Email encryption: Five steps to success

Actually, you use encryption every day, since it's the underlying technology that drives the Secure Sockets Layer and HTTPS protocols. But it seems email encryption remains an enigma at most small and medium-sized businesses (SMBs) because it's been portrayed to solve every information security problem. So, let's take a step back and understand what email encryption can do for you.

First and foremost, one of the biggest issues SMBs have is to ensure they are adequately protecting intellectual property. By encrypting emails that contain corporate secrets, there is very little risk of competitors and the like intercepting messages and stealing data. Likewise, in an age where customers are understandably concerned with protecting their private data, encrypting communications ensures that the customer's private data cannot be stolen.

Both IP protection and privacy considerations fall into a large, yet amorphous bucket called compliance. Any business dealing with regulatory oversight, or even those now accepting credit cards -- which are now subject to the Payment Card Industry standards, needs to be concerned with compliance. Email encryption is not a panacea for compliance, but having the ability to protect critical data is a critical step in the process.

Why isn't email encryption more prevalent? In a nutshell, it's due to complexity. Histori

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information security management for the midmarket Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Gartner: Vetting security of third-party partners in five steps Locking down security in the move to electronic medical records Security and risk management in the midmarket Identity and access management planning guide for the midmarket Information systems management for the midmarket CIOs share advice on doing more with less Get smart about patching security vulnerabilities A CIO's advice for implementing single sign-on solutions Security for the midmarket Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Virtual servers no escape from IT security management concerns Unified communications: Securing access to OCS Unified communications security: How safe is it? Risk assessment frameworks easy to employ Midmarket regulatory compliance management: Don't let your guard down Email and messaging for the midmarket Midmarket data center management guides: Tips and best practices CIO's cost-cutting measures include move to Gmail Midmarket firm harnesses email communication as part of disaster plan Arts center's network infrastructure hits right note with Wi-Fi, FMC When Microsoft shuts you down and other IT horror stories CIOs, unified communications and the lost art of conversation Fixed-mobile convergence saves firms costly mobile phone charges CIOs grapple with tying Wi-Fi, VoIP into unified communications plan Unified communications: Savvy business move or security meltdown? Unified communications security: How safe is it?

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

cally, email encryption was very complex to implement and required a significant amount of communication, configuration and experimentation between trading partners to ensure a message encrypted by you could be decrypted by them.

Additionally, there was no way to force users to encrypt sensitive messages. IT administrators had to hope users understood how to encrypt the message and that they'd remember to do so when appropriate. Since hope is not a good strategy, most organizations didn't deploy.

But as with most technologies, email encryption has evolved and matured over the past few years. It's by no means easy, but it's also no longer cost-prohibitive for SMBs to start experimenting with the technology. The advent of service providers that will host key servers and email gateways that can automate the enforcement of policies has dramatically decreased the effort required to get an encrypted email system operating.

Here are five essential steps to encrypting email:

Ten years ago, it required an armada of consultants and big infrastructure to implement encrypted email. That is no longer the case, but it's still not a walk in the park. But with a diligent process and dedicated project team, email encryption can play a key role in your compliance efforts and can protect both your intellectual property and private customer data.

Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta. Reach him via email at mike.rothman@securityincite.com.

Rate this Tip To rate tips, you must be a member of SearchCIO-Midmarket.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.