance for success.

Thank you for visiting. Since you're new to the site:
  • Please review the user agreement.
  • Register for the site so you may use the testing services.



    • We hope you find this service useful, and good luck on the exam!