TIPS & BEST PRACTICE 24. FEB 2022
End-to-end email encryption – best practices for enterprises
End-to-end encryption is, first and foremost, a technical concept. End-to-end in its traditional meaning – in terms of email security – refers to the uninterrupted message encryption from a sender’s end device to a recipient’s end device. So by this definition, does it make sense to introduce end-to-end encryption into business email communications?
Organizations, businesses, and authorities need access and visibility into email traffic for compliance and IT security reasons. Data loss prevention, spam, phishing, and virus protection must also be considered as they cannot be left to the user on their end device. In this light, end-to-end encryption from end device to end device is doomed to fail as a corporate environment standard.
The email gateway is an “end” in the encryption chain
An email encryption gateway can be viewed as one end of the email exchange in enterprise communications. In essence, the gateway represents the company on whose behalf individual employees or systems exchange emails.
A secure email gateway encrypts email traffic for secure transmission over the Internet. And when encrypted emails arrive, it decrypts them for the recipient within the company. Digital signatures are also centrally set and checked at the gateway so that employees do not have any additional workload. The result is IT compliance fulfillment and reliable elimination of human error.
Z1 SecureMail Gateway provides companies with a high level of confidentiality in their communications. It prevents deceptive and undetectable economic and industrial espionage attacks through email traffic. This way, even if email interception occurs, the content of the message is always securely encrypted and worthless to attackers.
Is email encryption necessary within a company’s own network?
Emails are usually unencrypted on the transmission path from the gateway to the end device within your own company. This fact also applies to intermediate storage on internal servers. While a firewall protects a company’s network against external attacks, it is futile against internal attacks. And especially when mobile end devices are widely used for confidential emails exchange, they should be (and remain) end-to-end encrypted on the internal route between gateway and end device.
Each participant is responsible for their “end” of communication
In principle, since each communication participant is in charge of their “end,” end-to-end encryption from sender to recipient devices can never be 100% guaranteed. An email certificate is certainly a confirmation that your communication partner has made a security investment. However, in an enterprise environment, a certificate alone cannot assure that the email will remain uninterruptedly encrypted from the sender’s endpoint to the recipient’s endpoint. Instead, it is much more likely that a gateway is interposed at your communication partner’s site and that emails are not encrypted within their internal network. Besides, there are no technical means to check whether and how an email is routed via potentially insecure corporate subnets or mobile networks, nor can you enforce full end-device encryption. If you have higher security requirements, you must coordinate end-to-end encryption on an individual basis with your communication partners.
End-to-end encryption of corporate emails comes through with Z1 solutions
With Zertificon’s Z1 solutions, you can meet all conceivable secure business communication requirements:
- end-to-end encryption with a gateway as an endpoint or
- email encryption at the end-device level, as well as
- complete internal email encryption between your employees
In this regard, Z1 SecureMail End2End, combined with the Z1 SecureMail Gateway, solves all end-to-end encryption challenges when reconciling compliance and security and thus delivers an end-to-end encryption standard for corporate use. For this purpose, Zertificon has established the “Organizational End-to-End” mode. You can read more about “How it works” in the Z1 SecureMail End2End solution description.
You can also find more background information on end-to-end encryption in our Whitepaper “End-to-end email encryption for everyone?”. Among other things, this whitepaper addresses why companies need different encryption solutions than private users and how the interoperability of varying encryption standards can be ensured in end-to-end encryption. If you have any further questions or need information about our solutions, please feel free to contact us directly!
