echo ''

Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

End-to-End Security for a Zero Trust, Default-Secure Future

May 1, 2018
End-to-End Security for a Zero Trust, Default Secure Future

Data protection should be top-of-mind for all enterprise IT leaders. As discussed in another post, the stakes have never been higher, particularly for email protection. Hackers regularly target inboxes because they’re a treasure trove of valuable information. Due to email’s broad usage, it is a prominent source of data leaks. Email encryption helps shield data from these breaches. A recent study by Enterprise Management Associates (EMA) confirms: nearly all respondents surveyed agree (97%) that encryption is very important (73%) or important (24%) for protecting sensitive enterprise information.


Get Your Copy of EMA’s Key Findings Here


To prevent data leaks, email encryption best practices require implementing solutions that give customers full control over who can access sensitive data within emails. This supports the “Zero Trust” principle. “Zero Trust” simply means that only the content creator and authorized recipient have access to the sensitive content. Most legacy portal-based encryption approaches come up far short of this principle.

Modern Requirements for “Zero Trust”

Enterprises generally deploy email protection solutions to meet three important requirements:  regulatory compliance, corporate privacy, and surveillance prevention. Any modern enterprise will have critical data, whether it’s personally identifiable information, protected health information, or intellectual property, that they need to share with trusted collaborators while keeping it shielded from unauthorized third parties. Zero trust security enables this by separating email content from the keys that secure it while encrypting the data from end-to-end, so that only the initial creator and intended consumer have access.

Portal-based encryption solutions don’t meet these requirements. Portals are based on transport layer security (TLS), which protects the network connections through which emails travel.  However, since the data itself is not protected, it may be exposed at many points along the way to its recipients. Enterprise data is also be exposed to the portal vendor itself. Though portal vendors will encrypt data at rest in their systems, they also hold the encryption keys, which means an attack that compromises the legacy vendor’s network makes your data more vulnerable.

With TLS, your data is still vulnerable at several points throughout its lifecycle.

Without a zero trust architecture in place, portal solutions also come up short on key regulatory requirements and leave the enterprise open to unauthorized government surveillance. Agencies can subpoena the cloud provider and/or the portal vendor without informing the enterprise, getting access to private corporate data without consent.

Zero Trust for a Default-Secure Future

In order for an email encryption solution to be effective it must provide zero trust architecture that ensures the enterprise need not trust any third party with access to their unprotected content. Effective data protection solutions must protect emails and attachments with end-to-end, client-side encryption that shields content directly within the end users email application. Encryption key management should be flexible, giving customers the option to host and manage their own keys and separate them from the sensitive content their secure.

By focusing on zero trust security, enterprises can overcome the shortcomings of perimeter-based approaches and evolve their security posture with end-to-end encryption. As the benefits of data-centric security take hold, organizations will be poised to finally make the shift to a default-secure future.