Encryption functions are algorithms designed to render data unreadable to anyone that does not have the decryption key. Data encrypted with a strong encryption algorithm can be transmitted over a public channel with no fear of eavesdroppers.
By default, email protocols have no built-in encryption, meaning that someone who intercepts an email in transit could read its contents. Email encryption addresses this issue by encrypting sensitive emails so that only the intended recipients can read them.
Emails can contain sensitive corporate data or personal information protected under data privacy laws. If these emails are intercepted and viewed by an unauthorized party, they could reveal intellectual property or trade secrets or put an organization at risk of legal penalties for regulatory non-compliance.
Email encryption enables an organization to protect the privacy and security of its communications and to maintain regulatory compliance. As a result, it is a core component of a corporate data and email security program and a common requirement of data privacy laws.
Data encryption can be performed using symmetric or asymmetric encryption algorithms. Symmetric encryption uses the same secret key for encryption and decryption, while asymmetric or public key cryptography uses a public key for encryption and a related private key for decryption.
While it is possible to use symmetric cryptography for email encryption, this requires the ability to securely share a secret key with the intended recipient of the message. If this key is sent by email, the email would have to be unencrypted for the recipient to read it, so an eavesdropper could intercept this email and use the enclosed key to decrypt the encrypted email.
As a result, many email encryption schemes use asymmetric cryptographic algorithms. With asymmetric cryptography, the key used for encryption is public, so it can be sent over insecure email or posted on a website. For example, Check Point’s public key for reporting security issues via secure email is located here.
With a user’s public key, it is possible to generate an encrypted email that cannot be read by an eavesdropper. When the intended recipient receives the email, they decrypt it with the corresponding private key, producing the original message.
The main challenge with using public key cryptography for email encryption is distributing and authenticating a user’s public key. Email encryption provides no benefit if the public key that is used belongs to an eavesdropper, not the attacker.
Different types of email encryption take different approaches to the distribution of these public keys. Two of the most common forms of email encryption include:
Email encryption is a powerful tool for data privacy and security. Some of the main benefits that email brings to an organization include:
When email protocols were first defined, data privacy and security were not a primary concern, so many email and other Internet protocols are unencrypted by default. As a result, an eavesdropper may be able to intercept, read, and potentially modify these communications.
Email encryption helps to mitigate the threat of these man-in-the-middle (MitM) attacks by rendering an eavesdropper unable to read intercepted emails. Check Point and Avanan’s Harmony Email and Office offers built-in email encryption functionality.