A growing number of organizations are subject to compliance requirements like HIPAA and GDPR that require their data to be encrypted. Email is usually the first application affected. There are a number of different email compliance solutions available today and customers sometimes don’t understand the strengths and weaknesses of each of the solutions. Below I have provided a quick summary of the major options for email compliance, as well as their strengths and weaknesses:
This is the simplest of all the email compliance options. TLS protects the email as it is transmitted between two email servers. This protection is at the transport level, not at the message level (the communication channel is encrypted not any particular messages). This is very simple to setup. In email systems, such as Microsoft Exchange, the setup is generally as easy as checking the TLS encryption checkbox on the sending and receiving Exchange connectors. Within an organization this is very easy to enable. In a B2B scenario, the two organizations must cooperate to exchange TLS trust.
As can be seen in this diagram the message is encrypted and protected while in transit, but once the message arrives at the local email system it is not encrypted. So the information is subject to exposure and leakage within the organization. As well, when email is sent between two organizations that have not enabled a TLS trust, the content will not be protected and encrypted. So in summary TLS is very simple, but generally does not provide the level of security that most organizations would be looking for.
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is an IETF standard defined in a number of documents. S/MIME provides both data security via encryption and non-repudiation of origin using digital signatures. Before S/MIME can be used in any of the above applications, all users must obtain and install an individual key/certificate either from an in-house certificate authority (CA) or from a public CA. S/MIME provides protection at the message level so is much more secure than TLS. As can be seen in the diagram below, the message is encrypted on the sender’s desktop and unencrypted on the recipients desktop.
S/MIME protects the message while it is in transit, while it is stored on the email server and within the user’s email application (such as Microsoft Outlook). So between the sender and recipient the message is very secure. But once the message is un-encrypted the protection does not persist. S/MIME does not include any concept of email permissions, so once the recipient has un-encrypted a message they can do anything they want with the message including printing, and forwarding the message to others (without encryption).
Using S/MIME for email compliance has one major disadvantage, it is very difficult to setup. Within an organization it requires the installation of a Certificate Authority and everyone must have a certificate from the CA or S/MIME will not work. Because B2B or B2C scenarios would require authenticating and enrolling outside users in an organizations CA, S/MIME is generally not useful in these scenarios.
Secure Pull or Secure Email Gateway
There are a number of solutions out there referred to as secure pull or secure email gateway that provide secure email functionality. This solution is generally used where secure information needs to be shared with people outside the organization that do not have any encryption solution installed. This works well in B2B or B2C scenarios. The concept is that the email is sent to a secure central storage location. Recipients then read their secure email via a secure browser session which displays the message. The message is never transmitted to the recipient, rather the recipient views the message which is stored in a remote location. The message stored in the secure central storage may or may not be encrypted.
The disadvantage of this solution is that the user never has possession of the email, and the user is forced to repeatedly sign in to a remote location to view their secure email. So users’ end up using their native mail client (like Outlook) to view normal business messages, and then have to sign into another system to view their secure email. This may be acceptable for the occasional email, but is not a good solution if you are planning to encrypt a lot of email. In addition, because the content of the email is sometimes stored in a cloud for retrieval you may have to expose your content to a third party.
Information Rights Management (IRM)
Information Rights Management is a newer form of encryption that is based on the concepts of digital rights management. For more detail, see our blog, What is Information Rights Management? IRM takes email compliance to a new level by enforcing the persistent protection of information. Even though a user may have rights to open IRM protected email, it does not mean the email can be forwarded and read by others. Each users permissions are evaluated before the protected content can be opened. IRM takes S/MIME a step further in that it allows for permissions to be assigned to protected content. So the owner of the content can specify if the recipient can Forward, Reply, Print & Copy the content of the email.
With new methods of authentication, many IRM systems are better at B2B and B2C scenarios than S/MIME. One of the big advantages of IRM is that it works well in the new cloud and mobile world, as you can be assured that your content is persistently protected even though it is outside the bounds of your firewall.