Even that will not ensure protection of the email, he said. "It must also be run on a secure platform that delivers tightly controlled policy to enforce data labeling, digital message signing, encryption and checking of the actual content."
Jeff Wilson, principal analyst for security at Infonetics, agrees that an email management platform would help, since "most people are getting email on [multiple] mobile devices that could be lost, stolen, or compromised."
But he noted a more basic problem for many companies: "They don't even have an accurate inventory of devices connecting to their network or a framework for building a security policy and buying appropriate security solutions."
Those who want to remain in the marketplace may not have a choice about confronting and correcting such vulnerabilities, however. Parris wrote that enterprises that supply high-security customers will have to comply with information security standards set by the Transglobal Secure Collaboration Program (TSCP) for the governments of the UK, the U.S. and NATO.
Those standards are backed by enterprises including Lockheed Martin, Thales, Raytheon, Cassidian and General Dynamics for the Signed and Encrypted Email Over The Internet (SEEOTI) initiative.
Since email is the primary method of information sharing, enterprises must keep it secure, "to protect intellectual property and to compete in the global business environment," Parris said.
Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.