Do you already know how email encryption works and which different encryption methods are available? And how to combine email encryption with an email archiving solution? In fact, is it actually possible to archive encrypted emails? If you have no answer to these questions yet, this blog post will help you understand the basics of email encryption and email archiving and show you how to archive encrypted emails. But let’s start at the beginning.
Why do we use email encryption in the first place?
Emails travel from one server to the next on their way from sender to recipient. If they are not encrypted prior to sending, they are vulnerable to attack by third parties both en route and on the servers themselves. Crooks could intercept or even tamper with these emails, which is why it is advisable to encrypt sensitive data.
The financial or reputational loss resulting from an attack on personal or corporate data can be considerable; nor should the repercussions of violations of the GDPR be underestimated.
According to a Virtru study, only significantly less than 50 percent of emails are client-side encrypted, many people regard encryption as simply too complex. We’ll look at what is meant by too complex later on in this post.
Which parts of an email are actually encrypted?
Only the actual body of the email is encrypted: It is not possible to encrypt information such as the sender, recipient, destination, date of delivery, IP address, and subject line. Yet because even this data will often harbor internal and sensitive information, it is up to the respective company to decide whether email encryption actually makes sense and adds value.
Apropos: Transport Encryption
In order to keep an email’s subject line and its content as secret as possible, and to provide a certain measure of protection against the unauthorized reading of unencrypted emails during transmission, SSL/TLS encryption at transport level should ideally always be used. In fact, this approach is already much more widely used than email encryption itself. Another reason for the more widespread use of transport encryption is the EU’s GDPR that entered into force at the end of May 2018. Professional software solutions, such as MailStore Server for email archiving, attach great importance to transport encryption.
After this brief introduction to the subject of email encryption, we want to explain why an email archiving solution really should form part of your overall data governance strategy.
Why do we use email archiving in the first place?
Every day, a wealth of information, including invoices, contracts, and other business-critical content is sent around the globe in the form of emails. With an email archiving solution in place emails can be stored on a long-term basis and their contents remain unchanged. Email archiving primarily serves the purposes of making data retrievable and available for a longer period of time. In addition, it serves the purpose of preventing data loss and documentation.
This is why a professional email archiving solution should be a significant component of your data governance strategy.
But how do you archive something that’s encrypted?
As a general principle, emails are archived in the form in which they enter the archive, so encrypted emails remain encrypted even during archiving and cannot be read by users, e.g. when conducting an archive search. In order to combine email encryption with an email archiving solution in a purposeful way, it is important to compare the different encryption methods and consider the disadvantages in each case, which we will examine again at a later stage.
Client-based or server-based encryption?
Encryption and decryption can take place either on the clients – known as conventional client-based (or end-to-end) encryption – or on the email server or an email gateway (generally a firewall), in which case it is server-based:
Apropos: Asymmetric Encryption
The most common email encryption processes, S/MIME and PGP, always use asymmetric encryption. This type of encryption was developed in the early 1980s and comprises pairs of keys. The public key used to encrypt messages may be disseminated widely, while the private key used exclusively to decrypt the information is known only to the recipient and is generally also password protected.
Incidentally, the same keys are used for digital signatures. In this case, the private key is used to sign the email and the public key to verify the signature.
Disadvantages of the two encryption methods
In order to settle the issue of which type of encryption is better suited to email archiving, we need to look at the disadvantages of the two processes in more detail, as both client-based and server-based encryption are feasible:
Disadvantages of client-based encryption:
Disadvantages of server-based encryption:
Despite several disadvantages, email encryption is useful and necessary for certain types of company. Client-based encryption can entail a number of complications – for example when it comes to email archiving, however. We, therefore, recommend the use of server-based email encryption.
To sum up, server-based encryption offers the following key advantages:
Sponsored by MailStore Software
Deep fakes are a catastrophe waiting to happen. Facebook’s attempt to create a tool that differentiates between real and fake…
Microsoft Intune is getting a bunch of new updates that will streamline the administration experience for users of the popular…
As businesses evolve into a SaaS/IaaS model for accessing applications, new network technology is crucial. SD-WAN is just such a…
What you don’t know about Exchange and your network can come back to bite you. Monitoring Exchange is one way…
Warnings are nice, except when they are annoying and unnecessary. Here’s a tip to show you how to remove warning…
Having a Group Policy Central Store in Active Directory made life easier for administrators. But does it still work in…