February 28, 2017 By Douglas Bonderud 2 min read

Email encryption is becoming a top enterprise priority. Politico noted that after an increased cybersecurity focus during the election, end-to-end (E2E) encryption is “booming” as government officials race to ensure they aren’t caught unprotected.

The problem is that while tools such as Pretty Good Privacy (PGP) offer solid security, they can be cumbersome to set up and difficult to use. Google recently backed a Chrome app, E2EMail, to streamline the encryption experience but, according to Threatpost, has now pushed the project to open source communities. What’s next for E2E efforts?

The Email Issue

Email remains a go-to threat vector for malicious actors. Despite the growing use of mobile devices and real-time collaborative tools, email is a corporate mainstay for both its usability and the ability to create paper trails in the event of an audit or legal challenge.

Common email scams run the gamut, from classic phishing hooks asking users to download files or visit compromised webpages to authentic-looking messages from actors impersonating C-suite executives that demand immediate employee action. But cybercriminals are never content with existing options.

As noted by CSO Online, the recent Yahoo breach prompted malicious actors to create a custom-built phishing campaign that claimed accounts had been locked for “failing automated security server update” and prompted users to “update” their accounts. It’s a clever ruse — leverage the fear of an existing breach to compromise corporate email accounts.

The Managed Message Mandate

PGP remains the de facto standard for encrypting emails from sender to receiver, though it’s worth noting that even PGP doesn’t obfuscate the subject line or the identities of the correspondents. As noted by ZDNet, an increased public focus on cybersecurity has prompted the development of alternatives such as ProtonMail, Wire and WhatsApp.

Google’s email encryption alternative was designed to provide a simple and streamlined experience by integrating OpenPGP into Gmail using a Chrome extension. While Google experts contributed to the project for more than a year, it was cut loose in late February as entirely open source.

So what’s the big deal? According to Google, the app “behaves as a sandbox where you can only read or write encrypted email” — in other words, any mail sent from the app is automatically signed and encrypted, Threatpost reported. It supports PGP and MIME text messages and, even when sent through Gmail, makes it impossible for any provider to crack message contents.

By linking the app with the Chrome browser, Google hoped to eliminate the complexity of most PGP deployments and make email security the default mode for corporate communications, rather than an outlier.

The Future of Email Encryption

Under open source development, meanwhile, the sky’s the limit. The search giant said E2EMail will be able to take advantage of in-development key transparency initiatives, which will hopefully replace the aging web-of-trust model. Still, expanded functionality and specific features rely on the interest and talent of open source developers.

In the best case scenario, E2EMail will be a jumping off point for better, faster and more streamlined email encryption. Worse case, it’s just another encryption tool in the growing market. Either way, it’s an improvement over the current model of managed email messaging.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today