Re: Email Encryption

[David Opitz <DOpitz () LOYOLA EDU>]

I would ask the outside security firm how exactly they propose you do it, so that it is secure, easy to use (for both 
sender and receiver), and will work for all the people your organization intends to send email to.

The great thing about email is that it just works - you can send/read email using Mac/Windows/*nix/Smartphone, using 
either a client or web access.  This gets much more complicated when you encrypt the email.  Yes, you can put something 
in place that will encrypt every single email that leaves campus, but it will make reading that email more difficult 
for some of the intended recipients, which they may not like, especially when the email is not a very important one.

I think many people hear the words "email" and "encryption" and think - why don't we just put the two together and get 
encrypted email, but they don't see all the difficulties of doing it correctly.

Peace,
Dave Opitz
Sr. Security Analyst
Loyola University Maryland

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin 
Casey
Sent: Monday, July 25, 2011 2:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Email Encryption

We've been encouraged by an outside security firm to encrypt every blessed note that passes through our Exchange 
server.  This firm deals largely with entities such as banks, and I'm wondering if this is over-kill in the context of 
higher ed.

Any thoughts regarding "best practices" on this?

Thanks,

Kevin

__________________________________________
Kevin Casey
Executive Director
Information Resources
Phone:  (207) 941-7123
Fax:  (207) 941-7988
caseyk () husson edu<mailto:caseyk () husson edu>




 Husson University

 www.husson.edu<http://www.husson.edu/>