Email has become integrated into everyday life to the point that we take it for granted. In both personal and business contexts, sending and receiving emails is often no more difficult than text messaging a friend or colleague—another innovation that’s become part of the fabric of modern life. But email is especially vulnerable to cyberattacks, which makes email security services especially important for businesses. They’re as vital as security for regular (snail) mail!
To that end, cryptography takes an art as old as civilization and revamps it to keep you safe in the modern age. But shopping for the right provider can be difficult, unless you know what to look for.
Let’s discuss.
What to Look for in an Email Encryption Provider
You want experts with proven experience and practical knowledge—people that know what they’re doing, and who’ve proven that time and time again. But you also want to make sure that the individual or institution you entrust is the right fit for your particular business.
As with any IT or technical services provider, it’s important to begin your search with as much information as possible. Primarily, that means understanding your own needs and being able to describe the lay of the land when it comes to email use at your company.
It also means knowing exactly what email encryption entails and what its providers can offer you. This guide will walk through all of the essential features to look for in a managed security provider you turn to for email encryption. Whether you prefer all in one solutions or you’re comfortable shopping for services a la carte, you need to know what you’re looking for.
To that end, let’s take a moment to define the various options on the table:
Schedule a Free Consultation
What Exactly Is Email Encryption?
Email encryption is the essential practice of protecting email’s contents with the power of cryptography. It’s a revolutionary practice that makes the contents of emails unintelligible to anyone but their intended recipients. It uses computing power to lock, then unlock, the language of the email.
But It’s also a technology that’s as old as human civilization itself. When the earliest codes and cyphers were used to guard access to important information, our ancestors were pioneering the first version of what now safeguards most of modern communications.
Email encryption breaks down into two major categories:
- Transport level encryption – The contents of email are encrypted while they are in transit, rather than when they are sent and received. This easier option often provides slightly less protection than the next, but it is also often cheaper.
- End to end encryption – The contents of the email are encrypted upon being sent and then unencrypted upon receipt. This more rigorous option is considered to offer stronger protection than transport level, but it’s also usually more expensive.
We’ll look at both of these kinds of encryption in further detail below, providing in-depth definitions and best practices to look out for in your provider. But first, let’s also define the more pressing subject of “encrypted email providers.”
What Are Encrypted Email Providers?
Exactly what they sound like: companies that provide all-in-one encrypted email, as a service. They take on the nitty-gritty aspects of what makes encryption possible, delivering you a simple, seamless package.
It’s the only real “set and forget” method of encryption.
There’s been a relative boom in this niche of the overall IT industry. Since around the turn of the 21st century, when encryption was still in its infancy, there are now many more options available to companies looking for an all-in-one solution.
Some of the most prominent encrypted email providers are:
- ProtonMail
- Mailfence
- Hushmail
- Tutanota
While each of these providers can bundle all the encryption services you need into one accessible package, there are also other options for email security. A savvy buyer should look into the various piecemeal offerings provided by other managed security providers as well.
Companies that provide individual security services like encryption can provide the same value.
Let’s take a look at what each of these services entails.
Email Security Services Breakdown
Encrypted email providers are a great, simple option that can solve all your email security issues in one fell swoop. But they’re far from the only option when it comes to keeping your company safe. In fact, email encryption itself isn’t the only email security practice.
In addition to email encryption, there are other security practices and services that you can use to protect your company from threats coming in via mail, or the threat of your own mail being intercepted.
All together, the list includes:
- Transport level encryption
- End to end encryption
- Email authentication
- Architectural solutions
- Strategic workarounds
As noted above, email encryption breaks down into two major categories. Let’s take a closer look at each of those first, then dive into some other options for protecting your email.
Transport Level Encryption
As briefly noted above, this form of encryption offers slightly less protection than the more robust end to end encryption. However, the reason it’s often slightly more affordable is that it’s relatively simpler to set up and use.
There are three main protocols to keep in mind when shopping around for or otherwise navigating transport level encryption services:
- STARTTLS – Also depicted as “StartTLS,” this is a command that indicates to an email server that one or more parties hopes to upgrade a plain text connection to an encrypted one using either Transport Layer Security (TLS) or Secure Sockets Layer (SSL).
- This is an effective baseline defense against “passive monitoring” attacks
- STARTTLS leaves email vulnerable to “man in the middle” exploits
- DANE – Also called the DNS Based Authentication of Named Entities, DANE is a part of the broader Domain Name System Security Extensions (DNSSEC) specifications. It enables a requirement for TLS protection and exists to patch up the aforementioned vulnerability, as well as attacks requesting the strip or removal of TLS.
- MTA-STS – The Message Transfer Agent Strict Transport Security (MTA-STS) functions in a similar way to DANE. However, rather than relying upon the DNSSEC specifications for authentication, it uses a combination of certificate authority and “trust on first use.”
Whichever combination of these protocols you’re in the market for, it’s also important to consider the more robust protection offered by end to end encryption software.
End-to-End Encryption
Unlike with transport level encryption, these services involve encryption at two end points: that of the sender and that of the recipient. It’s also sometimes referred to as person to person encryption. End-to-end is more robust and, as mentioned above, often more expensive. That’s due at least in part to the fact that it’s more complex and difficult to implement.
Some of the most common end to end encryption protocols are:
- S/MIME – Secure/Multipurpose Internet Mail Extensions function in a similar way to MTA-STS, detailed above. S/MIME also relies on individual users obtaining a certificate or key from an in-house or external certificate authority.
- PGP – This protocol acronym stands for “Pretty Good Privacy,” and it’s set the standard for many end-to-end encryption models. In order to fully protect your email’s contents—and your company, by extension—it uses a combination of:
- Cryptographic hash functions
- Compression of data
- Symmetric key cryptography
- Public key cryptography
- GnuPG – GNU Privacy Guard, a part of the broader GNU Project, is a free alternative to PGP. It provides much of the same functionality, but the basic software is free. Like PGP, it’s a hybrid system that mixes multiple cryptographic measures, notably:
- Symmetric key encryption for speed and quickness
- Public key encryption for ease of access and exchange
Across these various encryption protocols and services, there are many options to consider. You may choose to implement more than one, especially combining end-to-end with transport level security. And, furthermore, you might also combine these with other email security measures.
Authentication and Access
Authentication, sometimes referred to as validation, is a key component of email security. It’s used to ensure that email supposedly from a given sender is, in fact, from that sender.
Three of the most common authentication methods include:
- SPF – Sender Policy Framework checks that an email being sent or received has been sent from an IP address authorized by the administrators of the domain.
- DKIM – DomainKeys Identified Mail identifies given digital signatures in the body contents of an email itself in order to determine its origin and authenticity.
- DMARC – Domain Based Message Authentication, Reporting and Conformance is actually a mix or hybrid of SPF and DKIM. It’s fully customizable and allows administrators to set up specific parameters that email must meet.
Authentication is not completely separate from encryption; in fact, with respect to many available email encryption services, both at the transport level and end to end, email authentication is a vital part of the encrypting and decrypting process.
However, email authentication in particular isn’t the only kind of identity and access management that impacts email. Users’ overall profile security can impact their access to their email account(s) and, ultimately, compromise anyone they communicate with. Having sound account management in place is one key element of your entire cybersecurity architecture.
Which brings us to…
Architectural Solutions
Despite the name, we’re not talking about physical architecture or design here.
These solutions have to do with the integrity of your organization’s cybersecurity architecture, also sometimes referred to as frameworks or infrastructure. This figurative language all represents an interconnected system of controls and practices that create a virtual defense against malicious attacks.
It’s your overall cyberdefense plan, put in place.
There are various different approaches to overall cybersecurity architecture. Some are based on compliance guidelines, whereas others are focused on various individual aspects of cyberdefense. Some of the most common include:
- Zero trust architecture
- Perimeter based cybersecurity
- Network and system based protection
One of the most important aspects of any cybersecurity architecture is its first line of defense: its firewall. Your firewall is like the moat to your castle. But sometimes, a firewall isn’t enough.
That’s why additional firewall-like services, like Cisco Umbrella, are there to help filter even what passes through the firewall. RSI Security’’s proactive web filtering services include a full-service optimization for Cisco Umbrella, enabling you to reap the benefits of one of the most cost effective—and powerful—email security solutions available.
Strategic Workarounds
Now, we’re talking at least in part about things happening in real, physical space.
Other ways to implement email security at your workplace involve optimizing the actual behaviors and practices of people interacting with emails. For one thing, all employees and stakeholders need to be trained rigorously in both general best practices and the ins and outs of any software or protocols you have in place. But training may not be enough.
For businesses with physical space, certain other measures taking advantage of proximity might be beneficial. For example, one procedure involves:
- Having one party sign in to their email account
- Type out a draft of a message with sensitive contents
- Having a second person view the draft in that same account, either:
- On the same computer screen as the first party
- By logging into or otherwise accessing the first party’s account
While this practice in particular may seem like an obscure and impractical method, it’s always important to have backup plans in place for every contingency. To help you avoid resorting to counterproductive workarounds, you should consider outside help from professionals—like us.
Professionalized Encryption and Cybersecurity
Here at RSI, it’s our mission to help businesses of all kinds achieve premium cybersecurity. That starts with baseline measures like email security, but it doesn’t end there. From encryption to entire architectural design and implementation, we’re your first and best option.
We boast over a decade of experience helping companies like yours with analysis, problem-solving, and preventative services related to any and all matters of managed IT and security, including but not limited to:
- Compliance with regulatory standards like PCI DSS, HIPAA, etc.
- Customized data center security measures or cloud security assistance
- Proactive analytics like internal and external penetration testing
Our team of talented experts will provide you with robust email security services, as well as any other cyberdefense solution you need. Contact RSI Security today to set up your cybersecurity practices the right way!