Material Security: Extending Zero Trust to Email

Historically, many CISOs and C-Suite executives have regarded email as an avenue for attack rather than an actual target (when, in fact, it’s both). But while they considered email security a “solved problem,” large-scale email-based attacks from recent years have proved otherwise. The truth is that the problem of email security is active and universal.

At Material, we understand that enterprise security has evolved rapidly thanks to a combination of thoughtful innovation and sheer necessity. And yet, most enterprises still approach email security the same way they did five, ten, and thirty years ago. There’s a clear disconnect between how legacy “spam filter” style email security is applied around perimeters and the reality that email has evolved far beyond just a communication tool to become the institutional memory of an organization.

The evolution of both email and attacks on email calls for a new approach that applies Zero Trust principles to email security, starting with the question: what do attackers actually do once they break into email accounts?

Protecting sensitive content in mailbox archives

Modern mailboxes are vast repositories of sensitive content, including PII, financial information, and legal contracts. While most of the content sits tucked away in archive folders, it is an extremely valuable target for attackers or malicious insiders. Unchallenged access to this content can result in data loss, compliance woes, and substantial reputational damage. 

With Material, you can extend Okta to add a layer of protection for sensitive content in mailboxes. Our Leak Prevention feature scans entire mailboxes for sensitive content and redacts flagged messages so attackers can’t steal them. Users can also directly tag messages as sensitive. If users need to access redacted messages in their mailbox, they can retrieve them on-demand after a simple verification step, such as approving an Okta Verify request. 

 

 

Companies like Gusto use Leak Prevention to identify and safeguard any sensitive content that may have leaked into email. And because the feature pairs with Gusto’s existing Okta deployment, there is no manual end-user onboarding or setup needed.

Closing SSO gaps with password reset flow protection

Okta Single Sign-On (SSO) allows IT and security teams to centralize the user login experience across hundreds of apps. However, when users use unsanctioned products or services that don’t yet support SSO, email acts as the de facto identity layer. In these cases, if an attacker gets access to a mailbox, they can easily spread laterally to other apps by abusing password resets.

Material’s Account Takeover Prevention feature is built to mitigate this risk by requiring users to confirm they initiated a password reset before it is delivered. After confirmation via Okta MFA, the password reset message becomes available, and users can carry on with setting up new credentials as usual. With this new workflow, organizations can effectively extend the Okta umbrella to non-SSO-enabled apps and feel confident about security without getting in the way of their users’ productivity.

A shared focus on productivity and end-user empowerment

At Material, we share a belief in the power of embracing security and productivity—not security or productivity. Security products are stronger when productivity principles are applied to them. Productivity stays unfettered when security is proactive, consistent, and pragmatic. We don’t think there needs to be a trade-off between the two, and Zero Trust nirvana can only be achieved with both.

We also believe that overall enterprise security is stronger when end-users are brought into the security fold. Our many shared customers, including Lyft, Sonos, and Databricks, value the ability to involve employees in the fight against data leaks, account takeovers, and phishing attacks. We think it’s crucial to empower individuals to take an active role in security to foster a culture of security awareness and keep the operational overhead for security teams low. 

Okta has created a foundational launchpad for the adoption of a Zero Trust approach to numerous aspects of enterprise security. Our shared customers benefit fully from Material’s unique combination with Okta because they believe in the power of extending this philosophy to their most essential business application: email.