Email Delivery: How to Break All the Rules of Zero Trust

Szilárd Pfeiffer, Security Engineer & Evangelist, Balasys
Apr 3, 2023

92% of malware spread through the email system. This is not a surprise if we consider that the email delivery system breaks almost all the rules defined in Zero Trust. Even though there are several ways to apply security policies to email transfer, these methods are not nearly as widely declared and enforced as they should be. In this article, I’ll describe how an organization should transform its email delivery to ensure it conforms to the Zero Trust model.

Email has remained the most essential and the most overused communication method throughout its 40-year history, and still forms the basis of countless business processes. However, the fact that it uses one of the oldest and least securely designed communication protocols makes it the most exploitable and vulnerable area of the internet. The existence of phishing, spoofing, and other fraud techniques have demonstrated that the email system can be the weakest point of even a Zero Trust network and offers a path for attackers to introduce malware into a corporation. Why is this so? The issue is largely due to a lack of adherence to the Zero Trust principles.

Email is the Zero Trust Antipattern

Zero Trust principles state that you should handle everything as a resource, handle them equally, communicate securely, authenticate access, and provide only least-privilege access. In general, nobody would grant access to a corporate resource from the internet without robust authentication....

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023