Secure Email: A Necessity When Using Cloud Services

Secure Email: A Necessity When Using Cloud Services
13 Mar ‘24

Introduction

Recently, the Dutch National News Agency (NOS) published an article reporting that the US government can access emails from Dutch government agencies and critical businesses. This highlights the importance of securing email communication, especially when using cloud services like Microsoft365/Outlook and Google Mail.

No Additional Email Security

While these cloud services offer simple and affordable email services, the majority of users (>95%) do not utilize additional security measures to protect their email traffic. Most users rely on the outdated MIME (Multipurpose Internet Mail Extensions) email protocol, which has been common since the 1990s. Although MIME email has become essential for modern communication, it also poses security risks that few people are aware of:

  1. File Attachments: The MIME protocol allows for the sending and receiving of file attachments, enabling malicious users to distribute harmful files such as malware and viruses via email attachments.
  2. Content-Type Manipulation: The MIME protocol allows senders to manipulate the content type of an email message, leading to the deception of email clients and the opening of harmful content, such as executable files disguised as innocent documents.
  3. Phishing: The MIME protocol can be abused by attackers to create phishing emails that appear legitimate but actually contain malicious links or attachments designed to steal confidential information or install malicious software.

S/MIME: The Secure Email Variant

To address these risks, the secure variant of MIME, called S/MIME (Secure/Multipurpose Internet Mail Extensions), was introduced in the late 1990s. S/MIME adds a security layer to email communication through encryption and digital signatures, enabling users to communicate securely and rely on the privacy and integrity of their messages, even across insecure networks like the internet.

KeyTalk’s Secure Email Service

In 2020, KeyTalk introduced its “Secure Email Service,” where the request for S/MIME certificates from leading certificate authorities such as DigiCert, QuoVadis, and GlobalSign, as well as the rollout and configuration of certificates for MS365/Outlook, are fully automated. This automation makes the use of S/MIME practically feasible and was a crucial factor for organizations like TenneT TSO, which chose the joint solution of DigiCert/KeyTalk to deploy and manage their S/MIME certificates in 2022.

If you want to learn more about the importance of secure email when using cloud services, please contact us or join our seminar “Safer Use of Business Email,” organized in collaboration with DigiCert on May 16 at one of the most beautiful locations in the Netherlands.

 

The KeyTalk Team

Contact us

if you are interested in what we can do for your organisation with PKI / CLM management after reading our blog, please fill in the contact form below and we will contact you right away.