Eight Best Practices for Secure Email Communications

By Madhu Reddy

Email-related data breaches occur on a daily basis. Moreover, the vast majority of email-related breaches occur because senders do not – or cannot – encrypt the contents of their communications. This leaves organizations vulnerable to a variety of serious consequences, some of which can devastate an organization: violation of the large and growing number of data breach notification requirements, significant remediation costs for victims of the data breach, loss of intellectual property, loss of corporate reputation, bad press, fines, and government sanctions.

With the ongoing concerns about enterprise privacy, and the pervasiveness of email communications, these eight tips are more timely than ever to consider as you protect your email communications!

  1. End to End is a Must

Ensure data is protected while at rest and in transit. By shifting focus to protecting the data itself, it will be secured persistently, wherever it goes. Email Encryption solutions that rely on two or more different encryption technologies inevitably end up splitting messages at some point in the mail flow, creating security gaps and allowing room for data to be compromised. A single, streamlined solution – based on a single technology for all use cases – ensures that data is protected persistently. In recent months, many organizations have been migrating to an email service in the cloud, where it is critical that sensitive information must be encrypted before it enters the cloud, protecting it from access by IT operations and breaches.

  1. Don’t Hinder Compliance

Encryption does not have to break, or require extensive additional infrastructure for, compliance scanning, archiving, and e-discovery. The ability to roll out encryption while still maintaining critical features such as archiving, eDiscovery, DLP, and email hygiene scanning is a must. Your solution should be able to encrypt and decrypt messages based on compliance and mail routing policies, and should offer lightweight tools and plugins to support existing archiving and e-discovery business processes.

  1. Stateless Critical for Simplified Operations

Deploy a solution that is stateless, with no end user certificates or keys to manage, ensuring lower infrastructure and operational costs. Keys can be generated dynamically, on demand when they are needed, eliminating the need to keep and maintain a key store. With a stateless solution, the need for keys or certificates to be backed up and replicated across servers is eliminated, providing maximum scalability. Additionally, disaster recovery should be as simple as taking a one-time backup of the master secret, which can then be used to easily recreate a new key server that can generate keys for past and future messages – with no loss of data.

  1. One Encryption Technology: IBE

Deploy a single encryption technology that can work across all use cases and all end points, whether that is a desktop, mobile device, smart phone, tablet, or web browser. Identity-Based Encryption (IBE) can address all of these use cases for both internal and external email communications. Whenever an email is encrypted, always use the same delivery mechanism – email should follow a push delivery model to the recipient’s existing inbox, rather than having to create a separate inbox for the sole purpose of maintaining secure email communication. Needlessly managing multiple encryption technologies and delivery methods only increases complexity and cost across the IT and Help Desk organizations, and frustrates users.

  1. Ease of Use for Senders and Recipients

Implement a solution that is easy to use, with the freedom to send ad-hoc secure communication to anyone, internal or external, without having to worry about doing a key exchange, or whether the recipient has a certificate or shared password. The solution should also work across a variety of commonly used endpoints, including mobile devices, email clients, and Web browsers – with little to no impact on how senders and recipients use email.

  1. One Infrastructure – Multi-Tenancy Capable

Find a solution that supports multi-tenancy, where each tenant can have its own policies and branding to address the unique requirements and use cases of different lines of business, departments, and geographic regions – all under a single email encryption infrastructure.

  1. Flexible Architecture that Enables Business

Find a solution that is flexible in terms of its architecture – one that will not lock your enterprise into a specific deployment model, and that can support on-premises, cloud, and hybrid deployment models. The solution should also be able to address complex mail flows, and integrate with a variety of email infrastructure, business applications, and websites. An ideal solution is one that is able to work today, but also one that will be able to adapt to changing business needs in the future.

  1. Proven in Real-World Deployments

Look for a solution that that is standards-based and proven in real world deployments. Traditional encryption technologies such as S/MIME, PGP, Symmetric Key, Webmail, and others have failed because they have poor user experiences and are costly to operate. Find a solution that has proven time and again that it can be deployed enterprise-wide, not just within small pockets of an organization. If your company does business globally, then finding a solution that has successfully scaled across multiple countries – with a single infrastructure – is a critical.

HPE SecureMail meets and exceeds these eight best practices.  HPE SecureMail uses IBE (Identity Based Encryption) to provide a flexible and scalable email encryption solution that is easy to deploy and maintain.  HPE SecureMail is a single solution that works across all use cases, including desktops/laptops, mobile devices, and web browsers.  Native mobile apps for iOS and Android provide HPE SecureMail mobile users with a rich user experience.  An Outlook plug-in allows seamless encryption and decryption of email on the desktop.  HPE SecureMail eDiscovery helps satisfy compliance and regulatory requirements.  HPE SecureMail can be deployed on-premises or in the cloud, is easy to use, and is scalable to hundreds of thousands of internal users and millions of external users.

Get more information on HPE SecureMail, or sign up for a free trial.