top of page

Inside-Out: Why mxHero is Upending Email

Email is the number one threat in the enterprise because of core design flaws that inflame today’s cybersecurity landscape. MxHero fixes email by merging it with modern cloud content management platforms without disrupting the end-user.

by Alexis Panagides & Donald R. Hammons

MxHero moves email content into cloud content platforms

mxHero is on a mission. In the last decade, we have been dedicated to changing how the most pervasive file-sharing technology in the world works. We’re changing Email.

Like anything truly worth doing, it is a monumental task, but the rewards will benefit everyone. The challenge is great. Email is a massive monster, weighing in at 4 billion active users. Even mighty Facebook stands in its shadow. Changing something of this scale is a heroic undertaking; thus, our company name, mxHero (“mx” for the DNS mx record, the address that points to a domain’s email server).

Today’s email is killing us, literally. As the number one vector of attack, it is a key reason computer viruses get into our hospitals, emergency services, our businesses, and homes. Email-borne viruses lock vital systems that prevent our emergency responders and doctors from saving lives. As the number one cause of data sprawl, email is a target for state-sponsored attacks that we now know have breached our government agencies responsible for defending us. Perhaps worst of all, it forces schools, medical research companies, and society, in general, to divert billions upon billions of limited resources every year into trying to secure their networks from debilitating ransomware and other disruptions - billions that are stolen from the urgent need to teach our young, develop vaccines, operate our government, protect our environment and economy.

Email is data sprawl on a viral scale. Email creates a new copy of itself (message & files) at every stage in its delivery, typically 5x to 10x per recipient.

Years ago, we at mxHero, saw a way to help save the world from the carnage of email. Some smart folks had pointed the way before, but it was the growing acceptance of cloud-based technology that finally made it possible. The challenge for mxHero was to create a “fix” for email that didn’t break it. With email being one of the Internet’s oldest technologies in widespread use, user habits would be the most significant challenge. The less user changes required, the better the chances of adoption.

Source: mxHero Attachment Risk Calculator

To save ourselves from the destruction email continues to wreak on our collective society, without completely abandoning the medium’s benefits, we can start by addressing the problems it creates with file attachments, namely, massive content duplication and direct, anonymous access to end-users. By addressing these two issues, we can reduce data sprawl and the probability that malicious content goes directly to vulnerable users.

What mxHero developed was a digital bridge between cloud storage technology and email. As email and its attachments are sent and received, email attachments are automatically moved into the organization’s cloud storage service before the email reaches its destination. Importantly, this process is configured centrally, requiring no action on the part of the user. The result is every file sent or received is secured in a single repository and delivered as a secure cloud storage link rather than a standard attachment.

MxHero automatically moves, auto-files, and auto-secures attachments (sent & received) in an organization's cloud storage service without end-user software or effort.

Although simple conceptually, this design resolves the two challenges mentioned above with minimal user disruption. By moving files out of email into a central cloud repository, we ensure that the file is no longer duplicated at every step of the email’s delivery chain. For as much as an email may duplicate itself five or more times before delivery to recipient devices and potentially be forwarded onward to yet more recipients, mxHero ensures that only a single copy of the file exists in the cloud storage system. Best of all, access to that single copy remains under the strict control of the sender.

Sharing files through email with links greatly reduces data sprawl when compared to standard attachments. Files are only distributed if a recipient downloads.

Moving email attachments to cloud storage effectively turns email inside-out. The file that was stored inside the email is now stored and delivered from outside the email. The benefits of this model over standard email file handling are profound, and some not so obvious.

Inside-Out: Getting content outside of email for greater data security

Without rampant file duplication, potentially sensitive data is no longer within easy reach. A breached email server, archive, or recipient mailbox will no longer grant full and unrestricted access to attached files — even when that email is sent outside of the organization. This means that we no longer need to trust the security of everyone to whom we send emails. For too long, email has forced us to live under the “your breach is my breach” model. Ensuring that all files shared through email are shared through secure cloud storage ensures that our content is continually delivered under our control wherever our email has gone.

The further away data gets from the organization, the less control. Keeping data in a central, secured repository is paramount to data security.

Moving email file attachments to cloud storage also helps to protect the user from attacks. One of the reasons email is such an effective vector of attack is that it grants the cybercriminal a means of delivering a malicious package directly to the user’s desk (device). Although organizations put as many defensive layers between the user and malicious emails, attacks get through, and it only takes one successful breach to create a severe challenge to an entire organization. Moving a potentially malicious file out of the email and into cloud storage allows the user to first preview a file’s content safely from a distance before actually opening the file and unleashing viral code on their local device. Giving the user the opportunity of safe preview turns out to be a particularly effective defense because it benefits from end-user behavior and human-machine complementarity. Studies show that in around 88% of cases, users prefer the convenience of previewing file attachments instead of the multiple steps of first saving them and opening them locally. Furthermore, allowing users to safely participate in cyber-security leverages human insights that might escape even the most promising AI defense. Finally, stopping a file in cloud storage gives systems another chance to inspect and otherwise restrict access to the file once it is determined detrimental. Not so with standard email attachments delivered directly to every recipient, maybe on multiple devices, inspectable only when opened and essentially completely outside the organization’s ability to contain once an assault is detected.

Ensuring that attachments are moved to remote cloud storage for safe preview keeps potentially malicious files away from unsuspecting users. Interestingly, 88% of the time, users prefer to preview files than download and open locally — a user preference that favors cybersecurity by keeping malicious code away from user devices.

Replacing email attachments with cloud storage links is a change, albeit small, given no effort is required by the end-user. In working with companies of all sorts over the years, some users are resistant to even the smallest alterations to long-held workflows. However, as technology leaders, we should persist because the upside is significant, not only for the organization but for the user as well — large file support, automatic version control, delivery revocation, chain of custody visibility, storage reduction, not to mention personal user security. Regardless, given the central role of technology in modern society and the high costs of our current vulnerability, it is time to refresh how we work with our digital tools and evolve not only for our own organizations but for the good of all society.

The proliferation of applications that operate on their own copy of data creates an impossible data security problem. Email is the single most prolific in terms of data sprawl. A better model separates systems into those of engagement and record. In an ideal architecture, apps (systems of engagement) access data stored in a single, well-defended system of record. See The Content Management & Security Paradox — Content Convergence for the Enterprise

Originally posted to Medium


bottom of page