Secure email gateways and IAM: where the real control gap is

TL;DR: Secure email gateways still matter because they stop phishing, malware, and spoofing before delivery, but identity-based attacks increasingly bypass mailbox perimeter controls once an account is compromised, according to SecurEnds. The real security problem is not email filtering alone, but whether IAM and lifecycle governance can prevent trusted identities from being abused inside cloud email platforms.

NHIMG editorial — based on content published by SecurEnds: secure email gateway guidance and the role of identity governance in email security

Questions worth separating out

Q: How should security teams use secure email gateways without overrelying on them?

A: Treat the gateway as a perimeter control, not a complete email security programme.

Q: Why do compromised email accounts still create business email compromise risk?

A: Because once an attacker controls a valid mailbox, the messages often look legitimate to users and to some security tools.

Q: What breaks when email access reviews are infrequent?

A: Stale accounts, excessive delegation, and orphaned mailboxes remain trusted long after business need changes.

Practitioner guidance

• Tie mailbox access to lifecycle controls Make sure joiner-mover-leaver processing removes mailbox access when a role changes or employment ends.
• Add identity monitoring to email defense Use mailbox anomaly signals, impossible travel, unusual forwarding rules, and suspicious sender behavior to detect compromise after delivery.
• Verify mail routing end to end Confirm that all inbound and outbound mail actually traverses the secure gateway, including cloud-to-cloud connectors and legacy routes.

What's in the full article

SecurEnds' full article covers the operational detail this post intentionally leaves for the source:

• Configuration guidance for routing Microsoft 365 and Google Workspace mail through a secure gateway
• Detection methods such as sandboxing, heuristic scanning, and URL analysis explained in implementation terms
• Questions to ask vendors about zero-day handling, policy management, and compliance reporting
• How identity governance complements gateway controls in real deployment environments

👉 Read SecurEnds' analysis of secure email gateways and identity risk →

Secure email gateways and IAM: where the real control gap is?

Explore further

View Full Forum →  |  NHI Foundation Course →