My latest contributed column in SecurityWeek focused on best practices for policy based email encryption. In the article, I shared best practices that companies should consider before choosing an encryption technology and highlighted some of the common technologies and how they address different use cases. Companies that take into consideration their defined requirements and these best practices, will be able to best determine which types of email encryption needs to be deployed in their specific organization.
By defining certain requirements prior to adoption, companies can select the best technologies needed to meet the required set of policies in place. The best practices I addressed for policy based email encryption were specifically around:
- Transport Layer Security (TLS): This is an Internet standard extension to SMTP and is universally supported in mail transfer agencies. It can be used as an authentication method as well as an encryption method.
- S/MIME Gateway Encryption: This allows two organizations to establish encrypted links with each other by exchanging organizational keys (certificates) and having the email servers automatically encrypt and decrypt messages.
- End-to-end Encryption: The most secure means of encryption and can provide non-reputatiblty.
- No-Client-Side-Software-Required: This means that the sender doesn’t have to have a public key in order to encrypt email to a recipient.
My contributed column, “Best Practices for Policy-Based Email Encryption”, in SecurityWeek can be viewed here.
Hope you have the time to read the article and if you have any further questions on the topic of email encryption, feel free to comment below.