Security and Email Security

Five reasons you need enhanced email security in Office 365

by Egress
Published on 18th Sep 2019

It’s estimated that 70% of enterprise organizations will move to Office 365 (O365) by 2021. It’s a robust platform that provides users with a variety of communication and collaboration applications, as well as the ability to save and store.

Research also shows that organizations of all sizes continue to layer enhanced security solutions into their O365 environments. In particular, the Egress Team speaks daily with security professionals whose organizations require additional email security within O365.

Why? Well, here are the five most common reasons we come across when talking with these organizations.

1. Protect regulated data

It should come as no surprise that an organization’s appetite for risk decreases as the sensitivity of the data they share via email increases. This is particularly true for firms regulated by data privacy laws such as GDPR and HIPAA, or those preparing for upcoming regulations like CCPA.

Where a data breach can lead to compliance issues, punitive action, and inevitable reputational and financial implications, organizations can take a strategic approach to mitigate this risk by integrating email security solutions into O365 that provide robust encryption and enhanced rights management controls.

2. Prevent human error

79% of CISOs believe employees have put company data at risk accidentally.

This is alarmingly easy when sharing sensitive data via email – and can include incidents such as adding an incorrect recipient due to autocomplete, attaching the wrong files, failing to remove or redact information within attachments, or simply not applying the right level of protection as data is shared.

3. Support advanced DLP requirements

Organizations can also have sophisticated DLP requirements that are not met by the standard policies offered by O365 or edge-based secure email gateways.

Some examples of this include the need for internal ethical walls that can prevent certain content from being emailed to specific employees (this is particularly key for financial and legal firms); detecting anomalies in employees’ behaviour to determine when they might be accidentally or intentionally leaking data; and dynamically building rules to ensure the right types of information are sent to the right people.

4. Reduce friction

Email encryption solutions are only as useful as their adoption by users, and reducing friction is integral to this. The main business requirements that lead to the adoption of third-party solutions in order to reduce friction include:

  • Sophisticated workflows for user enrolment and entitlements
  • Flexible authentication that makes it easier for trusted users to access content, but raises appropriate barriers for untrusted users
  • Real-time message recall
  • Custom branding of notification messages sent to external recipients
  • Seamless and native user experience across a range of platforms, including Windows, MacOS, iOS, Android, Outlook Web Access (OWA), etc.
  • Engaging user interfaces that integrate encryption closely with existing email workflows

5. Data residency

Highly regulated organizations, such as those in government and financial services, typically have specific requirements for data sovereignty and data residency. Despite the trend to cloud migration, many of these organizations have requirements to keep email security and key management solutions on-premise.