What Is An Email Encryption Gateway?

An email encryption gateway is an essential tool for securing a business’ enterprise email communications. It makes sure that any sensitive information contained in email messages is protected from unauthorised access by encrypting it before it is sent to external recipients.

Email encryption gateways are a key component of an outbound email security strategy.

They are used to encrypt emails between your organisation and external parties, protecting the confidentiality and integrity of message content as it passes over unencrypted channels.

As well as providing email security, encryption gateways help with regulatory compliance, ensuring that sensitive information isn't leaked during transmission or stored without appropriate protection.

Some email encryption gateways are hosted on-premise and managed by internal company administrators.

Other gateway solution providers offer a fully managed service run on cloud-based technology.

Email encryption gateways should integrate with existing email systems, enhancing security without disrupting everyday email usage.

They are adaptable to various email platforms, maintaining user experience while adding a layer of protection.

These gateways should include strong encryption protocols and recipient verification processes, ensuring that sensitive information remains confidential and is accessible only to the intended recipients.

It’s important to consider that some email encryption gateways might introduce a degree of user inconvenience.

Recipients who are not familiar with the chosen encryption solution might need to take additional steps to access encrypted emails.

Additionally, compatibility issues can arise if recipients lack compatible software to decrypt messages.

Inbound Vs. Outbound

Email encryption gateways can play two different functions:

Outbound email encryption gateways encrypt your communications on delivery, securing messages sent to anyone outside your security infrastructure.

This can include customers, partners, vendors, or staff working remotely.

When you send an email to someone outside your company infrastructure, only the intended recipient should be able to decrypt it.

This ensures that sensitive information is protected from falling into the wrong hands.

Inbound email encryption gateways can:

• Keep incoming encrypted emails secure, making sure they stay protected until the intended recipient accesses them.
• Decrypt incoming encrypted emails so that the intended recipients can read them and download any attachments.

In many cases, organisations will configure their inbound email encryption gateway to only allow emails from certain senders using a whitelist.

This gives administrators control over the emails that enter their company's infrastructure and helps to reduce email phishing.

On-Premise Vs. Cloud

Companies can choose to host email encryption gateway software on their server or their gateway vendor's server.

If a company chooses to host its own gateway, the data will usually be stored on-premise, whereas a managed service stores data in a cloud installation administered by the provider.

There are benefits to both deployment types:

• On-premise deployments give an organisation full control over its infrastructure, which might be necessary for regulatory compliance.
• Cloud deployments offer scalability, efficiency, and ongoing support.

Regardless of the deployment type, most gateway vendors offer or support integrations with major mail exchange servers including Exchange, Office 365, G Suite, and IBM Domino.

There are several well-regarded email encryption gateway providers in the market. Consider factors like budget, deployment needs (cloud vs. on-premise), ease of use, and integrations with your existing email infrastructure when making a selection.

If you choose the right email encryption gateway, it should be able to handle high volumes of emails without sacrificing performance, making it suitable for businesses as they grow their customer base.

Does Microsoft 365 Provide An Email Encryption Gateway?

Microsoft 365 does not offer a dedicated email encryption gateway, though it is able to encrypt outbound and decrypt inbound encrypted messages in a limited capacity.

Emails encrypted using M365's native email encryption, Microsoft Purview Message Encryption (MPME), can be decrypted into the inboxes of Microsoft Outlook users.

Some emails can be encrypted by M365 users on enterprise plans, though the functionality is limited.

Microsoft's encryption algorithm has also been questioned, leading the company to make a statement that its email encryption should "not be used as a security boundary".

Learn more about Microsoft 365 email encryption.

Getting Started

In today's digital age, prioritising email security is not just an option; it's a non-negotiable element of protecting your business and its valuable data.

Email encryption gateways are a vital investment for businesses of all sizes. They safeguard sensitive data, mitigate security risks, ensure compliance with data regulations, and foster trust.

References:

Microsoft Office 365 Message Encryption Should Not Be Used as a Security Boundary, The Register, 2022.

Securing Enterprise Email Communication on both Sides of the Firewall, Springer Link, 2015

Reviewed By:

Sabrina McClune, 18.06.24

Sam Kendall, 18.06.24