Email security Cloud

Symantec Email security

Cloud-security-infovie

Microsoft Office 365, Google Apps, and other cloud-based productivity solutions are clearly transforming the way IT departments deliver apps and services to their users, and adoption of these solutions is continuing to grow. Microsoft CEO Satya Nadella stated there are “nearly 50 million Office 365 monthly active users,” and a Microsoft Ignite 2015 session claimed 35% of the Microsoft Exchange installed base is now on Office 365.Gartner also predicts that by 2018, cloud office systems will achieve a total market penetration of 60%.This rapid and fairly dramatic move to cloud-based productivity solutions makes sense. These hosted offerings provide users with new flexibility and more efficient ways to collaborate, and they offer businesses and IT departments significant cost savings and lower administrative overhead compared to traditional on-premise applications.But what about security? Exactly how much protection do these next-generation cloud-based email and productivity solutions provide? Microsoft, Google, and other cloud vendors are quick to point out that their cloud-based email offerings include free antimalware and DLP protection. But how complete and effective are these built-in capabilities? And what else should you consider from a security standpoint as you contemplate the transition to cloud-based solutions like Microsoft Office 365?

Organizations obviously need solid answers to these questions before they can fully embrace cloud-based email and productivity apps. And finding those answers means clearly understanding what today’s biggest email security threats are, accurately assessing how much protection today’s cloud-based email and productivity solutions can realistically provide, and knowing when and where to turn for additional security capabilities that can enhance and protect cloud-based mailbox solutions

Smart, comprehensive email security—whether your email system is on-premise,cloud-based, or both—begins with a clear, realistic understanding of what you’re upagainst. Email is still the most popular and pervasive tool cybercriminals use to launch and distribute threats. According to the 2015 Symantec Internet Security Threat Report (ISTR), one out of every 244 emails in 2014 contains a malware attack and five out of six large enterprises were targeted by spear phishing campaigns.This high volume of email threats is certainly nothing new, but the nature of these attacks has also changed dramatically. The number of targeted attacks more than doubled between 2012 and 2014, according to the ISTR, and many of those attacks were introduced through email systems. These advanced targeted and zero-day threats are much more difficult to detect and stop than traditional malware, and standard signature based anti-malware tools have proven to be largely ineffective against them. In addition to these elusive and dangerous targeted attacks, cybercriminals are using increasingly sophisticated methods to disguise malicious URL links embedded in email messages. This includes randomly redirecting links to a sequence of different destinations around the world and adding programmed time delays. These new techniques are highly effective at disguising malicious links and fooling traditional link scanning tools.Finally, it’s important to remember that targeted attacks, malicious link redirects, and other malware-related threats aren’t the only email security dangers you have to worry about. Data loss through email is another serious issue, so you need to proactively enforce your security and compliance policies and protect employees when they share sensitive information and attachments over email. And of course, you have to determine how much of your email content you need to encrypt—and then have a reliable solution in place for monitoring and managing those encryption policies.