The Evolution of Email Security

Digging out an article from 2017 (csoonline.com) that triggers flashbacks, it references that 60% of respondents had received a document containing sensitive information which they shouldn’t have. Fast forward to 2025 and it is unlikely that the risk has lowered, given the sheer amount of information which is transmitted daily without much consideration over how secure the transmission method is.

Administrators at one point in time could be forgiven for relying upon standard email encryption, password protected files, and sharing securely by cloud-based platforms such as OneDrive – but in the ever-changing landscape of information security, there are better options on the table.

Data loss prevention tools, document classifications and retention policies were at one point also revered as an end-to-end solution for securing information in transit, and whilst that may be true to an extent, it certainly doesn’t solve the problem once the document has landed with its unintended recipient. The recall function in your mail client cannot protect you, nor was it ever that successful in the first place.

To solve the problem of transmitting files securely, there must be an understanding that individuals are responsible for storing documents appropriately, and using traditional DLP features to ensure that a base level of security is applied. Stopping sensitive information from leaving the organisation is heavily reliant on content being tagged appropriately. Modern DLP solutions attempt to tackle this by using agentic AI to check that the contents of a document match what the individual claims to label it as. But even with all these checks and balances in place, most individuals do not give a second thought to simply attaching the file to email and distributing it far and wide.

The ultimate problem transpires once the document is in transit or has been delivered to the target address. Email was once the solution to endless paper memos and traditional correspondence, but the same problem remains. Once the letter has been posted, you can’t get it back. There are a multitude of SaaS applications that attempt to solve this problem, some integrated, some representing the cumbersome platforms that are standalone to the organisations mail system. Such systems become unadopted, seen as extra and overly complicated steps in what should be a straightforward process of attaching a document to an email.

Document GPS is unique in its approach to resolving this challenge. Instead of relying upon the standard safety controls of DLP, coupled with assuming an elevated level of confidence that the document will be sent to the correct recipient 100% of the time, this is where persistent file control and document ownership come into play. As previously mentioned, traditional and modern DLP solutions cover extensively the realm of classification, governance, and auditability. What is lacking from the equation is a level of control post-delivery.

ShelterZoom is a cybersecurity SaaS company specialising in document tokenisation, digital rights management, and persistent content control. Founded in 2017, based in New York, its mission is to empower users to own, track, and control digital content anywhere it travels. The core focus of the product is to deliver zero-trust data resilience and content ownership at the file level. Enabling control, tracking, and revocation of documents post-distribution. The platform is integrated into modern mail applications such as Outlook, ensuring a seamless experience for transmitting documents securely. It is no more complex than using the equivalent paperclip attachment button, which launches the application add-on. Uploading files is simple and the equivalent to attaching documents as normal, meaning minimal change for users.

Document GPS uses document tokenisation (embedding encrypted identifiers that enable control and tracking). Each file is assigned a “token” that defines who can view, share, download, or revoke. Built with blockchain-backed immutability and post-quantum cryptography readiness. In essence, protection travels with the file. File remains encrypted and revocable even outside enterprise boundaries.

Documents can be easily accessed and permissions changed as required or revoked entirely. The platform also tracks user interactions in the way of analytics, showing a full event-based timeline of when documents were accessed, by location, device type and retains a history. Documents can be sent for secure signature in addition, enhancing the product offering as a replacement to other mainstream signature platforms that do not have the same security focused centric approach.

Often when evaluating risks associated with the age-old problem of transmitting the wrong information, it is easy to get lost in a sea of solutions that complicate business process or simply become an abstract tool which has an extremely low adoption rate. Balancing practicality with successful and reasonable outcomes is always a juggling act, but with the correct solutions in place, a unified approach to reducing risk can be achieved. Traditional conversations around ROI and mitigating/resolving risk register items can be as simple as selecting the right tool for the problem at hand, which integrates seamlessly into the existing ecosystem.

Document GPS bridges the gap that modern DLP systems present, once and for all providing full end to end control of digital information and bringing the recall function back into relevance.