2018 saw a 500% increase in attacks on corporate emails, that securing corporate communication be the first and least disruptive single solution to begin securing corporate assets. Before this can be accomplished, secure corporate email must be defined: Secure email is performed among known users in a private environment.
Corporate communication comes in three major security classes: General, Classified and Secure. Existing public email is fine for general and classified conversations between company employees and outside associates. Existence Email is for internal communication. For this article Private is defined as: limited to known users.
In an Existence Email system, a user connects their digital body to a USB-c compatible device (adaptors available) creating a private environment at the local device. The local private environment is dependent on components from the Private Message Server. Connectivity at the secure environment is dependent on components provided by the digital body. This interdependence creates “Existence” as a factor. (This is important later)
Existence Email process: an email goes from a sender’s digital body to the Private Messaging Server then to the recipient’s digital body using an ftp like process. (figure 1) This means it is NOT possible to accidentally forward secure emails outside of the secure environment. Additionally, unless expressly overridden, no data related to corporate communication is retained outside the company’s control.
Existence email is accessed when an employee connects their digital body to conduct secure communications. This simple action provides a clear delineation between secure activity and everything else. A Security Protocol: nothing related to internal company business is conducted outside of the company’s private email. Phishing emails will no longer confuse users.
From a user’s perspective: they connect their digital body, execute the body-based app and login. It cannot get any easier. Existence Email looks and operates like any web-based email.
The Department of Homeland Security tested existence based secure email. The test was reviewed by The Police Institute at Rutgers University. The report stated: “The information shared was efficiently shared and [with] the right level of restriction…respondent[s] commented that they were ‘very impressed’ by existence technology.” And “respondents also noted that they were likely to recommend this technology to their peers.”
In an article “The Internet’s ‘father’ says it was born with two big flaws” 20 Jan 19, Business Insider India, Vint Cerf the “Father” of the Internet stated: when creating the Internet “Security was an afterthought” that was applied not to “interfere with adoption”. As breaches occurred, solutions were “bolted on”. “Security was also something Cerf skipped …“
This history created the two security flaws that Existence Email addresses: public access and Indirect Assertion of Identity related to secure communication. (figure 2)
In figure 3 Existence Email took the opposite fork at each decision point choosing a Private environment to perform secure activity and using a state-of-existence to directly assert identity providing a transient non-tangible non-data factor plus a data factor for authentication. This is what Multi Factor Authentication was intended to achieve.
Existence Email is actually two unique products; Existence-based Authentication and a private email system. Existence-based authentication automatically loads the email application.
However, a dynamic menu can be inserted before the email providing access to additional secure services for some or all employees. (apply role-based protocols) Employee only services such as HR or remote access can be migrated into this same existence community.
Adding a presence verification before executing a transaction changes the focus from “securing data” to “securing the use of data”. It has been 35 years from inception of the Internet to the present. It will take time to apply parochial security protocols.
Cybersecurity begins with one single solution. Existence Email is that solution. It provides the non-data factor for authentication to other secure activity at no additional cost other than performing analysis based on new information and re-configuring current technology.
Existence Email can create a “deal based private communication solution”, for things such as M&A. It can be brought up quickly, assure an authorized individual’s presence for access and retain all communication within the community for compliance.