Email is a very cost-effective way of communicating with your customers and clients. Basic email, however, has severe security limitations, and in an era of security breaches, stringent privacy regulations and overzealous data mining by email vendors, steps must be taken to ensure email content remains safe and only in the hands of the intended recipient.
Preemptive Secure Cloud Messenger (SCM) addresses these concerns. It provides email content to your recipients over the Internet while applying leading edge encryption, transmission and storage security.
Preemptive Consulting takes a holistic approach to email security, ensuring that no-one except the intended recipient can ever view messages, and proactively ensuring that messages are never lost in transit.
Secure Cloud Messenger ensures that:
- messages are received, stored and delivered with the highest levels of encryption
- no unauthorised viewing of messages is possible
- end-to-end history of message delivery is maintained
- only authorised messages can be lodged in the system
- encryption keys are proactively managed
- data is replicated so that it can survive any system outages
At every stage of the message lifecycle, every message is protected with the strongest level of encryption.
The email sender redirects messages requiring secure handling to SCM over encrypted email connections (this is as simple as a Transport Rule in Exchange). The specific encryption algorithm used depends upon the senders system architecture.
From the moment a message is accepted for delivery, it is encrypted with AES 256-bit encryption using a combination of the sender’s encryption key and the recipient’s address.
A message with a unique access link is immediately delivered to the recipient notifying them that they have a secure message to read, and then Secure Cloud Messenger completely forgets who the message was sent to!
That’s right – even SCM and Preemptive Consulting have absolutely no way to decrypt and read the message, even though it is managed there. No records, logs, audit trails or database files record who the message recipient is. So even in the extremely unlikely event that the message was somehow accessed by a third party, it could not be decrypted and read.
The only way a message can be decrypted and viewed is by the recipient unlocking the encryption with their authenticated access, and unique message link over a secure Internet connection.
Your account configuration determines the level of authentication you demand from your recipients. Three levels are available: basic, password, and two factor. Password and two factor require a mobile phone for authentication.
When the intended recipient authenticates, the system decrypts the message, which is then delivered to the reader’s browser using a strongly-encrypted SSL connection. (Technical note: the network connection actually uses TLS version 1.2, which is the most secure web page delivery technology available today).
At no point does the message recipient have to install any software on their system beyond the web browser they already have on their PC, tablet device or mobile phone.
The recipient’s email system never contains any message content – an essential security requirement when people use public email systems where the providers actively read and mine email for advertising and metadata collection purposes.
A compromised email accounts link messages are useless without authenticating back to the SCM server. Something that’s not possible without the end user’s mobile phone.
In brief, your messages are completely encrypted in transit and at rest.
The fact that messages are delivered in complete security doesn’t mean that the sender is left in the dark.
At various points in the message life cycle, the message sender can optionally receive notifications that their message has been:
- securely accepted by Secure Cloud Messenger, with a tracking number for reference;
- viewed by the intended recipient; and
- any replies to the message are delivered to the original message sender in total security
To make message tracking even easier, Preemptive Consulting provides a web-based tracking facility that can be used to trace a message via its tracking number. It is even possible to recall the message using this facility. The tracking facility can trace a message long after it is has expired and otherwise been removed from the system.
Note that the ability to track a message does not mean that the message is somehow readable by anyone other than the intended recipient. The message always remains securely encrypted.
Additionally, there is no point encrypting if the keys are not safe. That is why Secure Cloud Messenger takes active steps to ensure that encryption keys are protected and managed according to industry best practice.
Each client organisation of Secure Cloud Messenger receives its own uniquely generated set of encryption keys. Once a month, the system re-generates and rotates the encryption keys for each organisation.
The encryption keys themselves are carefully encrypted and stored in a password-protected location within the system. And as discussed above, even if the keys were somehow breached they still could not be used to view a message without some knowledge of who the message recipient was.
Preemptive Consulting is proud of the design and security of Secure Cloud Messenger. We are happy to discuss any aspect of the security and management of messages with our customers.
Please contact us if you have any concerns or questions about message security and we will be happy to have a full and frank discussion of the issues with you.