Email Encryption for the Masses
Eliminate Compatibility Issues with a Universal Encryption Solution
May 24, 2005
Encryption-scrambling electronic information so that even if intercepted it can't be read-is just one piece of the email security puzzle (albeit a large one). Rooted in ancient Egypt (think hieroglyphics and the Rosetta Stone), encryption played a starring role on the world stage in the 20th century (Allies breaking German code during World War II and Russian code during the Cold War) and is still the basis for secure communications around the world.
As the technology that is the undeniable driver of global business interaction, email is a mission-critical commodity and must be protected to ensure the privacy and authenticity of internal and external communications. Encryption provides considerable peace of mind to compliance officers, mail administrators and virtually every executive in the company, from the CEO on down the line. By encrypting confidential information contained in email, organizations can contribute to:
- Compliance - U.S. and international regulations targeting financial and personal data affect almost every enterprise with new requirements to protect and secure information in all forms. While these regulations rarely mention IT networking or e-mail explicitly, the laws are broadly written and consistently interpreted - and enforced - to cover e-mail due to its mission-critical nature.
- Confidentiality - The content of both internal and outbound e-mail presents risks to confidentiality, as well as compliance and liability concerns. Each unencrypted e-mail risks exposing sensitive information and intellectual property that flows throughout an organization, such as mergers and acquisitions, human resource data and personnel files, financial reports, and trade secrets.
- Reputation - While regulatory compliance issues create a risk of fines for particular industries, such as healthcare and financial services, the risk to corporate reputation is leading companies in all industries to consider deploying compliance protection. Recent history provides several examples of large, successful customers that suffered devastating, even fatal blows to corporate reputation because of disclosures of confidential customer data. And legislation such as California's SB1386 actually requires that companies disclose breaches, making the likelihood of negative publicity even higher.
|
|
So Why Isn't Everyone Encrypting Email?
Despite an increasingly dangerous digital environment, a surprising number of organizations have not implemented an encryption solution. Encryption technology has presented multiple challenges to organizations looking to improve their overall e-mail security:
- Interoperability - One of the biggest challenges to using encryption technology is interoperability. Many encryption technologies require that software or digital certificates be installed on one or both of the sender's or recipient's systems. If these tools are not present, the email may end up not being delivered, or may arrive in an unreadable format. Since users have very high expectations for deliverability with email, introducing technology that creates doubt as to whether a message will be delivered is unacceptable.
- Multiple Technology Options - Effective e-mail encryption requires a flexible policy engine as well as several encryption methodologies. Selection and integration of these different technologies can be challenging for enterprise IT staffs, and maintaining these tools with updated policies and user profiles can also be time-consuming. An effective solution must integrate the best tools available and make them easy to manage.
- End-User Training - Even in organizations that communicate clearly defined policies to employees, violations still occur. Whether these are intentional, such as sending confidential data to a third-party mailbox, or unintentional, such as forgetting to encrypt e-mail to outside legal counsel, the damage is done as soon as the e-mail passes the gateway.
|
|
|
Selecting an Encryption Solution
In selecting an encryption solution, administrators need to evaluate several different pieces of technology. The first piece to consider is the policy engine, which is the most critical part of an encryption solution. The policy engine identifies messages that need to be encrypted, establishes group-specific rules, and "reads" message characteristics and content that may indicate a need to encrypt. The better the policy engine, the more automated the process, and therefore the less administrative resources required.
As the weakest link in any security solution is inevitably the end user, an effective solution must be able to perform even without action from the sender. In other words, when a sender sends private information without remembering to encrypt it, an effective solution will encrypt the message anyway.
In addition, an encryption solution must maintain its effectiveness regardless of the capabilities of the message recipient. Because not all enterprises employ the same encryption standards, and some choose not to include encryption in their solutions at all, any encryption should support multiple standards, including a Web-based "push" option for recipients with no way of decrypting messages at the desktop. This is particularly important with companies that must send messages to consumers such as healthcare patients and financial services customers.
Peace of Mind is Just around the Corner
You're just a click away from taking the next step toward a comprehensive email security strategy. Learn more about the universal compatibility, ease of use and absolute security of IronMail's Secure Web Delivery server by downloading CipherTrust's free whitepaper, IronMail's Secure Web Delivery Server: On-Demand Encryption Technology.
|
