IT pros are worried about email security, says survey

Sophos recently announced the release of Sophos Email, our brand new secure email gateway solution, as an addition to our Email product range and our Sophos Central management platform.

It’s engineered to provide our leading threat and spam protection to users of Microsoft Exchange Online, Office 365, Google Apps for Work and many other email services. And from what we heard in our recent email security survey, users of cloud-based email services like these are in desperate need of the extra protection it delivers.

We conducted the survey among our Spiceworks community and readers of Naked Security. We’re just starting to analyze some of the results and they make for interesting reading.

First, they confirmed that businesses are rapidly shifting to cloud-based email with a total of 38% using it today as their primary email platform.

Many are also choosing to use the cloud for security too, with 43% of respondents using a cloud-based service for email security – almost double the percentage of those using the next most popular solution of dedicated email hardware appliances (22%).

18% of our respondents are using email protection as part of their UTM hardware appliance. Virtualized dedicated appliances (12%) were also a popular option, although only 5% were using a virtualized UTM.

When we asked users of the most popular cloud-based email platform – Microsoft Office 365 – about their biggest concerns, system reliability (fear of service downtime or outages) and lack of security came top of the list.

 

It’s not surprising reliability was a top concern – recent outages are clearly in people’s thoughts.

In terms of security, it’s clear that IT teams are not confident in the security they are getting with Office 365 – 50% of Office 365 users agreed that third party security solutions are essential to extend Office 365 security.

This tallies clearly with Gartner’s prediction that, by 2018, 40% of Office 365 deployments will rely on third party protection – an increase from under 10% in 2015.

Ransomware, malicious attachments, malicious URLs, viruses and phishing were the top five security threats people were worried about, with over half the respondents saying they were very concerned about these threats. Despite this recognition of email-borne threats, over a quarter of respondents admit that they rarely or never review their email security policy to check if it is effective.

We also asked our participants which features are most needed to improve their current solutions. It seems advanced sandboxing solutions, such as Sophos Sandstorm, and data protection features, including encryption and data loss prevention, are the most sought after.

Time-of click protection, which checks URLs in emails as people click them and not just when the email is received, was also a highly requested addition to counter those worries about malicious URLs.

We’ll look more closely into the numbers over the coming weeks. For now, the message is pretty clear – IT teams recognize that email is a primary threat vector, infrastructure and security is moving to the cloud, and businesses are looking for extra protection to make sure they don’t fall foul of the ever-increasing number and sophistication of threats.

So we believe Sophos Email is great for those who are looking to move their email infrastructure and security to the cloud.

And, because Sophos Email is part of Sophos Central, it can be managed right alongside Endpoint, Mobile, Server, Web and Wireless, meaning better security is matched by increased efficiency too.

If you haven’t moved to the cloud just yet, a Sophos Email Appliance or UTM solution may help give you peace of mind.

If you’d like to take a look at Sophos Email or any of our Email products, simply start a free 30-day trial.

And if you’d like to tell us about your email security hopes and fears our survey is still open!

Blog post originally appeared on Sophos.com