What Type of Email Encryption is Right for Your Organization?

<a href='/blog?tag=Encryption'>Encryption</a> <a href='/blog?tag=Email Security'>Email Security</a> <a href='/blog?tag=eDRM'>eDRM</a>

For all the growth in use of productivity tools such as Trello or Slack, for all the deployment of collaboration and file-sharing systems such as Dropbox and Huddle, email remains the most widely-used business communication tool, by a significant margin.

The Radicati Group has predicted that the number of worldwide email users will grow to more than 4 billion at some point during 2020, while the total number of business and consumer emails sent and received will exceed 306 billion by the end of 2020. By the end of 2024, this will have grown to more than 361 billion.

Email – A Gateway for Potential Cyber-attacks

The sheer volume of emails being sent means that email is also potentially one of the biggest areas of cybersecurity vulnerability for any enterprise. To help address this, the National Cyber Security Centre recommends that data in transit networks are given adequate cybersecurity protection and that emails are encrypted to prevent them being read by anyone other than the intended recipient.

Encrypting emails renders the content unreadable as they travel from origin to destination, therefore providing an additional layer of security and protecting the data in transit from would be cyber-attackers or in scenarios where an employee accidentally sends confidential information to the wrong person.

Encrypting emails is also considered best practice in many industries, especially those that are required to comply with strict regulations and protect Personal Identifiable Information (PII) and Personal Credit Card Information (PCI) data.

Many cybersecurity vendors offer encryption options with their Secure Email Gateway products, but there are many different email encryption options available. To help determine what type of email encryption is right for your organization, here’s a look at some of the most popular:

Transport Layer Security Encryption (TLS)

This is the most simple of email encryption types but it is highly effective for organizations that only require encryption on messages between it and other organizations. TLS connections can be ‘opportunistic’, allowing encrypted messages sent in this mode to automatically seek out and favor a connection using TLS.

It can also be used when connections between organizations are mandated and have pre-specified encryption strengths. Used in this way, TLS ensures that messages are only sent if the appropriate level of security is achieved.

Message Encryption (S/MIME and PGP)

Any leading encryption solution will support international standards for the OpenPGP and S/MIME message formats. These allow communications between recipients who use standard email clients. Sophisticated email gateways can also use these to create policy-based secure connections between gateways or from gateways to recipients.

Depending on when the message is encrypted, i.e. at the desktop or at the gateway, content filtering engines can still ensure that communications adhere fully to corporate email policy, or blocked if the system is unable to decrypt the message as it does not have a suitable decryption key to open it.

Best Efforts Encryption

Not all recipients will use OpenPGP or S/MINE, so when configuring encryption policies, it makes sense for the gateway to try and find the next strongest alternative and use that rather than not deliver the message at all. Commonly this is password protected PDFs or Zip files.

Password protected PDF files are a popular format for secure statement or document delivery.

Web Portal-based Encryption

The levels of technical understanding of an intended recipient can dictate which method of encryption is used. Portal-based encryption is an easy-to-use method that requires no knowledge of encryption. Encrypted email messages are sent using an encryption portal which can then be opened on any type of device using a standard web browser without the need for plugins. When this method is invoked the user receives an email to say that they have received an encrypted message through the portal and they simply browse to it, authenticate the message, and read it.

Portal-based encryption can be a cloud service, or it can be provided ‘on-premise’, where the system can be completely under the organization’s control.

Information Rights Managed (IRM)

Like encryption, IRM (also known as enterprise Digital Rights Management (eDRM)) secures the message and file in transit, but unlike encryption, it retains access control even when the recipient has received it in their inbox. IRM allows senders to set a read by date for the message and attachments or retract access whenever they choose. IRM can also prevent the recipient from sharing the data with other parties by preventing screen prints, message forwarding, and watermarking the files.

Clearswift Encryption Options

Clearswift has built a reputation as a provider of some of the world’s most effective email encryption solutions. The Secure Email Gateway provides TLS encryption as standard and S/MIME and PGP encryption as a cost option. Additionally, we work with some of the very best technology partners to provide our customers with a complete range of additional encryption options, including:

To learn more about Clearswift’s email encryption solutions, ask us for a demo.

Ask us for a demo

Related resources:

Encryption Options in the Clearswift Secure Email Gateway

Six Step Guide to Email Security Best Practice

On Demand Webinar: Improving Data Loss Prevention and Encryption Controls to Maximise Email Security

Blog: Moving on From Encryption – the Case for eDRM


*** This is a Security Bloggers Network syndicated blog from Clearswift Blog authored by Rachel.Woodford. Read the original post at: