Almost two billion e-mails are sent and received by the federal government, daily. Agencies use encryption to try and reduce the leak of unauthorized material, but could e-mail encryption be stopping federal agencies from finding leaked information once it’s out? Results of study by a software company suggest that could be the case.
Federal agencies say the number one way unauthorized data leaves their organizations is through e-mail and the encryption actually hampers efforts to detect the leaks, according to a survey of federal agencies conducted by Axway, a software company that helps large organizations automate the encryption process.
One in four information security mangers see encryption as a threat, according to the survey. It increases security, but also reduces the transparency of e-mail attachments, making it harder to keep an eye on what is actually leaving, said Mike Dayton, senior vice president of Axway’s Security Solution Group.
Desktop encryption, the standard required within the Department of Defense, automatically encrypts e-mails as they are sent and received on devices. Sixty-one percent of managers said encrypted information is harder to track down once it’s gone.
“Unless you have the ability to create a copy or scan the contents of that message then you really have no way of knowing if what’s in it should be going to its recipient,” Dayton said in an interview Wednesday.
Dayton says e-mail gateways act as a mode of encryption that could help IT managers encrypt data, while keeping an eye on outgoing attachments. Instead of desktop encryption, an e-mail gateway can work as “the last stopping point before it leaves your organization,” scanning attachments and encrypting information based on rules set to meet security requirements.
Despite encryption concerns from IT managers, e-mail managers aren’t convinced. Eighty percent of IT managers said they were concerned about leaks embedded in encrypted e-mails. In contrast, only 36 percent of e-mail managers had the same fear.
Forty eight percent of respondents say data leaks happen from standard work e-mail accounts, followed by agency-issued mobile devices (47 percent), flash drives (40 percent), personal e-mail (38 percent), personal mobile devices (33 percent), and web-based work e-mail (23 percent).
illustration from greggoconnell/flickr