Email Encryption

["Dunker, Mary" <dunker () VT EDU>]

Virginia Tech will be using personal certificates to encrypt e-mail. We will not require all e-mail to be encrypted -- 
only that which contains sensitive data. As a "best practice," we need to be able to recover an encrypted transmission, 
so we'll be escrowing keys and providing a key recovery service. Also, we need to remind our users that a misdirected 
e-mail, even if encrypted, can be read if encrypted with the wrong person's public key. The mis-direction can happen 
more easily if certificates are published in a directory, but publishing the certificates enhances usability.

Good luck!
Mary


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LIS=
TSERV.EDUCAUSE.EDU] On Behalf Of Kevin Casey
Sent: Monday, July 25, 2011 2:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Email Encryption

We've been encouraged by an outside security firm to encrypt every blessed =
note that passes through our Exchange server.  This firm deals largely with=
 entities such as banks, and I'm wondering if this is over-kill in the cont=
ext of higher ed.

Any thoughts regarding "best practices" on this?

Thanks,

Kevin

__________________________________________
Kevin Casey
Executive Director
Information Resources
Phone:  (207) 941-7123
Fax:  (207) 941-7988
caseyk () husson edu<mailto:caseyk () husson edu> 


-----------------------------------------------------------------
Mary Dunker
Director, Secure Enterprise Technology Initiatives
Virginia Tech Information Technology
1700 Pratt Drive
Blacksburg, VA 24060
540-231-9327
dunker () vt edu 
--------------------------------------------------------------------