When should you encrypt email? - flaskdata

When should you encrypt email?

admin

September 18, 2008

A while back, a colleague asked me what is the best way to encrypt internal email.
My first question to him was – what is the threat, who is the attacker and what is the asset you are protecting? Are you trying to encrypt business communications between employees and vendors/customers to protect from eavesdroppers or do you want to encrypt the message repository and protect it from attackers? Before applying encryption as a security countermeasure do a little threat analysis first.
My experience with data loss prevention with systems that monitor millions of transactions and hundreds of violations a year has shown the following:
a. It’s better to use outgoing email in clear text because
1) you can monitor what people are doing and
2) having a business partner decrypt/encrypt is generally a pain in the ass that is greater than the value of the business transaction.
There is little reason to encrypt internal email in my experience. Let’s say that Mike in sales has an insider tip on company stock options and he wants to tell Candace in HR. Encryption doesn’t mitigate that threat. Let’s say that Joe has a secret algorithm he wants to sell to Gene who works the dark side. Encrypting internal email won’t mitigate that threat either. If there are confidential files being sent by email to external destinations – encrypt the files and give the key to the recipient.
If you’re concerned about data leakage then your cheapest and most effective countermeasure is monitoring email transmission for particular data types and destinations.
b. If you have high-value business communications between your company and vendors – you are better off just encrypting the file (for example a sensitive contract or product design doc) and sending the encrypted attachment. This will enable you to monitor who is sending and who is receiving and with the right monitoring system – you will be able to detect that an encrypted file was sent which is interesting information in it’s own right.
Read my blog entry on this topic https://flaskdata.io/blog/2007/06/secure_communications_without_1.html

More Articles

Risk assessment

CLINICAL TRIAL READINESS ASSESSMENT

December 2, 2022 No Comments

Are you really ready to run a clinical trial? How can you best assess your clinical trial readiness? We work with C-level executives and management

clinical data from patients

Assuring protocol compliance without checklists

November 29, 2022 No Comments

At a site monitoring visit, the CRA works on assuring protocol compliance. Assuring protocol compliance is one of the 3 pillars of GCP: The 3

Decentralized clinical trials

Home alone and in a clinical trial

November 27, 2022 No Comments

1 in 7 American adults live alone COVID and social isolation is part of our lives. During COVID, it became easier to recruit patients for

drug counterfeiting

Preventing drug counterfeiting

October 24, 2022 No Comments

Counterfeiting is old as money itself. Drug counterfeiting is no exception. In this post, we’ll share an analytical approach that you can use to estimate

clinical trial risks

What risks really count for your clinical trials?

October 23, 2022 No Comments

Is there a “black-box” risk management solution for your clinical trial? What clinical trial risks are the most important for you and your company? Risk

growth stage

Dealing with information junkies in decentralized clinical trials

October 18, 2022 No Comments

DecentraIized clinical trials software vendor Medable is doing an outstanding job in understanding and executing an online work-flow between sites and patients at home.. This understanding and

Clinical data made radically simple and affordable.

Contact

Resources

Flask Open API for clinical data

Copyright © 2022 Flask Data Ltd. All Rights Reserved.

Privacy Policy | Terms of Use