For all the growth in use of productivity tools such as Trello or Slack, for all the deployment of collaboration and file-sharing systems including Dropbox, Box and Huddle, email remains the most widely used business communication tool, by a significant margin.
The Radicati Group predicted that the number of worldwide email users topped 4.1 billion in 2021 (this was over half of the world's population!), with projected growth to over 4.5 by the end of 2025.
Email - A Gateway for Potential Cyberattacks
The sheer volume of emails being sent means that email is also potentially one of the biggest areas of cybersecurity vulnerability for any enterprise. To help address this, the National Cyber Security Centre recommends that data in transit networks are given adequate cybersecurity protection and that emails are encrypted to prevent them being read by anyone other than the intended recipient.
Encrypting emails renders the content unreadable as they travel from origin to destination, therefore providing an additional layer of security and protecting the data in transit from would be cyberattackers or in scenarios where an employee accidentally sends confidential information to the wrong person.
Encrypting emails is also considered best practice in many industries, especially those that are required to comply with strict regulations and protect Personal Identifiable Information (PII) and Personal Credit Card Information (PCI) data.
Many cybersecurity vendors offer encryption options with on-premise Secure Email Gateway products, but there are many different email encryption options available. To help determine what type of email encryption is right for your organization, here’s a look at some of the most popular:
Transport Layer Security Encryption (TLS)
This is the most simple of email encryption types, but it is highly effective for organizations that only require encryption on messages between it and other organizations. TLS connections can be ‘opportunistic’, allowing encrypted messages sent in this mode to automatically seek out and favor a connection using TLS.
It can also be used when connections between organizations are mandated and have pre-specified encryption strengths. Used in this way, TLS ensures that messages are only sent if the appropriate level of security is achieved.
Message Encryption (S/MIME and PGP)
Any leading encryption solution will support international standards for the OpenPGP and S/MIME message formats. These allow communications between recipients who use standard email clients. Sophisticated email gateway appliances can also use these to create policy-based secure connections between gateways or from gateways to recipients.
Depending on when the message is encrypted, i.e., at the desktop or at the gateway, content filtering engines can still ensure that communications adhere fully to corporate email policy, or blocked if the system is unable to decrypt the message as it does not have a suitable decryption key to open it.
Best Efforts Encryption
Not all recipients will use OpenPGP or S/MIME, so when configuring encryption policies it makes sense for the Gateway to try and find the next strongest alternative and use that rather than not deliver the message at all. Commonly, this is password-protected PDFs or Zip files.
Password-protected PDF files are a popular format for secure statement or document delivery.
Web Portal-based Encryption
The levels of technical understanding of an intended recipient can dictate which method of encryption is used. Portal-based encryption is an easy-to-use method that requires no knowledge of encryption. Encrypted email messages are sent using an encryption portal, which can then be opened on any type of device using a standard web browser without the need for plugins. When this method is invoked the user receives an email to say that they have received an encrypted message through the portal and they simply browse to it, authenticate the message, and read it.
Portal-based encryption can be a cloud service or it can be provided on-premise, where the system can be completely under the organization’s control.
Information Rights Managed (IRM)
Like encryption, IRM (also known as enterprise Digital Rights Management [eDRM]) secures the message and file in transit, but unlike encryption it retains access control even when the recipient has received it in their inbox. IRM allows senders to set a read-by date for the message and attachments or retract access whenever they choose. IRM can also prevent the recipient from sharing the data with other parties by preventing screen prints, message forwarding, and watermarking the files.
Clearswift Encryption Options
Clearswift has built a reputation as a provider of some of the world’s most effective email encryption solutions. The on-premise Secure Email Gateway provides TLS encryption as standard and S/MIME and PGP encryption as a cost option. Additionally, we work with some of the very best technology partners to provide our customers with a complete range of additional encryption options, including:
- CipherMail – On-premise encryption portal
- Cryoserver – Secure email archiving
- Echoworx – Hosted encryption portal
- Seclore – Enterprise Digital Rights Management (eDRM)
Discover how Clearswift can work for you
See how encryption can better protect your organization.