92% of malware spread through the email system. This is not a surprise if we consider that the email delivery system breaks almost all the rules defined in Zero Trust. Even though there are several ways to apply security policies to email transfer, these methods are not nearly as widely declared and enforced as they should be. In this article, I’ll describe how an organization should transform its email delivery to ensure it conforms to the Zero Trust model.
Email has remained the most essential and the most overused communication method throughout its 40-year history, and still forms the basis of countless business processes. However, the fact that it uses one of the oldest and least securely designed communication protocols makes it the most exploitable and vulnerable area of the internet. The existence of phishing, spoofing, and other fraud techniques have demonstrated that the email system can be the weakest point of even a Zero Trust network and offers a path for attackers to introduce malware into a corporation. Why is this so? The issue is largely due to a lack of adherence to the Zero Trust principles.
Email is the Zero Trust Antipattern
Zero Trust principles state that you should handle everything as a resource, handle them equally, communicate securely, authenticate access, and provide only least-privilege access. In general, nobody would grant access to a corporate resource from the internet without robust authentication....