Building a strong platform to secure enterprise email systems is like piecing together a puzzle by joining existing technologies from various sources.
"The pieces are there, they're just not necessarily being effectively employed," says Curt Barker, cybersecurity standards and technology adviser at the National Institute of Standards and Technology, in an interview with Information Security Media Group.
Many enterprises do not know how to solve the puzzle of building strong enterprise email systems. That's where Barker comes in. He's heading an initiative at NIST's National Cybersecurity Center of Excellence known as the Domain Name System Based Secured Email project. The objective of the project is to produce a guide to be issued in mid-2016 that helps enterprises identify tools that exist to piece together an effective platform to secure email.
"Essentially what we're doing is using off-the-shelf components, but we're composing them into a security platform in ways that have not been executed before," Barker says.
In the interview, Barker:
- Explains why enterprises are challenged in fusing different tools to build a secure enterprise email platform;
- Discusses steps enterprises should take to ensure cryptographic certificates for emails can be provided in a way that are transparent to users; and
- Addresses the synergies between two concurrent email security initiatives underway at NIST.
Trustworthy Email Guidance
Another team of computer scientists at NIST is drafting a special publication to be known as SP 800-177: Trustworthy Email, in which the authors provide an overview of existing technologies and best practices and offer deployment guidance to meet federal government security requirements. SP 800-177 also describes emerging protocols to make email security and privacy easier for end users.
Trustworthy Email is written for enterprise email administrators, information security specialists and network managers. The document applies to federal IT systems but can be used in other organizations. The publication is designed to complement NIST's earlier document, Guidelines on Electronic Mail Security, NIST SP 800-45 version 2.
The National Cybersecurity Center of Excellence is a partnership of NIST, the state of Maryland and Maryland's Montgomery County. The center is focused on furthering rapid adoption of practical, standards-based cybersecurity solutions for businesses and public organizations using commercially available and open-source technologies.
Barker previously served as associate director and cybersecurity Adviser for NIST's Information Technology Laboratory, directly responsible for planning, directing and implementing the policies and programs of NIST's cybersecurity program. Barker was the first manager for multiple national-level initiatives, including the National Initiative for Cybersecurity Education and the National Strategy for Trusted Identities in Cyberspace. He also served as the first head of Department of Commerce's Office of Policy and Strategic Planning's Cybersecurity and Privacy Coordination Office.