If securing the path as well as the email server is impossible, the contents of emails should already be encrypted at the email client. This requires the implementation of a corresponding solution on the end devices (PCs, notebooks, mobile devices) of the company. Additionally, every user must have their key pair available locally for the implementation of cryptographic actions (signatures/encryption). For security reasons, the key pair should be removed from the device automatically as soon as the user has logged out.

 

If these requirements are met, the cryptographic processes are transparent for the user and are running in the background.

 

Advantages:

•Genuine end-to-end encryption within the company and with external communication partners which also have the corresponding technology and key material at their disposal.
 

•Depending on the certificate quality and the infrastructure used, a qualified email signature (level "high" according to EU regulation 910/2014 (elDAS)) is possible.

 

Disadvantages

•Complicated distribution mechanisms for obtaining and updating the key material up to the client (high administrative effort/costs).
 

•The search for email contents in the archive is impossible due to the encrypted storage. To be able to open emails from the archive again, an accurate key management is absolutely necessary.
 

•Only one encryption technology is available (S/MIME or OpenPGP). The communication partner must also support the technology.
 

•A spontaneous or general exchange of confidential information with communication partners for whom no key material is available at this point or who do not have any encryption technology is impossible.
 

•A substitution/deputisation regulation with protection of sensitive contents is impossible.
 

•Central protection mechanisms, such as virus and content scanning and thus data loss prevention (DLP), are impossible.

 

Therefore, it must be considered whether the benefit of an internal email encryption outweigh the disadvantages.

The SEPPmail Secure E-Mail Gateway is integrated into the SMTP flow in the perimeter of a company. Thus, the cryptographic complexity is shifted from the company and is concentrated in a central location. This enables a simple and efficient administration.
If the need for internal data protection is much higher, the approach in this respect must be much more comprehensive. If this is the case, a holistic concept should be created in which not only the email channel but all components of the internal network, e.g. database, file and folder encryption, etc., are to be considered. If such concept is implemented consistently, in the circumstances described under Environment Of An "Unsecured" Email Communication In The Company, an email end-to-end encryption is not really required (at least internally).

 

The internal email encryption solution of SEPPmail eliminates the disadvantages listed above. If the internally encrypted material of the SEPPmail Secure E-Mail Gateway is to be exported into an archive without encryption, access to the archive is to be protected correspondingly!