July 26, 2017
Even though it is reported that nearly 60% of companies don't encrypt corporate emails, it feels like the process to enable this technology might be in place but not used. From what I have seen within companies that have this feature enabled most either don't know it's enabled or does not know how to use it. I would guess that 60% is a little low of a number.
While encrypting email in flight provides confidentiality, integrity, and verification of the sender most people still find it cumbersome to figure out. PGP and S/MIME are the two cryptographic ways to encrypt native email communication but it also has to be setup on the receiving parties end and I have found that this isn't normally the case.
Some companies try to overcome this by creating secure email portals to exchange information. This is where parties have to log in to an account on the Internet over an SSL encrypted tunnel to view and send an email (only within this protected system). There are many security companies that offer this service and other companies that have built them in-house. Are they secure? Probably as secure as the next application.
I truly believe that the most secure way to send sensitive data is by using PGP or S/MIME based encryption.
The originally article and my idea for this post originally appeared on the TechRepublic.