top of page

A Powerful New Email Security Solution with Box’s CCM

One of the things I most like to write about is a new product feature. As CEO of mxHero, I have to remind myself to focus on the more strategic concerns of the organization, but I can’t help it. I love the kitchen where stuff is built. It’s the old-time hacker in me, the deep-seated love of product and particularly technology. So, I’m really excited to be posting about mxHero’s latest feature that melds the security of Box’s cloud content management platform with the ubiquity of email in a new way.

Our latest feature addition to our Mail2Cloud platform is the option to password protect email attachments. Hmm, you might be scratching your head right now and feeling underwhelmed. After all, you’ve probably sent or received a Microsoft Office file that was password protected before. Fair enough. But given that email is so devoid of inherent security that acronyms like BEC (Business Email Compromise) now exist and the news cycles pretty much provides evidence that the term “Email Security” is an oxymoron, why aren’t we always sending and receiving password secured emails? Maybe because it’s a pain. You need to remember to add a password to a file when you save it. This encumbers you with having to think up a good password, jump through the hoops to apply it when saving, then remember your password somewhere in case you lose it. After you’ve password protected the file you need to get the password to your recipients. You can text the password or send it in a separate email — i.e. more hoops. Add to this the complexity and limitations of generating, saving and remembering the password while sending a file from, God forbid, your mobile phone. Furthermore, what if you want to password protect another filetype, like a zip file — different process depending on your compression software. What about a photo? Oh, no way to password protect that sensitive image? You get the idea. As a result, I almost never receive password protected attachments, much less send them.

MxHero is now completely changing the game. Imagine if you would, sending password protected attachments on any email attachment you want without doing anything different than sending your email. What the brilliant engineers at MxHero have done is at once simple in design, yet powerful in function. MxHero customers can send email with password protected attachments using any device on any email program to anyone without any change or additional end user software installed. The email attachments are automatically stripped off by mxHero in-flight, uploaded to the user’s corporate Box account and replaced in the email with a Box link. MxHero adds a password to the link and delivers the email to the recipient. A second email is sent by mxHero to the recipient with the password.

mxHero replaces in real-time unsecure attachments with password protected cloud storage links. MxHero sends the message recipient the password in a separate second email. No user action is required and the process works from any device without the need of end user software.

Pretty cool. But consider this…

  1. No software installation is needed by the sender or recipient — nothing to deploy to users

  2. It works from every device — phone, laptop, email script, etc…

  3. It works for any file type. Sending a critical document, great! A sensitive photo, perfect!

  4. The sender doesn’t need to generate or remember passwords — yet still has full access to the files sent

  5. Every recipient gets their own password and does not need a Box account

  6. The secure link can be set to auto-expire. E.g. you want password access to expire in 3 days to ensure that an email breach of your recipient doesn’t expose you too — done!

  7. The password can be manually expired by simply revoking access in Box

  8. Want password protection only on emails sent to select recipients (e.g. your accountants) or from specific senders (e.g. the legal business unit) — done!

  9. Want password protection only on emails that have keywords like “Tax” or “#secure” — supported!

  10. MxHero can be added to any existing email system: O365, Exchange, Gsuite in under 15 minutes

“But Alex”, you may ask, “the market is full of rights management solutions like Azure Rights Management, Vera, etc. These solutions allow the user to add passwords to any file”. Yes, although powerful technologies, rights management solutions suffer from the need to introduce new software to either the sender or recipient process of a file exchange. Proof of the added friction is that it is still very uncommon to see these types of files despite years of availability in the market. MxHero’s approach here removes all friction and lets email flow naturally with no additional software requirements on the part of either the sender or recipient. Passwords are applied in-route using Box’s massively proven and deployed cloud content management platform that many companies have already invested in.

Box security can be trigged by mxHero admin defined rules matching sender, recipient (or domains), key words or patterns in the subject line (e.g. #secure), text found in the message body or attachments

With MxHero’s new feature, users and companies can significantly improve their information security because it is a security process that does not rely on end user adoption. Email has long had excellent solutions for security, namely, PGP and S/MIME. For decades these technologies have been readily available, but personally, I’ve only received one secure email in my life, and I work in the industry! Lol! Like the Chief Information Security Officer (CISO) of a US defense contractor once told me, “if you need to depend on the users for security, all bets are off”. We took this advice to heart and built a solution that automates powerful security, taking the heat off both the end user and the CISO.

I love this stuff! :)

Originally posted on Medium


bottom of page