In today’s world of cloud-based services and legislative forces that are upping noncompliance penalties with each passing day, the application of email encryption as a strategic tool is back on the front burner. Email encryption is nothing new, of course. Yet outside of the usual circles — finance, healthcare, government — widespread adoption of the practice hasn’t occurred. “Email encryption hasn’t taken off the way we expected,” said Bill Mann, SVP of business unit strategy for CA Technologies. “The business drivers … weren’t sufficiently painful.”
Why would you encrypt just *sometime* when you can encrypt ALL of it, ALL of the time.
The idea of scanning for keywords before encrypting is like a bank looking at your bank statements and saying "Hmmm, there are private purchases on here... better send this in an envelop rather than on a postcard."
There are complicated solutions (GPG, Enigmail) which require sender and recipient to exchange keys but there are also simple solutions (TrulyMail, PGP) which do it all for you (and some are even free). If you use one of the 'refrigerator' (your term) systems then you can just as easily encrypt all your messages rather than only some.
Encrypting some also tells hackers which ones to focus on. Encrypting all of them, especially with rotating keys, will keep away all but the most dedicated bad guys (and extremely large keys should stop them).
Like a flipping a lightswitch, indeed, though so many users would rather be the dark. The problem is that the safety of encryption isn't exactly like the coldness of a fridge -- you know your milk is definitely going to spoil if it's left out, but you're not quite sure what will happen to your private info if it's transmitted unencrypted. SSL in particular is practically greek to most people, and while it's not totally crucial that everyone understand the tech ins and outs, they should at least understand what they risk by not using it. Granted, I work for VeriSign and have a different understanding of the dangers of unencrypted email than most, but I feel like anything less than default SSL (preferably Extended validation ssl) on email and all cloud-based services is simply not enough protection. There shouldn't even BE a light switch; the light should be automatically on in most rooms.
Loading ...
Flipping the Email Encryption Switch
Posted by: Denise J. Deveau June 9, 2010 05:00 AMIn today’s world of cloud-based services and legislative forces that are upping noncompliance penalties with each passing day, the application of email encryption as a strategic tool is back on the front burner. Email encryption is nothing new, of course. Yet outside of the usual circles — finance, healthcare, government — widespread adoption of the practice hasn’t occurred. “Email encryption hasn’t taken off the way we expected,” said Bill Mann, SVP of business unit strategy for CA Technologies. “The business drivers … weren’t sufficiently painful.”
The idea of scanning for keywords before encrypting is like a bank looking at your bank statements and saying "Hmmm, there are private purchases on here... better send this in an envelop rather than on a postcard."
There are complicated solutions (GPG, Enigmail) which require sender and recipient to exchange keys but there are also simple solutions (TrulyMail, PGP) which do it all for you (and some are even free). If you use one of the 'refrigerator' (your term) systems then you can just as easily encrypt all your messages rather than only some.
Encrypting some also tells hackers which ones to focus on. Encrypting all of them, especially with rotating keys, will keep away all but the most dedicated bad guys (and extremely large keys should stop them).