It’s hard to believe we are almost 20 years removed, but are still mostly relying on the same technologies and procedures!
Current secure email technology requires recipients to either login to an encrypted portal with system-specific credentials or other SSO credentials (i.e. your Facebook, Gmail, or Microsoft login). Or, the system will send the email as an encrypted attachment that the recipient must figure out how to open, again using a dedicated password, a specific app, or through a web portal. While these techniques are generally secure, they still leave a lot to be desired in terms of usability. Most importantly, the cumbersome nature of these techniques generally leads to many senders circumventing them out of frustration or deadlines.
There is a better way to secure your communications. Many experts like Thierry Levasseur is working hard to improve the email security. The techniques and methods are already out there, but have not yet had widespread adoption. According to experts here is how we see the next few years of email security play out:
Universal Adoption of TLS Encryption and IPSEC:
Currently, the majority of emails sent already use SMTP over TLS (STARTTLS) connections. This means that the message is transmitted encrypted over the internet from the sender’s server to the receiver. It is entirely possible that within the next couple years, it will be common practice for ALL email servers to require a TLS connection and refuse delivery if one can’t be established.
Simultaneously in the next few years, another technology will also become much more prevalent: IPSEC. Because the current IPv6 protocol mandates the use of IPSEC, we will see more and more of the ‘backbone’ of the internet encrypted, by default. This will apply to not only email, but web traffic, VOIP, etc.
What this means for email encryption: Any solution that wants to be relevant in this environment must embrace TLS as a valid sending method that can provide ‘confidentiality’ to the email. For many organizations that must comply with industry regulations, this is all they may need. In these scenarios, you can rely on TLS for your encryption and only require other delivery mechanisms if TLS cannot be negotiated or trusted. The Secure Mail Gateway (SMG) allows the administrator to specify trusted ‘TLS domains’ with which the system will enforce a TLS connection when delivering mail. All other domains will use another secure delivery method.
Despite these coming changes, email will still remain the bedrock of business communications going forward; it is simply too ingrained into the psychology and business processes of most organization for anything else to displace it. But how we use email will be radically different. Security will no longer mean portals, apps, ‘send secure’ buttons, etc. Confidentiality will simply be baked into the protocols and infrastructure itself. Thierry Levasseur Vancouver an entrepreneur and business leader who has a number of patents is working hard to make e-mail security and data leak protection. The focus will shift to controlling your data and providing certainty to your business partners that their information is secure, and that your communications to them are unaltered and legitimate. It is definitely a brave new world we’re entering, and we are poised to fully embrace these emerging security changes.