The Nuts and Bolts of Modern Email Encryption
Enterprises must devise a strategy of implementing email encryption for users who frequently send sensitive data. In the past, many businesses would use PGP cryptography to securely send private data using email services.
With PGP, both the sender and receiver must retain the encryption/decryption keys on their systems in order to exchange emails. While PGP email encryption is still in use today, the implementation of PGP is cumbersome and confusing.
In addition, your administrators will lack the tools they need effectively audit privileged communications. This begs the question: How do organizations achieve a balance between security and usability?
Examining Modern Email Encryption
The term “Email encryption” is a broad topic that covers various different facets of the secured email process. First, let’s look at how basic email encryption is achieved so that messages can not be sniffed while data is in motion.
By default, most modern email servers make use of the Transport Layer Security (TLS) protocol. This type of encryption is pretty common among enterprises around the world. TLS encrypts your data in transit, so that third parties in the middle cannot sniff your communications.
TLS encryption can typically be enabled in one of two fashions: Opportunistic TLS and Forced TLS. Out of the box, most newer email servers operate under the opportunistic TLS model while forced TLS can configured granularly for specific domains. Here are the differences between the two:
- Opportunistic TLS: Your email server will attempt to deliver a message using TLS; if TLS isn’t available, the server will attempt to deliver the message without TLS.
- Forced TLS: Your email server will attempt to deliver a message using TLS; if TLS isn’t available, the server will not deliver the message and you will receive a bounce back message alerting you that TLS is unavailable.
TLS isn’t exclusively used with email services. In fact, TLS 1.2 is the newest reiteration of the encryption scheme and many technical experts believe that TLS will become the de facto encryption standard as SSL is currently being phased out.
If you’d like to read more about this topic, the SANS institute recently published a white paper about TLS vs. SSL.
Third Party Email Encryption
Nowadays, most organizations have integrated third party email encryption applications into their email services.
Vendors such as Mimecast, Office 365, and Postini are among some of the leading email encryption suites available to businesses today. While TLS secures your message when it is in transit, how do you ensure that your message isn’t read by an unauthorized third party once the email is delivered?
This is where third party email encryption services come into play. When you send out a secured message, the recipient will get an email asking them to sign into a secured portal. Inside of the secured portal, the recipient can review the message and download any attachments after they have signed up for the email encryption service.
This method of authenticating a recipient guarantees that your company’s sensitive data isn’t sitting on another organization’s unsecured email server. If the recipient’s email server were breached and you did not send your data using a secured email provider, it’s possible that your company’s data could be at risk.
Regain Control of your Sensitive Data
Third party email encryption suites give you the ability to take control of your data. Unlike traditional email servers, email encryption suites give your administrators that ability to exert control over their data after the message has left your organization’s email servers.
With email encryption services, your administrators can:
- Setup read receipts
- Create and view audit trails
- Enforce message expiration dates
- Intercept data that shouldn’t be sent
Most modern email encryption suites can be rapidly integrated in desktop email applications.
If your business utilizes Microsoft Outlook as its desktop email platform, many email encryption suites can be integrated as an add-on within this software.
When you go to draft a new email, the add-on will give you the option of sending your email with or without encryption. Most of these apps insert a button right next to the send button in Outlook when you go to draft a new email. In some cases, you might be required to type a specific string such as [encrypt] in order for the message to arrive encrypted.
Using DLP in Conjunction with Email Encryption
Other businesses have implemented DLP, short for Data Loss Protection (DLP), directly into their third party email encryption suites. With DLP, your organization can set it up to where your email encryption service detects specific keywords or patterns in emails that may contain sensitive data.
For example, if you sent a string that resembles a social security number, your email encryption suite could be configured to do a variety of different things. Your administrators could set it up to do the following:
- Detect and alert the IT Staff/Management, but allow the message to be delivered
- Automatically encrypt the email if sensitive data is detected
- Deny delivery, based upon the employee’s predefined access rights
Most email administrators will elect to use option #2, although option #1 and #3 certainly have business use cases.
Have you Implemented Modern Email Encryption?
Now more than ever, businesses must implement email encryption services in order to protect against unauthorized third parties from accessing sensitive data.
Markets and Markets recently published research showing that the email encryption market may triple in size by 2020. As a result, businesses are implementing email encryption services more rapidly than ever so that they can ensure that their privileged conversations are not at risk.
If your business does not have a method of protecting outbound emails, your IT team should immediately begin investigating which third party email encryption solution works best for your enterprise.
If you’re looking for a partner to help your business with email encryption or any other Managed IT services, you’ve come to the right place! When you schedule a consultation with us, we’ll take a look at your unique situation and what would help your business function efficiently and securely. We’ll work together to decide on the best possible way to move forward for your company and for our partnership. You can reach us by phone at (650) 887-4601 or contact us online just by clicking the banner below.