You’ve sent an email using end-to-end encryption, so it couldn’t be more secure, right?
Wrong. End-to-end encryption isn’t quite as robust as you might think, especially when emailing recipients using different software or applications.
But fear not, there is an alternative. Here’s why zero-access encryption is fast being recognized as a more secure alternative over and above end-to-end encryption.
Why is email insecure?
First things first. Why do we need to encrypt emails in the first place?
Email inherently lacks security functionality needed to protect sensitive emails and attachments, leaving data at risk throughout every stage and its journey.
Email security in transit
While TLS (Transport Layer Security) does encrypt email traffic, it is optional and dependent on server settings. This means that if TLS is not supported or properly configured, emails are not secured.
Additionally, TLS does not guarantee emails are delivered to the correct server, meaning emails are susceptible to undetected Man-in-the-Middle (MITM) attacks. While DANE (Domain Name System-based Authentication of Named Entities) verifies server authenticity using DNSSEC, ensuring emails are delivered only to authorized servers, adoption of DANE remains low globally.
In addition, if the correct transport security cannot be enforced, due to a lack of support on the recipient’s side, the email is likely to bounce or is simply delivered insecurely, neither of which is an ideal alternative for a sensitive email.
Email security at rest
Once sent, emails are commonly stored on servers belonging to the sender and recipient. However, often emails are stored without encryption or with encryption using the provider's key. This means that, technically, the provider has unrestricted access to email content.
It is likely safe to assume that vendors implement robust logging and access controls. However, unsurprisingly, due to their ability to access vast quantities of sensitive data, email providers are vulnerable to insider threats and hackers. They are also susceptible to governmental subpoenas, all of which raises significant concerns for many organizations.
How important is 2FA?
Once a sensitive email reaches the inbox, there are concerns around access. How can you be sure your message is only read by the intended recipient?
Many email solutions lack two-factor authentication (2FA) for users, and nearly all of them lack 2FA to protect information once sent. This means that anyone with access to a user's mailbox, including administrators, partners, or unauthorized individuals with the user's password, can potentially read and manipulate emails.
Why end-to-end encryption isn’t enough to secure email
End-to-end encryption (e2ee), specifically SMIME or PGP, is often considered to be a suitable security solution for email as it ensures only the sender and recipient can access the contents of a message.
e2ee requires both parties to generate encryption keys on their devices (their ‘end’) in order to share them with recipients. However, this means both the sender and receiver need to have the same software installed, as well as the use of a universal key-exchange system.
Implementing e2ee for email security proves unfeasible and often inconvenient for several reasons:
1. e2ee requires all parties to use the same standards on all devices/software
Firstly, email is widely used for communication with individuals who do not use SMIME, and/or PGP may not employ the same standard software. And, even if a user does use these technologies, to be truly effective, all devices utilized to manage email (mobile phone, tablet, PC etc) would need to support SMIME and/or PGP, too.
It is also impractical to ensure all recipients utilize (or are happy to install) the same e2ee software before engaging with them.
2. e2ee requires all DLP, encryption and logging to be done client-side at any device
e2ee also necessitates performing all encryption, decryption, data loss prevention (DLP), and logging operations on the client side. This means that solution providers and organizations need to provide these functionalities across various devices, operating systems, and environments to ensure seamless communication.
This is both unfeasible and extremely costly to develop for solution providers. In addition, the high CPU usage required for this can result in slow or failed operations, especially when users are working on mobile devices or within virtual desktop infrastructure (VDI) environments.
3. e2ee impact on threat protection solutions
Another important consideration is that end-to-end encryption in email can render investment in threat prevention software (such as SPAM, ransomware and phishing) ineffective.
These gateways often scan email content and attachments to detect malicious or suspicious content. However, with e2ee, the content is encrypted and therefore inaccessible to these gateways, making it difficult to identify and block potential threats. In other words, using e2ee creates vulnerabilities to malicious attacks.
4. e2ee lacks 2FA, impacts files sizes and transfers, and doesn’t encrypt an email in its entirety
e2ee typically lacks support for 2FA. Once SMIME or PGP is configured, it becomes transparent, meaning that mailbox access alone is enough to access the encrypted data. While it is possible to add a passphrase to the encryption key, this is often done only once during startup, and subsequent access does not require additional authentication.
In addition, e2ee doesn’t enable the sending of large attachments. With SMIME and PGP, file sizes increase when encrypted. As attachment sizes are often limited in most email clients (25MB), e2ee can limit file transfer even further.
Lastly, it is important to note that while the body of the email is protected, metadata such as the subject line and headers remain unencrypted under e2ee. This leaves them susceptible to manipulation or unauthorized inspection, potentially compromising the confidentiality of the communication.
What is zero-access encryption?
Fear not! There is a solution to your email security headaches.
A relatively new concept, zero-access encryption provides an effective solution to the limitations of end-to-end encryption.
Zero-access encryption ensures that the content of emails and files is always stored in such a way that the solution provider can never access the information by itself. Using public-private key encryption, providers hold only the public keys of senders and recipients, used to encrypt the information. The sender and recipients hold their own private key, without the user knowing, either leveraging the organization's Single-Sign-On solution or using the user's password as a secret to be able to derive the private key via a cryptographic key-derivation function.
DLP-function, encryption functions, logging, and key-generation for guest recipients in this model can all be done securely on virtual servers, by ensuring all operations are performed only streaming in memory, never stored on disk. This methodology reduces any residual risks to the CPUs of virtual machines being compromised.
Additionally, by using SOC2-Type 2 compliant data centers in the right jurisdiction, and/or employing advanced intrusion detection, these risks can be mitigated to nearly zero and most likely to a much lower level compared to the risk of any of the concerning end-user devices being compromised.
Zero-access encryption is fast proving to be the most secure solution for protecting sensitive data in emails, over and above e2ee encryption, ensuring that email content is protected without relying on specific platforms or services.
By leveraging public-private key encryption and securely performing operations on virtual servers, zero-access encryption addresses the shortcomings of end-to-end encryption and provides a robust framework for safeguarding sensitive information.
Implementing such an approach can greatly enhance email security, protecting organizations from unauthorized access and data breaches. Find out how we can help.
Last updated - 10/08/23