Email encryption: still not a matter of course
An unprotected email is like a postcard: It can easily be read by administrators, employees of the internet provider, false recipients, and hackers who have penetrated the mail server. Risks of this kind have led to numerous entities – ranging from major corporations to police authorities and law firms all the way up to parliaments and politicians – suffering from severe email security breaches.
Reliable protection from email information leaks has been available for over 25 years: end-to-end email encryption. However, though dozens of email encryption tools have been created over the decades, encrypting emails is still far from being a matter of course. In fact, today only about 0.1 percent of all emails are encrypted, with even the most sensitive data often being left in the clear. There are various reasons for this alarming situation, including a lack of awareness or care, or the fear of high costs. However, the major reason for end-to-end email encryption being used so rarely is that the tools available are not user-friendly enough.
The dilemma starts with the existence of two competing standards which are not compatible with each other, and which differ in many seemingly subtle, but significant details:
Apart from this, using email encryption across different platforms is often difficult, as the same private key needs to be available on, for instance, the user’s PC, their smart phone, and their tablet. And then, even if only one format and one platform is involved, dealing with private keys, public keys, digital certificates and other PKI concepts is too difficult for many IT users.
cryptovision GreenShield: user-friendly by design
To overcome the lack of user-friendliness in email encryption without compromising security, Eviden Cybersecurity Products has developed cryptovision GreenShield. Cryptovision GreenShield is one of only two email encryption products currently on the market that have received approval for the protection of NATO, EU and German national classified information, which underpins its position as one of the most secure solutions available. From the beginning, cryptovision GreenShield has been designed as a low interaction, maximum user-friendly software that does not require any encryption knowledge on part of its users. There is no easier way to encrypt and decrypt emails than with cryptovision GreenShield.
cryptovision GreenShield supports both S/MIME and OpenPGP in a transparent way. This goes far beyond detecting which format has been used in an incoming mail. Using a sophisticated metric, the program chooses the most suitable option, all while taking admin-configurable preferences into account. Any subtle differences – e.g. that S/MIME supports revocation lists, while OpenPGP doesn’t – are handled in an intelligent way. The user doesn’t even have to be aware of the two different formats.
cryptovision GreenShield is realized as a plugin for Microsoft Outlook and HCL Notes on Windows. The public keys can be shared automatically with compatible email security solutions on other platforms, including iOS, Android, macOS, and Linux , which enables the user to send and receive encrypted emails on all of their devices.
To further enhance user-friendliness, cryptovision GreenShield allows for a wide range of enrolment and renewal processes. Apart from the users, administrators profit from this feature. Both S/MIME and OpenPGP certificates can be created with minimal user interaction or with additional security means. Automated workflows with admin approvals and four-eyes principles can be designed. The security targets that are required for the protection of NATO/EU/German national classified information are standardly enforced by cryptovision GreenShield. When operating outside of the context of classified information, it is also possible for the operator to set different targets suitable for their organization’s needs – of course while maintaining the same high level of usability.
PKI support and central key management
There are many other features that make cryptovision GreenShield both powerful and user-friendly:
cryptovision GreenShield supports all kinds of PKIs. Certificates from a commercial CA service can be used as well as from a CA operated by the organization itself, for instance with the products of Eviden. It is also possible to use cryptovision GreenShield with no PKI at all, either with self-signed certificates, OpenPGP keyrings or with password-based keys.
cryptovision GreenShield can be used with a PKI client that simplifies the handling of digital certificates. A PKI client, such as Eviden’s Pendragon, takes care of all actions required to register at a CA or to renew a certificate. Of course, such a PKI client not only handles email encryption certificates, but can also be used for other PKI applications, too.
A virtually unlimited number of LDAP servers can be configured. This means that cryptovision GreenShield can retrieve certificates and revocation lists from multiple sources.
cryptovision GreenShield supports all common types of user key stores. Software key stores can be used as well as smart cards, USB tokens, and virtual smart cards based on the TPM.
Central key management is possible. While it is usually desirable that personal keys are managed locally, for shared mailboxes central storage and ad-hoc provisioning of key access is much more convenient. cryptovision GreenShield supports both.
Chief Information Security Officer of the German Federal Ministry of Education and Research
Among the customers using cryptovision GreenShield is the German Federal Ministry of Education and Research. Philipp Rosch, the ministry’s Chief Information Security Officer states: “We communicate with various institutions and partners on confidential content both within and outside the administrative levels, which is why the greatest possible compatibility with common encryption standards is one of our core requirements. At least as important, however, is ease of use, which minimizes the complexity of cryptography for end users and thus contributes enormously to the acceptance of such security measures.”
Philipp Rosch, Chief Information Security Officer of the German Federal Ministry of Education and Research, regards ease of use of an encryption solution as particularly important.
All in all, cryptovision GreenShield is the solution of choice when it comes to secure end-to-end email encryption with maximum usability. Eviden Cybersecurity Products believes that with this solution, the lack of user-friendliness, which has hampered the use of email encryption for over two decades, has finally been overcome.
About the authors
Senior Vice President IT-SEC
Ralf König is Senior Vice President IT-SEC
Ralf König is Senior Vice President IT-SEC at Eviden Cybersecurity Products in Gelsenkirchen. He has worked in the IT sector for over 25 years, covering projects in the finance sector, in wholesale and the automotive industry. In 2013, he became responsible at cryptovision as a project manager specializing in email encryption, PKI, and smart card middleware, and later as a product manager for two product lines. Since 2019, he is holding his current role as SVP of the business field IT Security.
Klaus Schmeh is Editor Marketing
Klaus Schmeh is Editor Marketing at Eviden Cybersecurity Products in Gelsenkirchen. He has published 16 books, 300 articles, 1,500 blog posts and 25 research papers about encryption technology, which makes him the most-published cryptology author in the world. Klaus is a frequent speaker, who has hosted presentations at more than 200 conferences in Europe, Asia and the US.
Julia Zimmermann is Product Manager
Julia Zimmermann is the Product Manager of Eviden Cybersecurity Products’ email- and file-encryption software cryptovision GreenShield and the smart card middleware cryptovision SCinterface. She started at cryptovision (now: Eviden Cybersecurity Products) in a Project Management position in 2019 and shifted towards product management shortly thereafter. In the past four years, she successfully managed international eID projects, and has put a focus on usability and internationalization of her respective products. Julia worked in an international research unit on quantitative morpho-phonetics for six years before switching careers towards IT.