Diving Into Email Encryption With Senior Developer Martin
Interview
5 min

Explaining Email Encryption, With Senior Developer Martin

Everyone at Beyond Encryption has a wealth of knowledge and experience to draw upon, helping us to bring world-class solutions to the market.

Find out how our catch-up went with Martin, senior software developer, for a chat about Mailock’s advanced email encryption technology.

We heard Martin explaining email encryption and how we maximise it to create the planet's most user-friendly secure email network.

 

What is your role at Beyond Encryption?

I’m a software developer, which means I get to develop code and design different features, as well as work out how to implement, test and deploy these in our products. I’ve worked for Beyond Encryption for 6 years, with my main projects being the development of the Mailock gateway and the Outlook add-in.

 

In a nutshell, what is email encryption?

Encryption is basically how you hide or disguise data. There are two different types of encryption, symmetric and asymmetric, and they both use ‘keys’. Symmetric encryption, the type that Mailock uses, involves both parties using the same key. Asymmetric involves two different keys – a public and a private one.

Encryption can differ according to where it takes place. Transport encryption is when data is encrypted during transit, with encryption also able to be put in place for when data is at rest. It all depends on what or who you want to protect your information from. For example, encryption at rest can protect local information stored on your computer hard drive, preventing third parties from accessing it if your equipment was to be stolen.

 

Can you tell us more about how asymmetric encryption works and why we don't use it?

So, If I wanted to be able to send and receive something using asymmetric encryption, both parties would have to generate a public and a private key. The private key will be kept either on the desktop or email client, and the public keys will need to be shared between me and my recipient. Once we have each other’s public keys, we can send encrypted messages and files that can only be decrypted with the private ones. An example of this would be PGP (Pretty Good Privacy).

However, the problem with this method is that you usually use the same key for a long period of time. This means if a third-party gets hold of your private key, they can access any of your encrypted messages and decrypt them. Also, if you lose the device where your private key is stolen, and you don’t have it backed up, you will no longer have access to your messages.

 

What are your thoughts on email as it stands today?

The thing with email is that it was never created with security in mind. Back in the 70s, no one was thinking about how or why they would need to protect their messages. It wasn’t long ago that encryption in transit was introduced, and is now used by 99% of email providers, although it doesn’t protect data when it’s at rest.

Another problem email currently has, is that you can’t be sure that the person who is sending you a message is who they say they are. There are technologies that can prove an email is sent from a particular domain, but they are all optional rather than integrated. If email was to be designed from scratch now, we would make it secure by default. While we may have other options for sending digital messages now, email is still the default, with solutions like Mailock being the only way to ensure that the data you send is protected.

 

How do you ensure that Mailock as it currently stands, plus any new releases, are up to scratch in terms of security?

We carry out code reviews every time a new feature is implemented, sending it out to all members of the team to ensure they have visibility on changes, and to ensure these are checked thoroughly before approval. We also carry out scans and regular penetration testing to highlight any vulnerabilities and address them.

 

What would you say the main differences are between Mailock and other encryption solutions currently on the market?

Something Mailock has that none of our competitors have is the challenge process, where users can authenticate email recipients before they gain access to sensitive email contents. We also have the Unipass integration, allowing those working in the finance industry to use their Unipass Identity to send and receive secure emails. Finally, while a lot of other encryption products have add-ins and integrations with email clients, the journey for the recipient is nearly always carried out on the web, whereas our Outlook add-in is available for both our customers and their end clients. Mailock doesn’t just focus on the delivery of customer emails, it also ensures the safe return of end-users’ messages.

 

Can you talk us through Mailock’s authentication capabilities and when you would use them?

It really depends on how well you know the person you are emailing. If you only know their name and email, you have the option to verify their email address. If you also know their number, you can use Mailock’s SMS authentication. If you have spoken to this person on the phone or in person, you can use Q&A authentication, where you can ask them a question that only you and they know the answer to. We give a range of different options to suit the differing relationships our customers may have.

 

Finally, when designing Mailock, how have you overcome the age-old difficulty between security and usability?

We are always thinking of new ways to make life easier for our customers, without sacrificing the security Mailock offers. One example is the introduction of the Outlook add-in, which offers users an integrated and more convenient experience. However, not everyone wants to have extra software downloaded on their computer, so we still make sure to offer a web app. This means users can still read and send content safely and securely without needing to install extra programs.

Return to listing