Given the number of stolen laptops and other types of data theft, you would think now is the time for e-mail encryption. But it shouldn't be so hard, and I dare say that many of you can't even name 10 of your correspondents with whom you regularly exchange encrypted e-mail.
Back in the summer of 1998, Marshall Rose (one of the principal inventors of Internet e-mail protocols) and I co-wrote a book called Internet Messaging about how corporations can exploit e-mail across the Internet. When it came time to write the chapter on secure e-mail, we said: "The state of secure e-mail standards is best described as a sucking chest wound. There are no technologies for secure e-mail in the Internet that meet the criteria of being multivendor, interoperable, and approved or endorsed by the Internet's standardization body."
This sadly remains true today. While there have been some slight improvements in secure e-mail, including such notable developments as PGP Universal, it still isn't a very large list of products. Part of the reason is that standards are still too lax or too numerous, take your pick. Corporate-wide key management is too onerous, making it difficult to make changes and keep your e-mail certificates in synch as staff comes and goes.
And while there are a few solid products to choose from, interoperability is still miserable, and plenty of difficult implementation issues exist. Most products assume that users only own one machine, making it harder to manage e-mail that originates from multiple PCs and multiple operating systems.
Yahoo, Microsoft and others have been working for several years on sender authentication with little to show for it. (Want to read an amusing missed prediction? How about this:
"Sender authentication will almost certainly become a de facto standard part of the Internet's e-mail infrastructure over the next few years," said The Register three years ago.)
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
