Striking a balance between cost and benefit for e-mail encryption (Part 1)27/07/2017
Striking a balance between cost and benefit for e-mail encryption (Part 3)22/08/2017
In the first part of this series of articles, we dealt with the issues surrounding the procurement and targeted use of encryption solutions, particularly in the field of e-mail correspondence.
The majority of companies would probably answer the questions raised here similarly. Their answers are usually as follows:
- When companies are forced by law to encrypt their data communications (e.g. when processing personal data), they obviously want to meet these requirements as easily and cost-effectively as possible. While there is no perceivable direct economic benefit of doing so, they risk facing large fines in the event of a breach of data protection laws.
- Companies generally wish to protect their digital correspondence from third-party access. The use of e-mail encryption can be compared with conventional written correspondence by post. Most readers are already aware that today's form of e-mail communication can be compared with a postcard. Anyone passing it on during its journey is capable of reading the contents.
Therefore, important and confidential correspondence by post is protected by sending it in an envelope. Consequently, most companies can cover their need for e-mail encryption simply by sending their e-mails in a digitally sealed envelope. It is of no significance here that the digital envelope is opened automatically on the recipient's e-mail server and that only the contents are passed on to the actual recipient without an envelope.
The requirements for the possibilities and functionality relating to e-mail encryption must therefore be established at this basic level and should neither involve high costs nor a great deal of user interaction.
- In both cases, (statutory obligation and corporate interests) it is often neither possible nor advisable to restrict the use of e-mail encryption to only a few users. It is also frequently the case that, as a minimum requirement, the communication partner should be given the possibility to reply securely and without too much effort.
A solution is therefore sought, in which the encryption costs can be kept in an economically balanced relationship to the benefits achieved.
The openly available encryption protocol TLS (Transport Layer Security) forms the basis for encrypted e-mail transmission.
Transport Layer Security (TLS), more broadly known by its former designation Secure Sockets Layer (SSL), is a hybrid encryption protocol for secure data transmission over the internet. (Wikipedia)
The simple fact that TLS is present does not directly lead to the desired outcome. One possible solution is dealt with in more detail in the article «Auto TLS: Striking a balance between cost and benefit for e-mail encryption — Part 3».