Email Encryption a Major Challenge for Government IT
A troubling report finds government IT administrators are facing mounting challenges when it comes to securing federal emails.Unlike the good old days of Watergate when people actually had to break into offices to leak information, email is the top culprit when it comes to government data leaks, according to a study by MeriTalk, an online resource for government IT and sponsored by software company Axway. Entitled “The Encryption Enigma,” the report looks at how federal information security and email management professionals view email security and encryption issues. While email encryption is an essential component of securing sensitive government information, the report found 47 percent of agencies say there is a need for better email policies and 45 percent report that employees do not follow these policies. More troubling is the indication that agencies may be unable to enforce email policies unless their email gateways explicitly decrypt and scan desktop-encrypted email, despite meeting these policies. “Email encryption is an important tool for protecting sensitive information, but agencies must be sure that encryption is not making outbound emails so opaque that sensitive information can pass through without detection,” Michael Dayton, senior vice president of Axway’s security solutions group, said in a statement. “Agencies themselves may be providing the tools by which federal workers are leaking critical information—intentionally or not.” With a single federal agency sending and receiving an average of 47.3 million emails each day—averaging 1.89 billion emails per day for the federal government overall—it is unsurprising that 79 percent of federal information security and email management professionals view cyber-security is a top priority, but only 25 percent of those surveyed said they would give themselves an “A” rating when it comes to effective security.
The report also found a lack of budget, cited by 46 percent of survey respondents, was the top barrier to securing federal email, followed by the lack of employees adhering to security policies (45 percent), the rise of mobile technologies (30 percent) and the lack of training (29 percent). More than half (55 percent) of survey respondents suggest improved end-user training and 54 percent suggest advanced email security technology to surmount these challenges.