Secure E-Messaging Becomes More Complicated With Encryption
STAMFORD, Conn. - Management oversight as well as a good understanding of the stage of development of the available technology before and after deploying it, are keys to secure electronic messaging such as e-mails. That's the essence of a research report from Gartner Inc. that examines issues credit unions may...
Your article was successfully shared with the contacts you provided.
STAMFORD, Conn. – Management oversight as well as a good understanding of the stage of development of the available technology before and after deploying it, are keys to secure electronic messaging such as e-mails. That’s the essence of a research report from Gartner Inc. that examines issues credit unions may want to consider when choosing e-mail delivery options. The report by Gartner analysts Vic Wheatman and Arabella Hallawell say that most e-mail is safe because of the sheer volume of such electronic communications. “Most e-mail is protected by a form of steganography – sensitive messages are buried among literally billions of other messages,” they said in their report. “That is called `security by obscurity.’ ” However, the analysts note, “ Threats exist from identity thieves, blackmailers and the idle curious. “It is necessary to understand what secure messaging is and how it can be implemented, and when encrypted messages are required vs. optional, to effectively implement secure messaging solutions.” While anti-virus, anti-spam, backup storage and secure file transfers provide protection, new regulations that call for encrypting financial e-documents are pushing up against “inconsistency among encryption options and vexing implementation issues that have inhibited widespread deployment,” the analysts say. Solving those issues may become more crucial for credit unions as more move toward the use of e-signatures to close loans and other transactions. Currently, most enterprises that need to routinely secure messages do it in “staging-server” approaches that involve posting the message to a secure Web site with secure-sockets layer (SSL) protection, following that up with an e-mail to the recipient. That offers password and ID authentication protection for the sensitive documents. There also now are emerging ways to encrypt the message itself, as well, and storage costs and other considerations are driving health-care and financial industry participants to evaluate “push” e-mail encryption that can take place on the desktop computer, instead of the server. Fears of lost management oversight on the desktop-to-desktop encryption may be slowing down deployment, however, making server-based options more attractive to some. Other issues to consider, the analysts say, include how such things as routine changes from standard browser functions will affect end users and help desks, and they recommend avoiding that if possible when considering encrypted e-mail solutions. “The deployment, management and support of user- or enterprise-specific encryption and signing keys is critical, including where they will be stored and how they will be accessed, maintained and updated,” the analysts say. “Thus the cryptographic key management functions of secure e-mail projects require careful consideration,” they say. Hallawell and Wheatman also recommend testing “to identify and work around performance bottlenecks if necessary.” Here are four points that Hallawell and Wheatman consider the “bottom line” in security considerations while planning and deploying electronic communications: * Enterprise e-mail encryption is immature, and the vendors, technology and business implementations remain in a nascent stage of development. * Tread carefully and closely define your business or regulatory requirements before embarking on implementation. * The market is moving toward a preference for server-side approaches for securely sending routine, but sensitive, messages to customers, partners and consumers. * Explore implementation issues such as architecture, management oversight and vendor size, to plan for adequate development timelines and service delivery. -
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing. Once you are an ALM digital member, you’ll receive:
Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers,
resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
Exclusive discounts on ALM and CU Times events.
Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Discover how smart credit union leaders are going digital - while playing to their strengths of low rates and high member satisfaction - to compete with big banks and tech startups for lucrative financial services.
Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!
Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
Exclusive discounts on ALM and Credit Union Times events.
Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.