What you didn’t know about Email Encryption

Mar 03, 2014
Mike Bridges

Our story focuses on a Financial Services (Mortgage, Securities, Insurance) Company with 25 employees.  What this Company does in the supply chain is irrelevant; the fact remains the same, they manage non-public information (NPI) as a third party.  The Company is required by law, regulations or rule to protect third party NPI and log who had access to it.  The Company has the potential to do business with 200 trading partners as they conduct their business.  Now let’s see their secure email options and what they really cost.

 First, their choice of solution has an underlying architecture which directly impacts how much money they’ll spend each year.  Three fundamental choices are available, Transport Layer Security (TLS), Vendor Solution and PaperClip eM4 Compliant Email.

TLS

TLS as a “Point to Point” architecture has been positioned as a Silver Bullet; simply install a commercial certificate on my mail server and I’m done.  Average commercial certificate cost $900 per mail server per year.  No, you’re far from done, now you need to test your trading partners and verify your mail actually traveled encrypted to the receiver.  Because you can only tell TLS was used by the receiving party, you must talk to them and interrogate received email headers; yes this requires a professional with knowledge of email headers because different email servers document it differently. 

TLS Verification Testing is required at least twice a year for minimal compliance documentation.  This testing is to verify potential changes made in the last six months by your trading partners did not break TLS.  This testing does not guarantee your email will be encrypted tomorrow, it will tell you that since the last testing your emails were or were not encrypted.   

TLS Solution

 

IT Professional Salary

$80,000

Number of Trading Partners

200

TLS Verification Time (Hours)

1

Total Time to Verify (Hours)

200

Total Time to Verify (Weeks)

5

Salary to Verify TLS

$7,692

Bi-annual TLS Verification

$15,385

Certificate Cost

$900

Annual TLS Cost

$16,285

 

TLS does not satisfy the reporting requirements for compliance for “who had access to NPI” because very few email servers report on receiving TLS which means if you’re audited for email compliance, you’ll have to rely on your trading partners for the evidence of TLS used.

Vendor Solutions

Selecting a Vendor product or service is the next option; the fundamental flaw here is an “One to Many” architecture.  The Company can buy an appliance that offers “Rules or Policies” which scrub every email looking for NPI.  If NPI is detected, the email will evoke TLS or route to a Webmail where customers login and review mail. 

Appliance Solution

 

IT Professional Salary

$80,000

Annual Appliance Cost

$12,000

Rules/Policy Maintenance (Hours per Week)

2

Annual Rules/Policy Maintenance (Hours)

104

Annual Rules/Policy Maintenance (Weeks)

2.6

Annual IT Rules/Policy Maintenance Cost

$4,000

Appliance Cost

$16,000

 

Webmail requiring authentication frustrates receivers because they have to use logins and passwords to review their emails.  Logins have a hidden cost, time lost.  According to an analysis of 5 million emails from Baydin, an email management service, the average email user gets 147 messages per day.  Within the financial services industry, 50% of those emails carried NPI and required encryption.  Receiving an email, clicking on the link and logging in takes on average 15 seconds.  The Company now receiving Webmail loses $32,000 a year in lost time.

Webmail Solution

 

Encrypted Emails per Day

74

Minutes a Day to Login

18

Hours a Week to Login (40 Hours/Week)

1.5

Hours a Month to Login

6.4

Hours a Year to Login

77.2

FT Cost per Hour @ $35K

$17

Cost per year to open Encrypted Email per employee

$1,298

25 Employees

$32,465

 

Vendor Solutions may or may not offer reporting for "who had access to NPI".  Therefore, if our Company selects a Policy based Encryption Appliance with TLS and Webmail options, they are paying in hard and soft dollars - $65,000 per year.

Vendor Solution Direct & In-direct Cost

 

Annual Appliance Cost

$16,000

Annual TLS Cost

$16,285

Annual Webmail Cost (25 Employees)

$32,465

Annual Vendor Cost

$64,750

 

eM4 Compliant Email

eM4 was designed by users with several core objectives, basically everything they didn’t like about the current landscape.  Its "Many to Many" architecture provides the optimal model eliminating the cost of support and maintenance while maximizing compliance.  At the top of their list were no logins or passwords, absolute encryption rules and compliance reporting.  They wanted a friendly B2B environment where the user didn’t have to think about NPI or depend on their IT Staff to maintain Scrubbing Policies.  As third parties in a supply chain the majority (89%) of their traffic was with their trading partners (B2B) and 11% was with the end customer (B2C). 

eM4 Service 2007 - 2013

Sent

9

Million

B2B & B2C

Received

7

Million

B2B

Webmail

2

Million

B2C

Total

18

Million

 

 

Subscribers wanted deployment options because one size doesn’t fit all.  Some wanted in-house deployments, those who outsourced to public or private Cloud providers wanted to participate and not be forced into the Cloud providers solution therefore they wanted PaperClip to host the Relay and some wanted a simple email client option as a Private eM4 Cloud.

Relay Type

 

Hosted

16%

Cloud

24%

In-house

59%

 

Pricing was also important whereas the community wanted the largest user down to the smallest to be able to participate.

eM4 Solution

 

IT Professional Salary

$80,000

Setup Time (Days)

1

IT Setup Cost

$219

eM4 Enterprise Relay Cost

$500

eM4 Full Subscriber Rate (25 or less)

$75

Number of Employees

25

Annual eM4 Cost

$2,594

 

eM4 Compliant Email is a fast growing service that does more than encryption.  It maintains User Friendly balanced with Compliance at an affordable price. 

 

Need Support?
helpdesk@paperclip.com
Phone:
1-800-929-3503
1-201-881-1299
Need Sales?
contactus@paperclip.com

web seal SOC2T2 145

Back to top