Make E-mail
Encryption Effortless
THE BUSINESS CASE FOR E-MAIL ENCRYPTION IS COMPELLING: ENTERPRISES NEED TO
PROTECT CORPORATE AND CUSTOMER DATA, AND THE LATEST ENCRYPTION
PRODUCTS ARE EASIER TO MANAGE, IMPLEMENT AND USE. BY DAVID STROM
E-MAIL ENCRYPTION CERTAINLY ISN’T NEW, BUT AS MORE
companies come under fire for leaking customer identities or
privileged information, encryption is increasingly essential
for doing business—and possibly for staying in business. The
business case for encryption is even more compelling because
the latest products are easier to manage, implement and use
in daily e-mail activities. Here are four issues involved in getting encryption deployed across the enterprise.
widely for all messages sent and received. “It is not acceptable
to need multiple-vendor technologies or different secure messaging solutions when we have to interoperate with our business
partners,” says Ken Patterson, chief information security officer
at Harvard Pilgrim Health Care in Wellesley, Mass.
The nonprofit health care organization evaluated eight suppliers before picking PGP’s Universal Encryption Solution for
their 2,000 staff members using Lotus Notes. “For me, the issue
is, you are sending sensitive information to an ISP, where that
e-mail is going to sit on their server, and you don’t know how
well it is secured,” says Patterson. “That is a much bigger risk
than being intercepted in transit across the Internet.”
1. Don’t assume that all your users know that ordinary
e-mail isn’t private. Encrypting e-mail ensures that information is not “sent out in the wild and stolen,” says Brad Blake,
IT director for the Boston Medical Center. “I am amazed at
people’s lack of awareness at how e-mail works,” he says. “Our
senior clinicians, in particular, have some trouble, and part of
patient care is to secure their records and identities.”
Karl Anderson, the network security manager at the Ann
Arbor, Mich., headquarters for Domino’s Pizza, agrees. “A
lot of our users still think sending an e-mail is the equivalent
of sending a letter in a sealed envelope,” he says. “They don’t
realize that anyone can read it, just like a postcard. They
don’t know there are many points along the path across the
Internet where their messages can be easily viewed.”
Part of the challenge is finding a solution that will work
2. Know the right time to add encryption. Sometimes, you can
deploy encryption as part of an e-mail upgrade or migration, or
when you are adding features, such as data-leak protection.
For example, Domino’s was using Novell’s Group Wise for
about 1,000 users and realized that encryption was necessary to protect the communications involving the employment information that’s transmitted between its stores and
its outside benefit providers. The restaurant chain began
deploying Proofpoint and Voltage’s encryption products
while still on GroupWise because it planned to work
with both GroupWise and Microsoft Exchange/Outlook
