Intellectual property intensive businesses, such as those in the aerospace and defence industries, are particularly vulnerable to organised crime, hacktivists and sensitive data leaks due to human error. This is because these businesses often rely on a large supply chain, composed of mainly SMEs – the more people in the chain, the more the risk of exposing sensitive data to security weaknesses.
Add to this, the rise of cloud based email services and the use of personal devices for business and there now exists a complex melting pot of security challenges surrounding the secure transfer of sensitive data via email. SMEs in the supply chain must make sure the right person is receiving the right, protected, email or they may risk losing business to competitors who prioritise identity and email data security.
Email is the primary method of information sharing for two thirds of organisations but using a non-secured service leaves them open to a range of threats. With the volume of global electronic messages sent via email superseding all other forms of electronic communication, a breach could be catastrophic for any business, small or large.
Many organisations are unaware of the security issues surrounding email, have a limited security infrastructure and do not prioritise the need to protect themselves and their customers. However, secure information sharing is a critical capability, particularly for those companies working with highly regulated sectors like financial services, pharmaceutical and government.
SMEs need to be sure they can deliver on supply chain contracts and compliance with an assured way of sharing information, which stops data loss, delivers policy control and reduces the risk of security breaches to protect IP, profits and reputation. The challenge is delivering this when a number of factors are complicating the picture.
The security challenges of the rise of Bring Your Own Device (BYOD) technology adoption and the uptake of cloud computing means that securing email is becoming increasingly difficult. In order to work with intellectual property intensive companies, those who collaborate within a secure infrastructure with identity management as a vital component will separate the winners from the losers.
Creating trusted digital identities for employees and citizens provides the basis for ensuring control over the sharing of sensitive data. Generating and managing assured identities means SMEs know who is sending which email and information to whom, when and protecting it in transit and at rest.
However, as a standalone component this will not ensure the complete protection of the email service – it must also be run on a secure platform which delivers tightly controlled policy to enforce data labelling, digital message signing, encryption and checking of the actual content.
Email management systems are often costly to implement for the whole business and vendors frequently lock organisations into lengthy contracts and defined platforms. Selecting a software as a service (SaaS) model that allows licenses to be attained only for the key sensitive data handlers within an organisation will ensure that costs are kept to a minimum and in turn, protect against hefty fines from the Information Commissioner’s Office.
This is particularly pertinent given the European Commission has upped the ante on compliance and data breach reporting. Draft regulation published in January 2012 legislates that a failure to report any security breach to the data protection agency could result in a fine of up to two per cent of a business’ annual turnover, never mind the cost to business of the data breach itself.
When reviewing email management systems, SMEs must consider how these will incorporate the latest industry standards to help combat any foreseeable security issues. Thus, collaborative standards like those set by the Transglobal Secure Collaboration Program (TSCP) need to be closely followed – with many government agencies already implementing its standards to their own security framework.
The TSCP has designed specifications to meet the most stringent information security standards for use in high security environments within HM Government, the US Government, the Ministry of Defence and NATO. This specification was piloted successfully by a number of organisations including Lockheed Martin, Thales, Raytheon, Cassidian and General Dynamics for the Signed and Encrypted Email Over The Internet (SEEOTI) initiative, sponsored by The UK Council for Electronic Business (UKCeB).
The TSCP standard framework provides a foundation that can be applied to interpersonal communications (email, IM and conferencing), group collaborative working (document sharing and access to applications) and automated data exchange (product life-cycle and supply chain management) solutions, and will ultimately deliver the benefit of a common approach for organisations.
Today, with email as the primary method of information sharing, provisions must be made to make sure both customer and partner information is kept secure. Secure email management combined with a standards-based approach that ensures the right person receives the right email is needed for any SME to protect intellectual property and to compete in the global business environment.