"We don’t encrypt our e-mail correspondence, as there is simply no solution that is acceptable for both the sender and recipient. Rather than spending money on a solution that is not used, we prefer to use the funds elsewhere…"
Have you heard this kind of reasoning before? This and similar statements are unfortunately far too common.
As is generally the case when it comes to the topic of IT security, the perception of e-mail encryption is usually the same; the higher the security level, the worse the user experience becomes. However, this viewpoint actually means that the discussion should be intensified, rather than avoided!
The following questions need to be clarified: Having identified the need for e-mail encryption, was a product evaluation started directly? And prior to this, was the need for increased IT security clarified and examined in detail?
Carrying out a simple product evaluation (as for standard software) for the procurement of an e-mail encryption solution (e.g. a suite for text and table processing) does not usually lead to a successful solution, because the acquired products are either too restrictive or broad in scope and often approach the problem from the wrong angle.
Instead, it is more sensible to clarify the requirements in detail beforehand. Several questions need to be answered in order to find the right solution for the respective user or company.
Possible answers will be discussed in more detail in the article «Auto TLS: Striking a balance between cost and benefit for e-mail encryption — Part 2».