If you are trying to collaborate on a confidential document or presentation, the last thing you want to do is be emailing it back and forth over the Internet without some form of protection. There are numerous technologies that can help you, from general email encryption products to more specialty software solutions that are designed for this purpose. Let's take a look at the alternatives.
Why bother? As we all should know by now, any email that isn't encrypted traverses the Internet in clear text that can easily be viewed with little skill and just some patience. If businesses want to make sure that no one else can look at their messages, they need to encrypt them in their entire path from sender to receiver. You should protect your confidential information from unintended recipients, too. In most cases these solutions aren't expensive and some are free.
The first solution is to use email encryption on both ends.
This is not new technology but is unused by most of the general public. Encryption products such as Symantec's PGP Email Encryption, Voltage SecureMail Cloud or two free services: Trend Micro's Email Encryption Service and Hush Communication's Hushmail.com.
All of these tools scramble the document and the email message, so that even if it is intercepted it can't be easily decoded. They work with your existing email infrastructure so that users don't have to perform a separate task just to send protected documents. Whichever version you choose, your recipients also need to be running it to decrypt your messages. Trend's service is just for Windows and Outlook users; it is a plug-in that creates a "Send Private" button inside Outlook. What could be simpler?
PGP is one of the more widely used products in this space, and they offer several different tools that interoperate with each other. There is a version for single desktops (around $100 per license) as well as their Universal Gateway appliance (about $50 per year per user) that corporations can use for their entire email infrastructure. There are versions for Windows, Mac and Linux users.
Voltage has also been around for many years and like PGP they have a variety of encryption tools, including an Outlook plug-in and their SecureMail Cloud, which is geared towards business users and starts at $65 per user per year for the standard edition. Voltage has one of the most well developed partner networks, and integrates with the widest number of third party email vendors too.
Hush has a free personal offering that has most of the features found in the business product. The basic business account starts at $24 a year per user, and a premium service offering more storage (currently 10 GB) goes for $48 a year per user. Hush is a completely hosted service. You don't have to install anything on the client end. You have two options for your email client: use their Web client or download an Outlook plug-in. One issue with the plug-in is that you have to be connected to the Internet to use it, meaning that you can't compose offline encrypted messages. If you have a lot of frequent travelers that want to compose their emails when away from a broadband connection, this could be an issue.
Hush's preferences page isn't quite as robust as Gmail or some other Webmail products, but there are a fair amount of options to choose from as you can see in this screen shot:
Your second option is to purchase an email appliance of some sort.
A variety of vendors offer them with email encryption as one option and typically include other protective features including data loss prevention. Typical vendors here are Sophos Email Appliance, Proofpoint On Demand Protection Server, Mimecast, PGP's Universal Gateway, Tumbleweed, and Cisoc's Ironport.
These are typically more expensive, but if you need the other features for compliance reasons, or just because you are ultra-paranoid, then these may be for you.
The third option is to use a specialty product just for sending documents.
This means that users will have to do something outside of their existing email process, which may be an obstacle to their frequent use. Two such solutions include IntraLinks Courier and DropBox. There are also a number of free or low-cost file sending services such as SendThisFile.com and YouSendIt.com. The advantage to using something like this is that you don't have to touch your existing email infrastructure, but you do have to learn how to use the service. Some of them have limits on the size of the file that you can send, or require you to buy an upgraded service if you want to send - for example, YouSendIt limits you to 50 MB files for free, or pay $10/month to get its Pro service for up to 2 GB files. SendThisFile has an enterprise plan for unlimited file transfers for $70/month.
Before you choose any of these services, you should try them out if you can and answer the following questions:
- What happens when you want to send an encrypted message to someone outside of your domain? Many of the products have gone to great lengths to make it easy for a new user to self-register, but some (such as Courier) don't and the more cumbersome it is to get started, the less these products will eventually be used.
- What kind of control does an administrator have over the encryption keys for the service or product? Can you easily delete a user's key if they leave your company or their laptop is stolen?
- How much work is the product or service to install on your existing email infrastructure? You should consider what you have to do per client and for your email servers to implement the product.
- Does the product operate as a hosted Web service, an appliance, or some combination? The tradeoffs here are flexibility and features to handle a variety of situations.
The biggest obstacle to encrypted email is inertia, and the hope that your email traffic won't be targeted by someone who is determined enough. These days that really isn't an option, and the good news is that all of these solutions work easily and will protect you. They aren't difficult to implement and won't take up a lot of IT support resources either. If you need the security of keeping your emails and documents private, they are all worth a closer look. And while they aren't effortless to setup, they are fairly effortless for end users on a daily basis once they get used to choosing to encrypt their documents.