Interview: Encrypted email must be easy too
Secure cloud storage services like Tresorit help your company to share confidential business documents securely. But how can you also protect your internal email communication without overcomplicating it for your staff? We spoke about this with Arne Möhle, co-founder of the encrypted email provider Tutanota – via email, of course.
When was the first time you thought: ‘I’d rather not send this via email’?
In one of my previous jobs, we wanted to exchange highly sensitive project data with a client. Installing PGP was not feasible due to the tedious effort of doing so and its lack of compatibility. Back then, password-encrypted archives helped us, but even they weren’t the most convenient solution, since we were only able to encrypt the actual attachments, but not the content of the email itself.
Are there any better solutions now?
Tutanota, of course. 🙂 We apply end-to-end-encryption to everything, fully automatically. A lot of the time, this is biggest problem with most encrypted email solutions: the user has to do all the work – generating the key, sharing the key, etc. Most people shy away from this hassle. It is too complicated, and even if you understand the system, errors can creep in, e.g. when the wrong keys are being applied. Therefore it is so important for encrypted apps to automate these processes so that the user doesn’t need to worry about anything and also can’t make any mistakes.
The use of end-to-end-encryption is now quite common, especially on messenger services. How come that encrypted communication has been adapted in consumer apps before business solutions?
Because messenger services make it easy. End-to-end-encryption is a default feature for these services. The consumer uses it without being aware of it. And this is precisely how encrypted email apps should work.
Why is encryption also important for business emails?
It isn’t just important, it is critical! Employees handle confidential data on a daily basis: clients’ personal information, offers, acquisition projects. R&D is not the only department dealing with data that needs to be protected. This is why it is of utmost importance for businesses that all employees communicate in an end-to-end-encrypted form, especially internally. This is the only way to ensure that nobody can interfere with emails and search them for key words. Unfortunately, this is easier to do than most companies like to believe.
What should entrepreneurs bear in mind when switching to encrypted email? What are the obstacles?
They must make sure it is easy to apply. If it is too complicated, their employees won’t use it. In the worst-case scenario, they will switch to using their private email account with Gmail or Yahoo, which could be disastrous for the company.
What can businesses do to protect their other data?
Of course, there are many other areas of business communication that must be protected. Telephoning, messaging, cloud storage, mobile devices, etc. need to be considered in the IT security concept to the same extent as emails.
In the last few years, more and more European encrypted services entered the market – how come?
By now everyone knows that it was easy enough for the NSA to gather data from American providers. And who can guarantee the businesses that the secret services are not involved in industry espionage?
Europe is a great location for privacy-oriented online services. Data protection requirements are very high, and it is even obligatory for businesses to protect their clients’ data. This is why many companies choose a European provider – preferably one that applies data end-to-end-encryption. It is the only way to ensure that nobody apart from the user can access the data. And it is thus the only way for businesses to be sure that nobody is spying on them.
This is what makes solutions like Tutanota or Tresorit attractive for businesses: they enable companies to take advantage of the cloud without giving up their data sovereignty.
|About Arne Möhle:
Arne Möhle is one of the founders and a developer at Tutanota, the end-to-end-encrypted mailbox for businesses and individuals. He writes code to end mass surveillance and industry espionage – by automatically encrypting all emails. He regularly writes about data protection and encryption on the Tutanota-Blog – https://tutanota.com/.