Most IT departments understand the requirements of a data loss prevention strategy to secure traditional mobile devices such as laptops and USB keys. But one vendor warns there is a lack of attention to e-mail encryption because it is often regarded as a distinct security topic.

But the reality is it’s all just data on the move whether on a USB key or sending and receiving e-mails on a smart phone, said Michael Ginsberg, CEO at Echoworx, a Toronto-based provider of a managed encryption service.

“It appears to (IT departments) to be a totally different arena,” said Ginsberg. “But it isn’t.”

Despite the proliferation of smart phones, IT departments continue to underestimate the danger in travelling information between devices, said Ginsberg.

Moreover, the plethora of operating systems makes e-mail encryption management tricky not just for IT departments but for vendors developing offerings for customers. While the messaging market is predominated by Microsoft Outlook, Ginsberg said there are a variety of operating systems that vendors must deal with.


“RIM has its own OS. Apple not only has its own OS, it’s decidedly closed. Android is a relatively new entrant,” said Ginsberg.

IT departments need an e-mail encryption approach that places that management away from the handset which is then left to be the delivery and access mechanism that it is, said Ginsberg. “Mobility is generally quite Web-centric. The ultimate solution lies in the cloud,” he said.

Web portals, said Ginsberg, is a good central approach for IT departments to manage authenticity, certification and audit trails. The success of the BlackBerry Enterprise Server, he believes, is largely due to the security technology being precisely an “interim device” for remote control.

A recent report from Forrester Research Inc. found that after IT departments dismissed the iPhone as an unsuitable enterprise device back in 2007, they are now warming to the improved security, authentication and manageability that Apple is now offering. That said, BlackBerry “still rules the roost” in terms of smart phone security, wrote Andrew Jaquith, senior analyst with Forrester.

Also in the e-mail encryption market, McAfee Inc. offers a hosted service with what it calls “bidirectional encryption” for enterprises with mobile workforces tethered to smart phones.

And, last March, Symantec Corp. acquired two encryption technology vendors, PGP and GuardianEdge, with the intent of bolstering its e-mail encryption portfolio. Jaquith predicted in the short term, Symantec would add e-mail encryption to its secure e-mail and DLP gateways. And in the longer term, would layer encryption capabilities across its DLP, backup, archiving and cloud offerings.


“Overall, these deals are very positive for Symantec and its customers and will challenge smaller security companies and encryption specialists to raise their games,” wrote Jaquith.

Ginsberg said an IT department’s security strategy must include an encryption platform regardless of device where “the procedures and identities are common to all the devices and dynamics.”

While Ginsberg hasn’t observed e-mail encryption being generally rapidly adopted, he does think the fact that it falls in the privacy bucket will give it a much needed push.

“There is the recognition now by legislative bodies that data is mobile … the answer to security is not access control. It’s data encryption,” said Ginsberg.

Follow Kathleen Lau on Twitter: @KathleenLau

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now