With REDDOXX MailSealer we have been offering a central gateway for digital signatures and email encryption since 2007. For over a decade we have been hearing the same from companies: ‘Email encryption is too complicated’.
After many conversations we have realized that even the majority of system administrators are uncertain about how S/MIME & PGP really work. Which certificates do I have to buy? Why do I have to exchange certificates with my counterpart first? Which certificate do I use when encrypting emails?
As many find email encryption too complicated it is often used only irregularly. Of course, this is better than nothing but still negligent as emails have a similar security level as postcards. Everything that is written in an email can be read and potentially edited. Nevertheless, sensitive data is still send via mail unencrypted: e.g. credit card numbers, sensitive personal information.
Every time something happens we receive a lot of calls and the general interest in email encryption rises rapidly. The recent implementation of the European GDPR being the latest case:”We would like to encrypt all of our email communication!” A commendable idea but hard to put into practice.
But why? Let’s think about this.