Blog: Email Encryption as a Solution or a Feature
Technology products often evolve over time from standalone solutions to integrated features. This can take years, or even decades to occur, depending on the sophistication of the solution, and how easily it fits into an existing application to add value in a broad set of use cases.
The most obvious examples are on the smartphone where we have long ago (in tech years) absorbed our digital cameras and GPS devices, and perhaps more subtly, photo editing software and directory services.
Email Encryption – from product to feature
Email encryption has been an adjunct service and solution that overlays and complements most email services and UIs, Microsoft Exchange and Outlook as prime examples. Virtually all email encryption solutions work with the Microsoft email server and client, even as it migrated to the cloud as part of Office 365. Microsoft introduced its own email encryption solution, Office Message Encryption, as an option and integrated feature of Office 365 in 2014. It has been improved since introduction, and while it still has some limitations (link to Osterman webinar), for many users that need an ad hoc solution for HR and legal departments – it is quite sufficient, and eliminates the need for a specialty vendor (DataMotion included). While it’s not without cost, it is appealing to organizations seeking to reduce the number of 3rdparty solutions and vendors in their IT mix.
Also, in the cloud email service provider space, Gmail has implemented a widely enabled encryption technique as a default (TLS), and in so doing, provides opportunistic security for all email traffic originating from their service. While it doesn’t assure compliance, it does take a significant step towards ‘email encryption as a standard feature’ vs an overlaid 3rdparty solution.
Email Encryption as a feature – benefit
As noted – most email encryption solutions already integrated very well with Outlook and Exchange, which in effect make them a plug-in toolbar button feature of Outlook, invoked with a click. So it has already been reduced to a feature of email in this way for most ad hoc, desktop requirements. Yet, the use of email for messaging and file exchange is not always a desktop ad hoc function.
Email Encryption, CRM, Contact Centers and Mobile Apps
In fact – where it matters most – in high volume business processes handling regulated information, Outlook (or any webmail interface for that matter), is not the best place to send and receive messages and files. CRMs, contact centers, practice management software, electronic health record systems, and custom database applications are the applications that often house the data and track the interactions with customers, partners (or patients). Shouldn’t email encryption be a standard feature of those solutions? And for situations where the customer, client or patient need to initiate an inquiry – shouldn’t a secure email channel be a feature easily accessible to them too through customer facing interfaces and apps such as websites, portals and mobile apps?
Enter the Email Encryption API
While email encryption vendors can extend the existing Outlook style ‘plug-in’ model of creating applets to expose their email encryption service as a ‘toolbar button’ in popular CRM UI’s (Salesforce for instance) – this approach doesn’t scale well, and doesn’t always accommodate the use case at hand, or fit into customer facing services such as self-service portals or mobile apps. In these cases, a native solution is best, using web service email encryption APIs to provide secure messaging, file and form exchange to support high volume applications with trusted security and verifiable compliance.
This application of email encryption APIs lends itself best to healthcare, financial services, insurance and government applications, at enterprise scale. These organizations are best positioned to migrate off standalone email encryption solutions, and leverage the benefits of email encryption as a feature thru the use of APIs.
Email Encryption APIs for Mid-Market Solution Providers
While enterprise class organizations have the resources and transaction volumes to leverage APIs for integrating email encryption as a feature into their workflow process and enterprise apps, broader market benefits are derived from integration with platforms that provide core utility in the healthcare, insurance, financial services and government sectors. Digital banking platforms, digital insurance platforms, electronic health record systems, chronic care management systems, practice management systems – all can benefit from a robust secure messaging and file exchange feature – and email encryption APIs deliver both a ubiquitous method of sending and receiving messages (and files) as a toolbar feature of the application’s UI.
Email Encryption APIs: innovation and disruption
Viewed thru this lens – the email encryption API is both an innovation and a disruption to the existing email encryption product status quo. There are dozens of companies offering email encryption as a subscription service, with very little differentiation, and frankly – very little end user love. Most solutions are burdened with cumbersome, multi-step processes either for the recipient, the sender, or both. It is a mature solution – most organizations that need it have a subscription (SaaS). It is a software solution that is ripe for disruption, and ready to be consumed as a feature instead of a separate product. Email encryption APIs can deliver that disruption – and yield a better tool for moving sensitive business communications and processes forward.