Corporations require a different approach to IT security than private users

Tips & Best Practice | 23. JAN 2019

IT-Sicherheit in UnternehmenIn reaction to the cyber-attack on politicians and celebrities at the turn of the year, everyone is recommending email encryption direct in your email program with OpenPGP. However, this advice is aimed at private users, who are responsible for their own encryption keys and generally have a limited number of communication partners.

A security concept which attributes responsibility for the key solely to employees would not work in the daily business of companies with dozens or multiple hundreds of employees. This is made clear when an employee leaves the firm, at the latest. Colleagues are then unable to access the encrypted emails. In cases such as this, the IT department is powerless.

Responsibility for the encryption key is only problematic if companies implement solutions designed for private users. Other issues concern the archiving of emails, lack of virus checks by central anti-virus solutions and the inapplicability of other content-based policies. An employer needs access to email communication in order to fulfill IT compliance requirements.

Gateway solutions for centralized email encryption and signature are the state-of-the-art technology for corporations to secure their electronic communication. Attacks over the Internet therefore remain ineffective since only encrypted data can be captured. With appropriate extensions the encrypted storage in email inboxes can also be made secure so that email content remains protected, even in the case of an attack on the internal IT infrastructure. Solutions such as Z1 SecureHub enable you to transfer large files quickly and securely, as an alternative to Dropbox.

Read more with our white paper End-to-End Email Encryption for Everybody? Why private individuals and corporations need different solutions.