This post is not for everyone so let me come right out and explain what we’re talking about here. We’re gonna be talking about digital email encryption solutions. If you work with this technology, you might find this post particularly interesting. We’re going to explain some problems we had with some traditional encryption solutions that our clients have dealt with, and we’re gonna give you the solutions that we came up with for our most demanding clients who need to work with digital encryption in order to communicate with their most important clients. Digital encryption is the highest of high security that some people use when sending emails to each other. The benefit of this is that no one else besides the intended recipient is able to read or even open an email in the case of an email hijacking or redirection. It is the ultimate when it comes to email security. You may ask why more people don’t use this if it’s so great. The answer is because it’s a notorious pain in the ass to setup and maintain….it was anyway, we have a great solution that we’ll share with you a bit later.
Just to shed some light on encryption, here’s how it works. You buy a private certificate from Comodo or some other securities company and you send it out to your recipient who you want to communicate with securely. Once that recipient installs that certificate and sends his own to you, you can now view and send encrypted email with no issues. Traditionally the certificates are installed within Microsoft Outlook manually and when you want to send an encrypted email you have to manually click encrypt each time before sending an email. The point of this manual encryption setup is so every piece of mail is not encrypted to every recipient, only to the ones that require it. With our clients who are patent attorneys, they use this technology with their larger clients who require digital email encryption. Obviously it’s important in this particular industry. They’re sending confidential information and drawings back and forth for inventions that have yet to be finalized. It’s a great technology and it helps big business protect their assets, but what about the annoyances of digital encryption when it comes to small and medium sized law firms?
When we first implemented digital email encryption at one of our patent firms, everyone had their own certificate as well as each others certificate installed, why you ask? Because to be able to view someone else’s email within the firm, you need their certificate just like the client does. This was especially annoying due to the fact that this particular patent firm worked with a document management system. They often exported emails into client folders and matters within the DMS. Even within this DMS structure the email was encrypted, thus certificates would be needed to view these emails. This meant as I.T., we would have to manually install everyone’s digital certificate on each workstation which was quite an annoying task, but the problems are not over. We still had an issue with viewing and sending emails through mobile devices. Since the brains of the encryption/decryption setup was located within Outlook and had to be done manually with an Outlook encryption toolbar, there was no way to view encrypted emails on mobile devices or send them out since we did not install certificates on mobile devices. There might have been ways when I think back, but everyone’s phone would have to be supported. The firm was a mix of Blackberry, iPhone & Android. The solution would have to encompass all those mobile devices. When the question was posed about mobile devices, the client was happy enough to have a working email encryption system, and didn’t want to open another can of worms on the mobile front, which we agreed was not a priority at the time. The third problem was that the certificates did not communicate with Microsoft Exchange to the effect that you also were not able to send or open encrypted email via Outlook Web Access (the mobile version of Outlook that is often used when users are away from the office). This solution only worked if the attorney was at their desk with Outlook open. It worked for remote use as our clients often used a secure remote access solution. With this solution in place, they could remote onto their office desktop and have access to open and send encrypted email. It was an OK solution…standard really, but we found a better one, fully automated with mobile and Outlook Web Access support, all through a firewall appliance that offers enterprise level security protection, web, spam and mail filtering as well as automated encryption and decryption on the gateway level. It was a technological triumph and an end to a long digital encryption nightmare. Here’s what we did.
We stumbled upon a firewall a long time ago that we started implementing at each client. We started utilizing it’s advanced security features. Soon after that we noticed that our clients would no longer receive viruses and we weren’t cleaning infested PC’s anymore. We attributed this change to this new enterprise firewall, it’s name… Astaro. As we worked with it more, we enabled the web and spam filtering options and found that clients had even less issues with their network. We also enabled the web tracking options which gave our clients the ability to check employee web usage, a very under-rated and under-used technology in my opinion. As time progressed, we used this firewall to handle all security on our law firm networks, gateway antivirus, secure VPN access, the works. Keep in mind that this is a gateway appliance. What this means is that it sits next to the modem and inspects all internet activity before it actually goes on your office network. This is a hardware firewall appliance, not some kakamami windows firewall. This is the real deal, and at $1k/yr to $1,500k/yr for the license, it’s really a no joke security solution for law firms who take security seriously.
As we used more features with great success, we figured we’d try the digital email encryption options. The firewall was already implemented at the client in question so we just enabled the options, installed all certificates and configured it to interact with the onsite exchange server. It was a complete success and it fixed all issues that the last encryption solution suffered from. With this setup, each encrypted email was decrypted and stripped at the gateway level before it hit the exchange server. Once the encrypted mail hit exchange, it was treated as a normal email to be seen by all employees, on all mobile devices and on Outlook Web Access. Essentially, the encryption brains were moved from the Outlook clients to the gateway where it had always belonged. Users were able to attach emails to the DMS with no fear that other users would not be able to open them and there were no more manual installations of digital certificates on workstations. The certificates were stored and updated on the firewall appliance, all in one place for easy maintenance. As far as sending emails went, once a private key was sent from the outside to our client, the firewall would see it and automatically install it, thus giving all users the ability to see incoming encrypted email no matter who it came from. The only task that remained from the old setup was the need to send out private keys to new recipients so that they could see out client’s email, but once that was done, the firewall took care of the rest. Our client now has a fully automated encryption system, no need to manually encrypt emails from Outlook and no need to remote onto desktops to view encrypted emails. The best part was that emails could also be send from mobile devices with encryption with no extra step since the mobile device communicated directly with the exchange server which in turn, communicated directly with the encryption firewall. If you have a need for digital encryption within your firm I would suggest giving us a call, at this point we are experts. We slayed the encryption beast which is a task that not many have done when it comes to a small/mid sized law firms.
We know that this post was pretty technical. If you have any questions or would like some more information on our digital encryption solution, please give us a call, (732) 444-8044. Thanks for reading.