Why Zero Trust Is The ‘Missing’ Ingredient In Email Security: Mailprotector CEO

When it comes to bringing zero trust security to protection of inboxes, ‘no one has figured out how to do it effectively,’ says David Setzer, CEO of the email security vendor.

From its very origins, email has had a large amount of trust built into using it—something that is now exacerbating the massive problems caused by email phishing, according to David Setzer, founder and CEO of email security vendor Mailprotector.

Bringing the principles of zero trust security to email, however, shows tremendous promise, Setzer told an audience of MSP executives Monday at XChange August 2024, which is hosted by CRN parent The Channel Company and being held this week in San Antonio.

[Related: MSPs Are Driving GenAI Adoption But Security, Data Hurdles Persist For Customers: Panel]

With its basis on SMTP (Simple Mail Transfer Protocol), the core assumption of email systems from the start has been that everything is good by default, and we just need to figure out what’s bad, Setzer said.

“Zero trust is antithetical to the core assumption of the protocol,” he said.

As a result, “zero trust has been oddly missing from email security,” Setzer said. “It’s been missing because no one has figured out how to do it effectively.”

The idea of bringing zero trust to email could potentially be a “big deal,” said DJ Huston, vice president of sales and strategy at Rx Technology in San Antonio.

Without a doubt, email phishing is a “major problem for all of us,” Huston said.

“We’ve tried multiple tools. Some are good, some are bad. But it also comes down to the user and what they whitelist. And so there’s a lot of training that needs to go into it,” he said.

End user training, however, is seen as “painful” by many employees, Huston said.

“And the users hate painful,” he said. “They hate anything that makes it complex or delays or holds them accountable.”

The promise of bringing zero trust security principles to email, then, could be a major win if it “takes pressure off me and my [team],” Huston said.

Setzer said there’s no question that it’s time for a change in email security. Mailprotector has taken a multipronged approach to bringing zero trust principles to securing inboxes, including using AI to create behavioral models for users, providing anti-impersonation capabilities and leveraging threat intelligence, he said.

Ultimately, when it comes to reimagining email security, “zero trust flips [the typical] assumption and says, ‘Everything is bad, let’s figure out what’s good,’” he said.