Monday, September 1, 2008

Centralised email encryption at the Domino server level


By Andreas Richter

Large-scale data losses and thefts have been cropping up alarmingly often in both national and international headlines recently. Whether it involves the authorities losing citizens' data or companies whose mission-critical and confidential information ends up circulating freely on the Internet, any kind of data loss has devastating consequences.

Customers and business partners are usually not at all understanding when they hear about data being lost or stolen. Such incidents can threaten a company's very livelihood. Authorities, on the other hand, have little to fear other than malice.

And let us be honest here. Would you want to collaborate with a company that is not even able to ensure that its data is secure? Probably not. Companies have to deal with a bigger headache than a loss of trust, however, because in the worst-case scenario, secret internal information like product development documents and confidential management reports can fall into the wrong hands.

If reports from the criminal prosecution authorities are to be believed (and there's no reason not to), then economic espionage is booming in the context of cybercrime.

Confidentiality, integrity and authenticity

Data spies, who have chosen to follow a very lucrative criminal path, have their sights firmly set on that universally popular and well-established means of communication: email. This is hardly surprising because it has never been easier for criminals to gain access to communication between strangers. It is all possible because of the nature of communication via the Internet. Electronic mail can be intercepted and manipulated while en route from mail server to mail server, and even read without anyone else's knowledge.

The confidentiality, integrity and authenticity of information sent by email will play an ever greater role in the exchange of emails between businesses in light of the latest developments. In order to meet this challenge, and it is in every company's interest to do so, an email encryption solution is the only answer. There is the option of renouncing electronic mail communication altogether, of course, but can any company afford to take that drastic step in the digital age?

Complexity is a challenge

The problem is that for many companies, the task of securing email communication through encryption is a very complex one. The first thing to decide on is the method of encryption: PGP, GnuPG or S/MIME, symmetric or asymmetric? It is important to know the answers to these questions, because encrypted email communication still usually requires the participation of both parties. In other words, both the sender and the recipient of an email have to participate in the same process. The question is, how can this be implemented in an efficient and practical way?