For over 20 years, UK Government has relied on the ‘gsi-family’ of email domains for securing email communication between government departments. The email domains (gcsx.gov.uk, gse.gov.uk, gsx.gov.uk) and underlying private government network were introduced to allow agencies to communicate more securely and reliably.
However, over the last 2 years the UK governing body (GDS) has been signalling the end of GCSX mail with the plan that all government entities will be migrated away from these domains by March 2019. GDS argue that with modern email infrastructures the requirement for a closed secure email service is now somewhat redundant, and they promote technologies such as mandatory TLS as the replacement for secure email delivery. With this capability it should be possible to encrypt all email at the transport layer to ensure email is delivered between domains securely. This is further embraced by the plan to get all Government departments onto modern cloud platforms to benefit from the cost and efficiency savings available.
While the migration to cloud services is clearly the right direction of travel for Government, it’s clear that a number of factors have not been considered. Communications via GCSX are of a highly sensitive nature and there is no room for error or mistake. By its very nature, as a closed community it is difficult to mis-send sensitive content outside of the secure network boundaries. By moving to a standard email platform, even if the email is encrypted via TLS during transmission it is now possible for sensitive content to be sent outside of Government and to the wrong recipients. In this event there is no audit trail or possibility to revoke access to the wrong recipient.
The use of TLS/DKIM and SPF for all email communications is good practice and ensures the security and integrity of email delivery between domains. This is the basis of all recommendations for replacing the government secure email platform. There are however several issues with this approach in today’s email world. Firstly, there is still no guarantee that an email domain will support TLS, so how would end users know that the recipients they are sending to will accept email delivered via TLS? There is also no easy way to prove secure delivery as log/audit information is not easily accessible and certainly not available to the end user. There can be no way to guarantee sensitive content remains secure across the internet.
Tiered Security & Access Control
All modern webmail providers (Hotmail, Gmail, Yahoo etc) support TLS-encrypted email so government departments can be sure that email will be delivered securely to these domains. However, this is just part of the story. End users may be using a shared device with saved browser credentials, so without additional message security, how can non-repudiation be provided? What about when accessing on a mobile device, how can the sender be sure the recipient has appropriate security on their device? The only way to truly secure content is to encrypt at the message level, giving control and management over every unique message if required.
One size doesn’t fit all
A rather contentious issue is around whether government really has only one broad classification of data. The ‘Official’ classification reaches far and wide, and questions have been raised as to whether it has oversimplified the security of sensitive content. For example, is data about a parking fine of the same level of sensitivity as information concerning a vulnerable person in trouble, and should it be secured at the same level? In this instance information assurance requirements are clearly quite different and should be treated differently when shared. GCSX makes users think when sharing sensitive information; you must make a conscious decision to use GCSX above and beyond your normal email system. If you are using a standard email system, how does a user make this conscious decision?
At Egress we have been delivering the only NCSC-certified email encryption service to UK Government for the last 10 years. The Egress community has over 2 million users, creating a secure network where users have flexibility and control over how they share email content from any email platform, including Office 365 and GSuite. Egress provides the security required for sharing the most sensitive of content with accreditation to ‘Official Sensitive’ - and potentially above - with appropriate assurance measures.
By replacing GCSX with Egress, a government entity can gain the same assurance and security levels while benefiting from the cost and efficiency savings of moving to public cloud. In addition, Egress will provide users with the following benefits:
- NCSC-certified message-level protection of highly sensitive content
- Ability to audit, track & report on encryption usage
- Maintain the highest level of security and integrity of every message no matter how or where it is accessed
- Enforce appropriate security by engaging appropriately with the end user
- Utilises machine learning and AI to assist user and help avoid making mistakes
- Significantly reduce costs and staff overheads on the management of separate email systems
For more guidance on replacing GCSX with a secure email service that helps people share sensitive data easily without compromising on security or control, please get in touch.