Data security used to be primarily about physically controlling where information was stored. But over the last few years the move towards greater use of mobile devices and increasing reliance on email for business communication has made securing information much more of a challenge.
The solution many organisations have turned to is encryption, particularly for emails, but is this really the answer? Cloud collaboration specialist Open-Xchange is launching OX Guard, a fully integrated email security and encryption add-on to its OX App Suite.
OX Guard works inside the browser, with no need for special plugins or prior knowledge of encryption. Users of the OX environment will automatically receive decrypted emails, while external addresses can read encrypted content via a secure link.
We spoke to Open-Xchange CEO Rafael Laguna to find out about the role encryption has to play in ensuring security and privacy.
Q: How can encryption be used as part of a broader security strategy?
Rafael Laguna: Encryption adds another layer of security and complexity. Encrypted data at rest is pretty safe from prying eyes when stolen - someone with malicious intent may be able to get to it, but it will make no sense, so it is worthless. Unfortunately the same applies when the legit consumer of the data wants to access it, some additional secure process to make it consumable again needs to be run, adding another cumbersome step.
Q: Doesn’t encryption just add an extra layer of complexity making information harder to access and meaning people won't use it?
RL: Yes, indeed. This is why encryption hasn't been widely adopted in the mainstream. Encryption only gets user acceptance when it is easy to use. So encrypt as much as you can but keep the usability high.
Q: How can you overcome the problem of exchanging information with third-parties who aren’t using the same encryption system?
RL: There are two solutions, short and long-term. In the short-term you can give a guest access to the data so that the recipients can come to your system to get the information. This is the path we have chosen for OX Guard, the external recipient of the encrypted mail or file gets their own account on the sender’s system where they can read and reply to the mail, decrypt the file and download it to her system. The second, long-term, solution is standards, which we agree there needs to be more use of (and more that are less cumbersome than, let's say, PGP) so that more interchange between systems is possible. This is why the internet works in the first place: open standards!
Q: Email encryption is good at protecting information from casual or opportunist interception but can it be effective against determined hacking or espionage attempts?
RL: Email encryption is good for protecting both against wholesale surveillance as well as individual attacks, because the content is safe. The big hole that still exists is the meta-data. Even with encrypted content and traffic you can still snoop on who is sending mail to whom and when. The same goes for many other forms of electronic communication. The only remedy to this will be extensions of existing standards that hide even that.
Q: How big a role does encryption have to play in helping companies stay compliant with the latest regulations related to handling sensitive data?
RL: Using encryption and services from trusted providers is the only way in the cloud age for companies to stay compliant.
You can find out more about the OX App Suite and OX Guard on the Open-Xchange website.