1. Sensitive email secured at rest and in transit
2. Sensitive email secured in transit only
3. Sensitive email not to be exchanged outside your organization
By managing email in this manner, your institution will invoke the appropriate security — encryption or data loss prevention (DLP) — to safely enable or prevent the exchange of sensitive information.
At rest and in transit
End-to-end encryption safeguards email so that unauthorized individuals within and outside the institution’s network are unable to read the message and any attachments. When email needs to be protected, the sender uses an encryption key to secure the message. In order to view the message and its attachments, the recipient needs a decryption key to open it. No matter if the email is stored in the outbox or inbox, it is always encrypted and always unreadable to unwanted eyes.
This level of security is appropriate for proprietary content, such as research, sensitive student and staff personal data or board communication. It prevents curious students and staff from viewing emails that are not relevant to their role and malicious individuals from gaining access to information that is valuable to the outside market.
Similarly, end-to-end encryption offers another layer of protection against malicious threats outside your institution, known as advanced persistent threats.
Despite even the greatest investment in network security and the most attentive IT department, there is no security barrier that is 100 percent fail-proof to hackers attempting to gain access to the institution’s network. Without a guarantee, institutions can use end-to-end encryption — as part of the larger IT security arsenal — to prevent outside, unauthorized individuals from stealing sensitive content transferred via email if they break through network security.
With security a high priority, the use of end-to-end encryption for all emails may be tempting, but its drawbacks shine light on another encryption method.
In transit only
The beauty of email is its functionality and ease of use. The exchange of communication and files is seamless with staff, students, donors, government organizations and partner organizations. By forcing senders and recipients to use a key to encrypt and decrypt every message, the convenience of email is lost, and the widespread adoption of email encryption is too cumbersome to succeed.
In using encryption in transit, your institution can take advantage of innovative solutions that not only secure email if it’s intercepted over the public Internet, but do so without requiring any extra steps from senders or recipients. Encryption and decryption happen automatically, keeping the daily work of higher education flowing and allowing your institution to protect email as it travels outside your network.
Encryption in transit also assists aspects of higher education that require regulatory compliance. For departments that collect PHI or financial data, encryption in transit addresses the requirements outlined in the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). It also assists compliance with data privacy laws in several states, such as California, Nevada, Texas and Washington. Even if your institution does not operate in a state that has passed privacy legislation, it may be obligated to comply with a state law for simply collecting personal data from a student that resides in a state such as Massachusetts. Encryption in transit helps your institution comply without adding a burden.
Another benefit of encryption in transit is the convenience of maintaining security. While the largest breaches at the University of Maryland, North Dakota University and Butler University did not involve email, the vulnerability exploited in those breaches was the result of missed security patches. With all the responsibilities that IT departments hold, it’s difficult for patches to be completed in a timely fashion. Unlike end-to-end encryption, which requires installation and maintenance on each desktop, solutions for encryption in transit are installed on the network and can offer automatic maintenance through a convenient software-as-a-service model.
(Next page: Balancing needs)