TIPS & BEST PRACTICE 03. AUG 2021
What does the use of cloud services mean for email security?
How can organizations achieve secure email and GDPR compliance in the cloud?
Many companies are moving IT services to the cloud. And it’s easy to neglect what this means for IT security and data protection. If a cloud service claims to be GDPR compliant, it does not mean that the email traffic that companies route through the cloud service is also automatically GDPR compliant.
While cloud services can generally assure a high level of security against attacks on the cloud, emails are and have to be routed through the Internet. On the Internet, the security systems of the cloud providers are no longer in place or cannot always work reliably.
Security functions for email in the cloud using Microsoft 365 as an example
- TLS (Transport Layer Security) – the transmission path is encrypted,
no end-to-end encryption (see our blog post)
- S/MIME certificate-based encryption with Outlook
Basically state-of-the-art and recommendable, but as offered by M365, very inefficient, error-prone in operation, and not well suited for enterprises. Compliance cannot be guaranteed if users have to trigger encryption and manage the necessary keys themselves.
- MIP (Microsoft Information Protection)
A proprietary encryption solution for documents and emails that uses internal Microsoft Rights Management and works within the Microsoft world. If the recipient is not a Microsoft customer, both decryption and secure replies are difficult (see Microsoft Support page). Microsoft uses a central master key for all documents and users. And Microsoft holds the key.
Security for email in the cloud with Z1 SecureMail Gateway
The proven email encryption solution for enterprises, Z1 SecureMail Gateway, on the other hand, reliably secures emails on the Internet with policy based content encryption and also works in conjunction with cloud services.
Encryption can be easily automated with any email address in any infrastructure. Certificate and key management take place automatically in the background. The gateway finds and validates certificates of the communication partners and independently switches to a mode of password-based encryption if no certificates can be found, as is the case with private individuals. Your employees don’t have to put any effort into encrypting emails.
For email security regarding protection against ransomware, viruses, and spam, Z1 SecureMail Gateway integrates with cloud infrastructures so that the email security features already available in the respective packages can be fully utilized. There is no need to invest in additional third-party antivirus and antispam solutions.
All the benefits of gateway-based email encryption can also be used with cloud services such as M365 and Google Workspace.