IT Jobs
The problem with S/MIME email encryption
Searching emails becomes virtually impossible, once they are encrypted
By Roger Grimes | InfoWorld
Published: 16:22 GMT, 09 November 09
A few times a year, I recognise the need for a product where none exists because I hear multiple customers asking for it. This is one of those times. The products that an increasing number of my clients is looking for are e-mail scanning and archiving systems that can handle S/MIME-encrypted messages.
In a normal year, I visit 20 to 40 clients, ranging from small companies to Fortune 10, where I get to see what products they are using and how well these products work in a real-world scenario. Increasingly popular these days is the use of S/MIME and other e-mail encryption methods (such as PGP, proprietary web mail portals, and so on) to protect email both within the enterprise and externally.
S/MIME isn't necessarily the best method to use, but it's a stable, open standard and probably the most common email encryption method I've seen in use.
Every S/MIME customer I have goes through a few phases. First, they need to understand how it works. How do you turn it on? Who gets what keys? How are the keys distributed? What training will end-users need? How to automate its use? It's no small undertaking.
Emailing in the dark
Often in the second phase, S/MIME ends up nearly crippling the company's normal email functionality. S/MIME involves encryption, and when you encrypt email, it is no longer searchable. At the very least, users can no longer retrieve past emails based upon message text keyword searches, although the email subject line and some other information, such as file attachment name, may remain visible.
This may sound merely bothersome at first, but it becomes mission critical when you need that one single email for proof in a disagreement. Some users respond by turning their email subject lines into more descriptive headings that can be more easily found using keyword searches, but at some point, the sender begins to reveal information that should probably be protected within the S/MIME body.
Worse for today's computer security departments is the fact that S/MIME ends up defanging their anti-virus scanners, DLP (data loss prevention) tools, and email archiving and retrieval systems. Outgoing S/MIME-encrypted email can be antivirus scanned before encrypting and sending, but it's more difficult to scan incoming S/MIME messages, where the scanning is done on a gateway or by an external service provider.
Most of the risk from email malware isn't from the stuff you send, anyway. It's from the stuff sent to you. If you use S/MIME and don't have client-side malware detection for email, you now have a problem.
Add your commentComments
Angelo Comazzetto | Published: 14:59 GMT, 17 November 2009
Passing encrypted messages to the desktop can hinder the visibility of network tools and security functions. Astaro recognizes the benefits of moving encryption and decryption to the gateway; you take the load off of how to use an encryption system from the end-user while at the same time maintain control of messages. Since you aren’t dealing with encrypted contents directly on the desktop instead you can first decrypt the messages then archive, search, run DLP, and other functions.
Dr Chris Gaskett | Published: 19:57 GMT, 11 November 2009
CoolRock software's email archiving and discovery product "TEAL Secure+ Edition" fully supports S/MIME encrypted email. http://www.coolrocksoftware.com/