What you didn’t know about Email Encryption

Our story focuses on a Financial Services (Mortgage, Securities, Insurance) Company with 25 employees.  What this Company does in the supply chain is irrelevant; the fact remains the same, they manage non-public information (NPI) as a third party.  The Company is required by law, regulations or rule to protect third party NPI and log who had access to it.  The Company has the potential to do business with 200 trading partners as they conduct their business.  Now let’s see their secure email options and what they really cost.

First, their choice of solution has an underlying architecture which directly impacts how much money they’ll spend each year.  Three fundamental choices are available, Transport Layer Security (TLS), Vendor Solution and Paperclip eM4 Compliant Email.

TLS

TLS as a “Point to Point” architecture has been positioned as a Silver Bullet; simply install a commercial certificate on my mail server and I’m done.  Average commercial certificate cost $900 per mail server per year.  No, you’re far from done, now you need to test your trading partners and verify your mail actually traveled encrypted to the receiver.  Because you can only tell TLS was used by the receiving party, you must talk to them and interrogate received email headers; yes this requires a professional with knowledge of email headers because different email servers document it differently.

TLS Verification Testing is required at least twice a year for minimal compliance documentation.  This testing is to verify potential changes made in the last six months by your trading partners did not break TLS.  This testing does not guarantee your email will be encrypted tomorrow, it will tell you that since the last testing your emails were or were not encrypted.

TLS Solution
IT Professional Salary $80,000
Number of Trading Partners 200
TLS Verification Time (Hours) 1
Total Time to Verify (Hours) 200
Total Time to Verify (Weeks) 5
Salary to Verify TLS $7,692
Bi-annual TLS Verification $15,385
Certificate Cost $900
Annual TLS Cost $16,285

 

TLS does not satisfy the reporting requirements for compliance for “who had access to NPI” because very few email servers report on receiving TLS which means if you’re audited for email compliance, you’ll have to rely on your trading partners for the evidence of TLS used.

Vendor Solutions

Selecting a Vendor product or service is the next option; the fundamental flaw here is an “One to Many” architecture.  The Company can buy an appliance that offers “Rules or Policies” which scrub every email looking for NPI.  If NPI is detected, the email will evoke TLS or route to a Webmail where customers login and review mail.

Appliance Solution
IT Professional Salary $80,000
Annual Appliance Cost $12,000
Rules/Policy Maintenance (Hours per Week) 2
Annual Rules/Policy Maintenance (Hours) 104
Annual Rules/Policy Maintenance (Weeks) 2.6
Annual IT Rules/Policy Maintenance Cost $4,000
Appliance Cost $16,000

 

Webmail requiring authentication frustrates receivers because they have to use logins and passwords to review their emails.  Logins have a hidden cost, time lost.  According to an analysis of 5 million emails from Baydin, an email management service, the average email user gets 147 messages per day.  Within the financial services industry, 50% of those emails carried NPI and required encryption.  Receiving an email, clicking on the link and logging in takes on average 15 seconds.  The Company now receiving Webmail loses $32,000 a year in lost time.

Webmail Solution
Encrypted Emails per Day 74
Minutes a Day to Login 18
Hours a Week to Login (40 Hours/Week) 1.5
Hours a Month to Login 6.4
Hours a Year to Login 77.2
FT Cost per Hour @ $35K $17
Cost per year to open Encrypted Email per employee $1,298
25 Employees $32,465

 

Vendor Solutions may or may not offer reporting for “who had access to NPI”.  Therefore, if our Company selects a Policy based Encryption Appliance with TLS and Webmail options, they are paying in hard and soft dollars – $65,000 per year.

Vendor Solution Direct & In-direct Cost
Annual Appliance Cost $16,000
Annual TLS Cost $16,285
Annual Webmail Cost (25 Employees) $32,465
Annual Vendor Cost $64,750

 

eM4 Compliant Email

eM4 was designed by users with several core objectives, basically everything they didn’t like about the current landscape.  Its “Many to Many” architecture provides the optimal model eliminating the cost of support and maintenance while maximizing compliance.  At the top of their list were no logins or passwords, absolute encryption rules and compliance reporting.  They wanted a friendly B2B environment where the user didn’t have to think about NPI or depend on their IT Staff to maintain Scrubbing Policies.  As third parties in a supply chain the majority (89%) of their traffic was with their trading partners (B2B) and 11% was with the end customer (B2C).

eM4 Service 2007 – 2013
Sent 9 Million B2B & B2C
Received 7 Million B2B
Webmail 2 Million B2C
Total 18 Million

 

Subscribers wanted deployment options because one size doesn’t fit all.  Some wanted in-house deployments, those who outsourced to public or private Cloud providers wanted to participate and not be forced into the Cloud providers solution therefore they wanted Paperclip to host the Relay and some wanted a simple email client option as a Private eM4 Cloud.

Relay Type
Hosted 16%
Cloud 24%
In-house 59%

 

Pricing was also important whereas the community wanted the largest user down to the smallest to be able to participate.

eM4 Solution
IT Professional Salary $80,000
Setup Time (Days) 1
IT Setup Cost $219
eM4 Enterprise Relay Cost $500
eM4 Full Subscriber Rate (25 or less) $75
Number of Employees 25
Annual eM4 Cost $2,594

 

eM4 Compliant Email is a fast growing service that does more than encryption.  It maintains User Friendly balanced with Compliance at an affordable price.