Educause Security Discussion mailing list archives
Re: Email Encryption
From: David Curry <David.Curry () NEWSCHOOL EDU>
Date: Mon, 25 Jul 2011 15:07:43 -0400
That's pretty extreme, even for banks. Encrypted e-mail is a huge hassle from a management perspective: How do you get the keys to the recipients? Symmetric keys (shared secret) is unmanageable for all but a handful of users, but do you really want to set up a PKI? If you solve the key distribution problem, what about software? All the world is not Windows, and not all Windows users use Outlook, either. What do you do with recipients on Macs, Linux, Gmail, AOL, etc.? E-mail is subject to e-Discovery, which means you may have to be able to decrypt it later, even if whoever encrypted it isn't here any more and didn't leave you the key. Oh, and you may want to decrypt it in cases of employee misconduct, etc., too. When I worked in financial services (insurance and broker/dealer), we required e-mail that contained personally identifiable information (HIPAA, GLBA, Social Security numbers, etc.) to be encrypted, but nothing else. And we used a third-party service (ZixCorp is one example) to do it, so that we didn't have to mess with the keys. I'm sure there's a bank somewhere that encrypts all their e-mail, but I would be surprised if your vendor could name more than one in the Top 20 that do it. --Dave -- David A. Curry, CISSP • Director, Information Security The New School • 55 West 13th St. • New York, NY 10011 Tel: +1 212 229-5300 x4728 • david.curry () newschool edu
Kevin Casey <CaseyK () HUSSON EDU> 7/25/2011 2:52 PM >>>
We've been encouraged by an outside security firm to encrypt every blessed note that passes through our Exchange server. This firm deals largely with entities such as banks, and I'm wondering if this is over-kill in the context of higher ed. Any thoughts regarding "best practices" on this? Thanks, Kevin __________________________________________ Kevin Casey Executive Director Information Resources Phone: (207) 941-7123 Fax: (207) 941-7988 caseyk () husson edu Husson University www.husson.edu ( http://www.husson.edu/ )
Current thread:
- Email Encryption Kevin Casey (Jul 25)
- Re: Email Encryption David Curry (Jul 25)
- Re: Email Encryption David C Kovarik (Jul 25)
- Re: Email Encryption McClenon, Braden (Jul 25)
- Re: Email Encryption Russ Leathe (Jul 25)
- Re: Email Encryption Matthew Gracie (Jul 25)
- Re: Email Encryption Lang, Matthew (Jul 25)
- Re: Email Encryption Valdis Kletnieks (Jul 25)
- Re: Email Encryption Tim Doty (Jul 25)
- Re: Email Encryption Valdis Kletnieks (Jul 25)
- Re: Email Encryption Jones, Dan (Jul 25)
- Re: Email Encryption Richard Applebee (Jul 25)
- Re: Email Encryption SCHALIP, MICHAEL (Jul 25)
(Thread continues...)
- Re: Email Encryption David Curry (Jul 25)