How to Turn Your Email Encryption From Zero to Hero
We are in the middle of an email encryption evolution. There are no silver bullets here. No golden elixirs. No one-size-fits all solutions.
There is, however, a clear formula for enterprises to apply when looking to quickly deliver highly scalable, use case driven email data protection across the business, today and tomorrow.
Consider Future Business Needs
In the last five years, the email encryption market has doubled in size and is expected to triple over the next quinquennial. While much of this demand is spurred by increased usage across business units, new applications and everchanging privacy regulations help sustain its momentum. Enterprises need to consider future needs, as much as those of the present, when investing in encryption.
“We have a client who approached Echoworx six years ago who said they were encrypting 18 million messages a year and were foreseeing growth. They were looking for a system which could scale to send 40 million messages a year,” said Mike Ginsberg, CEO of Echoworx, in a recent interview with The Register’s Tim Phillips. “Now it’s six years later and they’re sending well over 100 million messages a year. This is just one example of the exponential growth for email encryption.”
This represents both issues and opportunities for those looking to deploy or expand email encryption.
Support Adaptability to Stay Ahead of Jurisdictional Demands
Prior to May 2018, Europe was governed by a patchwork of national, regional and even unwritten rules and regulations governing privacy. Then they brought in the General Data Protection Regulation (GDPR) which offered blanket coverage, albeit regionally interpreted, for citizens of the EU. Then, just two years later, in January 2020, the UK left the EU, and therefore the GDPR, with its Brexit. This left a whole whack of British banks, financial institutions and other high-regulated businesses scratching their heads on how to adapt to constant moving regulatory targets.
According to Gartner, Inc., by 2023, 65% of the world’s population will have its personal data covered under modern privacy regulations, up from 10% in 2020.
Enterprises operating on a global stage need to remain pliable enough to pivot according to ever-changing landscapes of jurisdictional privacy rules but also the foresight to anticipate it. To avoid falling offside with compliance, you need an email encryption solution which can adapt to sudden changes. “There are so many spokes in the wheel and things are changing so rapidly,” said Ginsberg. “In order to keep up, or in some cases, hopefully ahead … we have to have an eye towards usability and an eye towards regulatory changes.”
Enable Flexible Login to Secure Mail and Documents
You need to ensure the simple task of accessing a message or document isn’t affecting business. For example, say you’re a US-based organization looking to expand in the Nordics: while your business in Norway is going to require Two-Factor Authentication (2FA), a form of Multi-Factor Authentication (MFA), you might not necessarily need this more stringent authentication process for your US-based customers. You might even be looking to ditch passwords altogether with passwordless authentication options, like biometrics or social connectors, for streamlined access to your secure portal.
With more ways to authenticate, you ensure every user is comfortable while affording the flexibility to ramp up access to secure messages and documents you send where applicable. “You need to make sure the solution you deploy today will be able to take advantage of the new access management methods tomorrow,” says Ginsberg. “You have to be well aware of the importance of having as many authentication methods for your enterprise to choose from as possible.”
Enable Multiple Standards-Based Encryption Methods
The method used to encrypt documents and messages have changed over time. In many cases, larger industry entities have adopted to use modern encryption methods. If you are a bank operating in the UK, for example, your customers might be protected according to durable media requirements, requiring secure messages and documents be encrypted at-rest, as with Secure PDFs for example. Meanwhile the Bank of England, the central bank governing the UK, demands PGP. Beware of email encryption platforms that dictate delivery methods or use proprietary code. You need to support multiple standards-based encryption methods, without forcing users into a proprietary eco system.
This usually comes down to providing more ways to deliver, receive and open secure messages anywhere on any device. You might, for example, be an enterprise who operates across TLS but what about instances where a TLS connection is not available? Does this impact your ability to send protected mail? What if tomorrow your marketing department wants to move communications to a portal instead of inbox? What if another department suddenly needs to accommodate requirements for persistent data and want to send PDF? As a rule, says Ginsberg: “Even if it works today, it may be troublesome tomorrow.” You need to ensure all your business bases are covered, today and tomorrow.
Include All Players When Building Buying Criteria
Email and document protection isn’t just an IT problem, it’s a business problem affecting the entire organization. With new use cases for encryption constantly being created, “You need to look inward as this is an important part of your messaging infrastructure,” says Ginsberg. “And the way to do that is to bring all the players to the table that have stakes in this.” It’s not uncommon to see six to 12 people at initial meetings and product demonstrations. This ensures all needs are considered and that it meets your unique business challenges.
Email encryption is all we do, it is our specialty. If you would like to learn more about how Echoworx can help you deliver encryption right and start eliminating roadblocks, please reach out to book a demo with one of our encryption experts.
What You Should Do Now