TIPS & BEST PRACTICE 02. FEB 2016
Is End-to-End just a technical matter?
What’s the definition of end-to-end in a business environment?
End-to-End encryption is not a protected term. Usually it is understood as unbroken encryption from the sender’s device to the recipient’s device. You will find however various interpretations of E2EE depending on the context and perspective.
Corporate email encryption with a Gateway
In a business environment you might actually define the email encryption gateway as an end in E2EE. It represents the company as an entity itself whilst employees just act on behalf of the company.
A secure email gateway encrypts emails so that they are protected on their route through the Internet. This not only fulfills IT compliance but is very good protection against attacks over the Internet. Even if an email gets caught it holds no value for the attacker since the encrypted content is illegible.
On the routes inside the company’s network emails are usually transmitted in plain state. In order to protect emails when the firewall has been breached by an attacker or in cases when you don’t want your administrators to get hold of plain text emails you also require internal encryption. This is also recommended if your employees exchange confidential emails via mobile devices since they are also transmitted through public networks in plain state and are easy prey for attackers. Therefore, you have to make sure emails are encrypted end-to-end which includes the routes from the gateway right to the employees’ devices.
Every participant is responsible for his end of the communication
There is no 100% certainty for end-to-end encryption in the corporate world. Every communication partner bears responsibility for his “end” in the communication chain. Once you have your communication partner’s email certificate you can be pretty sure they thought about security and were willing to invest but you cannot tell from a certificate whether there is a gateway in between you and your actual personal contact. The only way to find out whether the information exchanged is encrypted on all parts of the journey is to ask your communication partner.
End-to-end encryption remains especially challenging in a corporate environment
Our Z1 SecureMail End2End in combination with Z1 SecureMail Gateway encrypts email not only on the Internet but also in your internal networks and all intermediate stations. This includes internal email encryption between your employees.
For further information read our whitepaper „End-to-End Email Encryption for Everybody?“. It discusses the scalability of single desktop solutions and sheds some light on other E2EE challenges that do not scale. If you have further questions please don’t hesitate to get in touch!