The incident underscores how deeply ingrained the culture of convenience and bring-your-own-device (BYOD) has become in our society, as well as how important email security is in a highly mobile age.
Play by the rules?
Even though all confidential State Department information is sent across secure diplomatic cables rather than email (at least in theory), should Clinton have played by the rules and maintained a state.gov email address for handling official state business while acting as the U.S.’s chief diplomat?
Absolutely. Clinton herself admitted that “it would have been better” to use multiple email accounts.
While the media had a field day with the email fiasco, raising flags about the transparency of a presidential hopeful’s actions while serving in a public role, Clinton made roughly 55,000 printed pages of official correspondence from her mixed-use personal email account to the State Department. The reactionary move raised even more questions about the content of the “personal” emails not made public, some of which were intentionally deleted.
What’s not being talked about, however, is maintaining secure email in an age where convenience is the modus operandi of everyone.
Remember that other politicians, including Mitt Romney and Sarah Palin, have been caught using free email services to conduct official business.
Clinton’s dual-use email was certainly filled with correspondence that should be public record and plenty more that she has the right to keep private. What if Clinton were able to maintain the transparency required by her role in the public sector, while still maintaining the privacy she’s afforded in her personal life?
Additional risks uncovered
The Associated Press reports that the server used to transmit and receive Clinton’s official and personal emails is a “home brewed” system based out of her New York state home. While unusual, a home-based email server would give Clinton more sophisticated control over her emails than if she used a free email service such those operated by Yahoo, Google or Microsoft.
However, according to the same news report, “homebrew” email servers “are generally not as reliable, secure from hackers or protected from fires or floods as those in commercial data centers.” Email servers hosted in dedicated, professional facilities “provide monitoring for viruses or hacking attempts, regulated temperatures, off-site backups, generators in case of power outages, fire-suppression systems and redundant communications lines.”
How To Reconcile User Convenience, BYOD, Email & Enterprise File Security
- Look For A Mobile Email Solution With Data Containerization: If Clinton had a data containerization platform installed on her phone, she could have partitioned public record State Department content from her private correspondence. Even with content stored on the same device, Clinton could have controlled the access rights to it all, keeping her private emails restricted to herself and her official email transparent.
- Eliminate Attachments And Leverage The Enhanced Protection Of Secure Links: Know that even if an email is leaked or made public, a secure link (rather than an attachment) keeps any auxiliary information secure. Secure links allow a granular level of access control, including options to deactivate the links after a certain time period or specified number of opens.
- Stay Secure With Data Loss Prevention (DLP): What if Clinton had lost her BlackBerry? Not only would the device be gone; the personal and public content stored on it would become compromised. Even if the phone was password-protected, there’s no lock on the phone’s removable storage ports. Any content on the phone’s memory card could become compromised if it’s not secured in an encrypted container. Moreover, remote wiping capabilities would ensure that when Clinton left office, all State Department content could be securely wiped from the device without corrupting the personal content on the device.
- Seek Anytime, Anywhere, Any Device Access: Clinton’s desire for convenience should resonate with any end user of a complex system. At the end of the day, Clinton’s not much different than any enterprise file user in that she’s primarily focused on productivity and efficiency rather than file security. Exceptional access controls allow for ideal usability. By using a platform offering robust access controls, Clinton’s team would have a single, consolidated view of all content, including who can see it and what they can do with it.