Decrypted | Insights from Virtru to Unlock New Ideas

Why Seamless UX is a Must for Email Encryption

Written by Editorial Team | May 8, 2018 8:27:02 PM

For enterprise security, the technology solutions an organization chooses to deploy are just part of the equation. User awareness and adoption are arguably even more important aspects of a successful security program, and when it comes to email encryption, this is doubly true. Why? Because employees still need to be productive and get their work done. If email encryption doesn’t integrate with everyday business tools and workflows, employees will find workarounds that inhibit widespread adoption and weaken security.  

Recent research by Enterprise Management Associates (EMA), in conjunction with Samsung Next and the Center for Democracy and Technology, forcefully supports this view. After surveying security leaders across a wide variety of industries, EMA found ease of use was the main reason why employees don’t use security solutions, outpacing all other reasons by more than 5x.

This illuminates the fact that security technologies will not be adopted unless they are easy to use. Meanwhile, only 44% of the respondents in the same study said they actually use encryption to protect their email. This puts enterprises in an incredibly precarious position – even though email is the top cause of data leaks, security leaders are so pessimistic about their usability and adoption rates that not even half are bothering to protect email. Something’s gotta give.

Key Elements of Seamless User Experience

Legacy and Portal-based email encryption solutions have come up short on key ease of use criteria for too long, forcing security teams into this predicament. Virtru, on the other hand, has worked tirelessly to fill the void, supporting three key elements that contribute to a seamless user experience:

Ease for Recipients

Email encryption tools should work within existing application workflows and leverage existing accounts to make collaboration extremely straightforward for recipients. Unfortunately, portal-based encryption solutions make recipients create and manage new account usernames and passwords to access encrypted email, a time-consuming and error-prone process. Recipients must manage email in a separate application with another password. Often they’ll forget this portal password, go through the trouble of resetting it, then realize they’ve wasted time jumping through hoops to read an email that simply says “Thanks” or “Got it.”

Virtru avoids introducing new workflows or applications by allowing authorized parties to receive and decrypt protected content without installing new software. Recipients simply authenticate themselves using their existing email credentials. The result: an extremely user-friendly content recipient experience that doesn’t sacrifice control or security like existing approaches do.

Recipient Workflow Customization

Email encryption tools should never make recipients think twice about their legitimacy. This requires customization features that allow the sender organization to prominently feature their branding so recipients simply access content and collaborate, not worry about being the target of a phishing attack.

Portal-based solutions offer weak customization capabilities, so emails protected by portal encryption look like they’re from an unknown third party. Wary of phishing attacks, recipients either choose not to open protected messages, or turn to already overburdened helpdesks, tying up IT support teams. Virtru, on the other hand, gives clients rich customization features enhance trust with prominent, legitimate branding that makes the recipient user experience as seamless as possible.

On-Demand Encryption

Email encryption tools should avoid both black box security scenarios common with portal solutions and complex technical steps with PGP encryption that force end-users to manage and use encryption keys.

Portals generally rely on policies defined by the administrator that aren’t readily apparent to end-users. These policies require users to include hard-to-remember keywords with special formatting to trigger encryption. But what happens when the sender forgets the keyword or improperly formats it? Either the content isn’t delivered, or it’s sent unprotected. Meanwhile, PGP, the original legacy end-to-end encryption approach, requires senders and recipients to have a prior trust relationship and specialized knowledge of public-private encryption key exchange workflows. This painstaking process makes PGP dead on arrival with non-technical users.

Thankfully, Virtru provides an easy, on-demand encryption experience that is as simple as flipping a switch. With a simple browser plug-in installed, users trigger end-to-end encryption by toggling a button in the user interface, with immediate user feedback that indicates that encryption is “on.” That’s all there is to it. No keywords, special formatting, or encryption key exchanges.

It’s clear that user experience can make or break security deployments. Virtru overcomes poor usability of legacy and portal-based approaches to ultimately deliver peace of mind to security leaders, as the VP of Technology at Virtru Client Baird & Warner can attest: “We experimented with other products, but we discovered that most encryption services are difficult for at least one of the involved parties to use – some for both. So we never deployed them…but Virtru is incredibly simple, so users comply, and data stays safe.”

To learn more about how Virtru sidesteps the limitations of legacy, portal-based approaches to email encryption, check out this recent webinar recording.