Email encryption policies can be extremely granular and, once defined, applied automatically at the gateway. This ensures email encryption and email privacy is handled consistently, and eliminates the risk of user error by removing the need for senders to make decisions as to whether or not to secure an email and its content.
When encryption is enabled, you can use policy and content filtering features in your email security solution (in our case the XCS family of email security appliances) to scan for specific patterns in email messages that indicate the message must be encrypted, including:
- Pattern Filters
- Objectionable Content Filters
- Content Scanning
- Content Rules
- Document Fingerprinting
For example, you can create a Pattern Filter to search for the word “[Encrypt]” in the subject field of a message. An end user can add this phrase to their message subject header to indicate the message must be encrypted before it is delivered.
Policies can be set to encrypt messages based on header, subject line, sender, recipient, content, attachments, and many other attributes of an email message, including:
- Header or Subject Line: Emails can be set to be encrypted based on keywords within the header or subject line.
- Sender or Recipient: Email encryption based on destination (e.g. auditors, Board of Directors, a specific business partner or supplier) or sender. For example, a policy can be set that defines that any emails from John Smith, the CFO of an organization, to the company’s auditor, Jane Doe at auditfirm.com are sent encrypted.
- User, Group, or Domain: Email encryption based on user, group, or domain, providing secure, enhanced flexibility of data-in-motion privacy without hindering the flow of data. For example, all emails sent out of the organization by the HR department can be set to be encrypted.
- Email Body: Searches for text in an outgoing message that identifies it as a message to be encrypted.
- Private Data and Objectionable Content: Searches from a pre-defined dictionary of words that is checked against a message to determine if the message should be encrypted. For example, you may require that any outgoing messages that contain certain confidential information, for example, credit card information or medical records, must be encrypted.
- Keywords and Regular Expressions: Keywords and regular expressions found in the subject line or content of messages as defined within the appliance content control policies.
- Attachment Type: Email encryption based on other message attributes such as attachment type. For example, you can set encryption to be triggered on all .xls or .csv documents.
- Attachment Content: Our XCS email security appliance has the ability to scan content of over 150 file types for keywords, phrases, or patterns which, upon detection of policy-based content can then trigger the email for encryption without user intervention.
Based on the growing volumes of confidential and sensitive information traversing networks on a daily basis, regulatory bodies and business executives have turned their concerns to ensuring messaging is protected from unauthorized viewing. Regulations such as Sarbanes-Oxley (SOX), PCI, HIPAA, GLBA and others have been introduced to mandate that email messages containing sensitive or confidential data are handled securely.
Email encryption has emerged as a vital aspect of an overall email security solution to secure confidential data and yet continue to allow the free flow of communications between colleagues, customers, and partners.