February 28, 2017 By Douglas Bonderud 2 min read

Email encryption is becoming a top enterprise priority. Politico noted that after an increased cybersecurity focus during the election, end-to-end (E2E) encryption is “booming” as government officials race to ensure they aren’t caught unprotected.

The problem is that while tools such as Pretty Good Privacy (PGP) offer solid security, they can be cumbersome to set up and difficult to use. Google recently backed a Chrome app, E2EMail, to streamline the encryption experience but, according to Threatpost, has now pushed the project to open source communities. What’s next for E2E efforts?

The Email Issue

Email remains a go-to threat vector for malicious actors. Despite the growing use of mobile devices and real-time collaborative tools, email is a corporate mainstay for both its usability and the ability to create paper trails in the event of an audit or legal challenge.

Common email scams run the gamut, from classic phishing hooks asking users to download files or visit compromised webpages to authentic-looking messages from actors impersonating C-suite executives that demand immediate employee action. But cybercriminals are never content with existing options.

As noted by CSO Online, the recent Yahoo breach prompted malicious actors to create a custom-built phishing campaign that claimed accounts had been locked for “failing automated security server update” and prompted users to “update” their accounts. It’s a clever ruse — leverage the fear of an existing breach to compromise corporate email accounts.

The Managed Message Mandate

PGP remains the de facto standard for encrypting emails from sender to receiver, though it’s worth noting that even PGP doesn’t obfuscate the subject line or the identities of the correspondents. As noted by ZDNet, an increased public focus on cybersecurity has prompted the development of alternatives such as ProtonMail, Wire and WhatsApp.

Google’s email encryption alternative was designed to provide a simple and streamlined experience by integrating OpenPGP into Gmail using a Chrome extension. While Google experts contributed to the project for more than a year, it was cut loose in late February as entirely open source.

So what’s the big deal? According to Google, the app “behaves as a sandbox where you can only read or write encrypted email” — in other words, any mail sent from the app is automatically signed and encrypted, Threatpost reported. It supports PGP and MIME text messages and, even when sent through Gmail, makes it impossible for any provider to crack message contents.

By linking the app with the Chrome browser, Google hoped to eliminate the complexity of most PGP deployments and make email security the default mode for corporate communications, rather than an outlier.

The Future of Email Encryption

Under open source development, meanwhile, the sky’s the limit. The search giant said E2EMail will be able to take advantage of in-development key transparency initiatives, which will hopefully replace the aging web-of-trust model. Still, expanded functionality and specific features rely on the interest and talent of open source developers.

In the best case scenario, E2EMail will be a jumping off point for better, faster and more streamlined email encryption. Worse case, it’s just another encryption tool in the growing market. Either way, it’s an improvement over the current model of managed email messaging.

More from

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today