Email is the number one threat in the enterprise because of core design flaws that inflame today’s cybersecurity landscape. MxHero fixes email by merging it with modern cloud content management platforms without disrupting the end-user.
by Alexis Panagides & Donald R. Hammons
mxHero is on a mission. In the last decade, we have been dedicated to changing how the most pervasive file-sharing technology in the world works. We’re changing Email.
Like anything truly worth doing, it is a monumental task, but the rewards will benefit everyone. The challenge is great. Email is a massive monster, weighing in at 4 billion active users. Even mighty Facebook stands in its shadow. Changing something of this scale is a heroic undertaking; thus, our company name, mxHero (“mx” for the DNS mx record, the address that points to a domain’s email server).
Today’s email is killing us, literally. As the number one vector of attack, it is a key reason computer viruses get into our hospitals, emergency services, our businesses, and homes. Email-borne viruses lock vital systems that prevent our emergency responders and doctors from saving lives. As the number one cause of data sprawl, email is a target for state-sponsored attacks that we now know have breached our government agencies responsible for defending us. Perhaps worst of all, it forces schools, medical research companies, and society, in general, to divert billions upon billions of limited resources every year into trying to secure their networks from debilitating ransomware and other disruptions - billions that are stolen from the urgent need to teach our young, develop vaccines, operate our government, protect our environment and economy.
Years ago, we at mxHero, saw a way to help save the world from the carnage of email. Some smart folks had pointed the way before, but it was the growing acceptance of cloud-based technology that finally made it possible. The challenge for mxHero was to create a “fix” for email that didn’t break it. With email being one of the Internet’s oldest technologies in widespread use, user habits would be the most significant challenge. The less user changes required, the better the chances of adoption.
To save ourselves from the destruction email continues to wreak on our collective society, without completely abandoning the medium’s benefits, we can start by addressing the problems it creates with file attachments, namely, massive content duplication and direct, anonymous access to end-users. By addressing these two issues, we can reduce data sprawl and the probability that malicious content goes directly to vulnerable users.
What mxHero developed was a digital bridge between cloud storage technology and email. As email and its attachments are sent and received, email attachments are automatically moved into the organization’s cloud storage service before the email reaches its destination. Importantly, this process is configured centrally, requiring no action on the part of the user. The result is every file sent or received is secured in a single repository and delivered as a secure cloud storage link rather than a standard attachment.
Although simple conceptually, this design resolves the two challenges mentioned above with minimal user disruption. By moving files out of email into a central cloud repository, we ensure that the file is no longer duplicated at every step of the email’s delivery chain. For as much as an email may duplicate itself five or more times before delivery to recipient devices and potentially be forwarded onward to yet more recipients, mxHero ensures that only a single copy of the file exists in the cloud storage system. Best of all, access to that single copy remains under the strict control of the sender.
Moving email attachments to cloud storage effectively turns email inside-out. The file that was stored inside the email is now stored and delivered from outside the email. The benefits of this model over standard email file handling are profound, and some not so obvious.
Without rampant file duplication, potentially sensitive data is no longer within easy reach. A breached email server, archive, or recipient mailbox will no longer grant full and unrestricted access to attached files — even when that email is sent outside of the organization. This means that we no longer need to trust the security of everyone to whom we send emails. For too long, email has forced us to live under the “your breach is my breach” model. Ensuring that all files shared through email are shared through secure cloud storage ensures that our content is continually delivered under our control wherever our email has gone.
Moving email file attachments to cloud storage also helps to protect the user from attacks. One of the reasons email is such an effective vector of attack is that it grants the cybercriminal a means of delivering a malicious package directly to the user’s desk (device). Although organizations put as many defensive layers between the user and malicious emails, attacks get through, and it only takes one successful breach to create a severe challenge to an entire organization. Moving a potentially malicious file out of the email and into cloud storage allows the user to first preview a file’s content safely from a distance before actually opening the file and unleashing viral code on their local device. Giving the user the opportunity of safe preview turns out to be a particularly effective defense because it benefits from end-user behavior and human-machine complementarity. Studies show that in around 88% of cases, users prefer the convenience of previewing file attachments instead of the multiple steps of first saving them and opening them locally. Furthermore, allowing users to safely participate in cyber-security leverages human insights that might escape even the most promising AI defense. Finally, stopping a file in cloud storage gives systems another chance to inspect and otherwise restrict access to the file once it is determined detrimental. Not so with standard email attachments delivered directly to every recipient, maybe on multiple devices, inspectable only when opened and essentially completely outside the organization’s ability to contain once an assault is detected.
Replacing email attachments with cloud storage links is a change, albeit small, given no effort is required by the end-user. In working with companies of all sorts over the years, some users are resistant to even the smallest alterations to long-held workflows. However, as technology leaders, we should persist because the upside is significant, not only for the organization but for the user as well — large file support, automatic version control, delivery revocation, chain of custody visibility, storage reduction, not to mention personal user security. Regardless, given the central role of technology in modern society and the high costs of our current vulnerability, it is time to refresh how we work with our digital tools and evolve not only for our own organizations but for the good of all society.
Originally posted to Medium