February 28, 2017 By Douglas Bonderud 2 min read

Email encryption is becoming a top enterprise priority. Politico noted that after an increased cybersecurity focus during the election, end-to-end (E2E) encryption is “booming” as government officials race to ensure they aren’t caught unprotected.

The problem is that while tools such as Pretty Good Privacy (PGP) offer solid security, they can be cumbersome to set up and difficult to use. Google recently backed a Chrome app, E2EMail, to streamline the encryption experience but, according to Threatpost, has now pushed the project to open source communities. What’s next for E2E efforts?

The Email Issue

Email remains a go-to threat vector for malicious actors. Despite the growing use of mobile devices and real-time collaborative tools, email is a corporate mainstay for both its usability and the ability to create paper trails in the event of an audit or legal challenge.

Common email scams run the gamut, from classic phishing hooks asking users to download files or visit compromised webpages to authentic-looking messages from actors impersonating C-suite executives that demand immediate employee action. But cybercriminals are never content with existing options.

As noted by CSO Online, the recent Yahoo breach prompted malicious actors to create a custom-built phishing campaign that claimed accounts had been locked for “failing automated security server update” and prompted users to “update” their accounts. It’s a clever ruse — leverage the fear of an existing breach to compromise corporate email accounts.

The Managed Message Mandate

PGP remains the de facto standard for encrypting emails from sender to receiver, though it’s worth noting that even PGP doesn’t obfuscate the subject line or the identities of the correspondents. As noted by ZDNet, an increased public focus on cybersecurity has prompted the development of alternatives such as ProtonMail, Wire and WhatsApp.

Google’s email encryption alternative was designed to provide a simple and streamlined experience by integrating OpenPGP into Gmail using a Chrome extension. While Google experts contributed to the project for more than a year, it was cut loose in late February as entirely open source.

So what’s the big deal? According to Google, the app “behaves as a sandbox where you can only read or write encrypted email” — in other words, any mail sent from the app is automatically signed and encrypted, Threatpost reported. It supports PGP and MIME text messages and, even when sent through Gmail, makes it impossible for any provider to crack message contents.

By linking the app with the Chrome browser, Google hoped to eliminate the complexity of most PGP deployments and make email security the default mode for corporate communications, rather than an outlier.

The Future of Email Encryption

Under open source development, meanwhile, the sky’s the limit. The search giant said E2EMail will be able to take advantage of in-development key transparency initiatives, which will hopefully replace the aging web-of-trust model. Still, expanded functionality and specific features rely on the interest and talent of open source developers.

In the best case scenario, E2EMail will be a jumping off point for better, faster and more streamlined email encryption. Worse case, it’s just another encryption tool in the growing market. Either way, it’s an improvement over the current model of managed email messaging.

More from

ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers

4 min read - AI has made an impact everywhere else across the tech world, so it should surprise no one that the 2024 ISC2 Cybersecurity Workforce Study saw artificial intelligence (AI) jump into the top five list of security skills.It’s not just the need for workers with security-related AI skills. The Workforce Study also takes a deep dive into how the 16,000 respondents think AI will impact cybersecurity and job roles overall, from changing skills approaches to creating generative AI (gen AI) strategies.Budgets…

Why do software vendors have such deep access into customer systems?

4 min read - To the naked eye, organizations are independent entities trying to make their individual mark on the world. But that was never the reality. Companies rely on other businesses to stay up and running. A grocery store needs its food suppliers; a tech company relies on the business making semiconductors and hardware. No one can go it alone.Today, the software supply chain interconnects companies across a wide range of industries. Software applications and operating systems depend on segments of the software…

How CTEM is providing better cybersecurity resilience for organizations

4 min read - Organizations today continuously face a number of fast-moving cyber threats that regularly challenge the effectiveness of their cybersecurity defenses. However, to keep pace, businesses need a proactive and adaptive approach to their security planning and execution.Cyber threat exposure management (CTEM) is an effective way to achieve this goal. It provides organizations with a reliable framework for identifying, assessing and mitigating new cyber risks as they materialize.The importance of developing cybersecurity resilienceRegardless of the industry, all organizations are subject to certain…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today