In a world full of options – How can I determine which encrypted email service is the best for me?
If you work in finance, insurance or healthcare, you’re no stranger to security and privacy regulations, and resulting compliance requirements. Encrypted email is no doubt part of a sound data security policy already – it isn’t exactly a “new” technology. You may also know that users (senders and recipients) find the extra steps and ‘out of band’ processes that most services offer cumbersome, or a downright ‘PITA’.
Even though email encryption has been around for decades, it doesn’t need to function like a first-generation solution – it can be more seamless and easier to use for everyone – as long as the workflow, user preferences and compliance policy are well understood. Encrypted email services have evolved, and there are a lot of implementation options and solution providers out there. So, how do you know which one is right for your organization?
Integration options – Most organizations are okay with ad-hoc email encryption or even policy-based email encryption, but as we move further into the age of digital information, accessibility options are perpetually increasing. Dwindling are the days of sitting in front of Outlook, waiting for an email, and replying to it. Organizations have numerous ways to communicate and being able to integrate into all those options seamlessly could be your main focus. Do you need your email users to be able to send secure messages in Outlook and have the customer on the other end receive that message within their mobile app? Do you need a customer support representative to be able to reply to a support ticket that contains HIPAA-regulated information from within a CRM? Are you looking for an email encryption solution that can deliver 50,000 statements from an automation tool? Then finding an encrypted email service that could satisfy a developer is your top priority.
Usability for the recipient – How do I open an encrypted email? This mustbe easy. This is often the most important requirement because, in the end, it doesn’t matter how secure or compliant or integrated the email encryption solution is – if the recipient can’t open it, nobody will use it. And millennial recipients will be turned off by an outdated user interface (UI), or multi-step link and login complexity may act as an unintended barrier and prevent an elderly person from accessing their confidential messages and files attachments.
Opportunistic TLS was a good first step in making encrypted email easy for the recipient, but it couldn’t guarantee security if the recipient email service couldn’t accept TLS. Good start, but it’s ultimately not safe. There are safe solutions out there that not only leverage opportunistic TLS but are smart enough to step down to another encryption method, if TLS is not available.
Email encryption may never be “sexy”, but it is useful and necessary, and so it must evolve to work better for the senders and recipients. Expectations for simpler, smarter and more intuitive user interfaces are high.… as are the expectation that you’re protecting customers private information.
Usability for the sender – Sender ease of use is just as important. Evolved encrypted email services integrated with the sender’s day-to-day workflow can make the process nearly invisible to the sender. There are a lot of options to make life easier for senders…
- Works with existing email clients
- Provides for ease of use features like single sign-on and multiple options for sending such as automated system applications, tagging, buttons and a portal
- Automates filtering and encryption based on corporate policies, providing a second layer of security and alleviating the need for a sender to remember to encrypt something
- Works where the sender does, when they want, on the device of their choice
Bottom line – an encrypted email service should be able to adapt to however you send email. You send hundreds of emails a day in Outlook and would like to just click a button to send some of these securely? No problem – Outlook-integrated buttons are available. Power user on your phone and can’t be bothered with a desktop application? No problem – mobile integrations are available. Just note that not all of those options are available with every provider.
The “sender” could also be something other than a normal email user. CRMs like Salesforce.com and marketing automation tools can be considered a “sender” too. If that’s the type of information that you’re looking to protect, then you need to find a solution that can integrate via APIs or has flexible connectors using industry-standard protocols (i.e. POP3/SMTP).
In the end, if you’re looking for encrypted email services – there are many available options. Some are add-ons to a broader email security solution for spam, anti-virus, phishing, etc. – pretty good for horizontal market applications and ad hoc applications. Some are new to the market, look good for SMB applications, and offer lower costs as a trade-off for feature limitation. But if you are in the business of handling sensitive information for financial services, insurance and healthcare needs, make sure that you find a solution that integrates with your workflows, makes your senders and recipients happier, and still supports your compliance policy!