“When you move your business to the cloud, it is important to ensure your information security. Information security management is based on trust, and it is a good idea to remember the old saying ‘Don’t put all your eggs in one basket’,” says Miikka Sainio, Chief Technology Officer (CTO) at SSH.
Businesses and organizations are increasingly using cloud services – as they should. The cloud enables us to work independently of time and location. However, in terms of information security, it is problematic when all information is processed in the cloud.
Miikka has five tips for combining cloud services and encryption solutions.
1. Separate encryption makes cloud use more secure
The old and familiar principle of distributing information security controls in multiple locations is still a good and functional solution. In this way, the use of cloud services also becomes more secure. It is worth remembering this especially now that the use of cloud services is increasing all the time.
“We support companies in their transition to the cloud, but at the same time, we want their important data to be protected in an easy way. We recommend, for example, using a separate Secure Mail email encryption solution for secure email communication. The most valuable messages, at least, should be placed in their own location – just for the sake of security,” says Miikka.
2. Email encryption is possible in various environments
Email encryption services must be easy to use, and they must work in the most common email environments.
This is exactly what SSH concentrated on when developing their email encryption solution, according to Miikka: “This is what we have focused on in particular in our own Secure Mail service. When the service is acquired and taken into use, an encrypted email can be sent by simply adding ‘.s’ to the end of the recipient’s email address.”
The Secure Mail solution works in the most common email applications, and no separate software installation is needed for the users. It is quick and easy to take the Secure Mail encryption solution into use. It is used extensively in the popular Microsoft Office 365 cloud environment, for example.
3. An ordinary email is as secure as a postcard
We need email encryption because using an ordinary email is as secure as sending the information on a postcard. It may go through the mailing process without any information leaks, but just like the postcard, an email offers no guarantee of information security. Therefore, it is not advisable to send critical information using either of these methods.
A good email encryption service should offer various levels of security that align with data categorization. For example, in Secure Mail, you can select the degree of encryption based on four security levels:
- The first security level is comparable to a closed envelope sent by mail. Only the person named as the recipient can open the email. If it is opened by an outsider, this will leave a trace, just like an opened envelope.
- The second security level is comparable to a registered letter. On this level, the email can only be opened with a one-time pin code, which the sender sends to the recipient’s mobile phone number.
- The third security level requires strong authentication. The email can only be opened by using a mobile certificate or online banking authentication. This could be compared to a letter, which is personally handed over after verifying the recipient’s personal ID card or passport.
- The fourth security level enables secure electronic delivery of government classified (ST IV and ST III) materials.
Learn more about the importance of aligning security practices with data categorization in our Essential Guide to Securing Critical Business Communications and Data Sharing.
4. Encrypted email is a part of secure information sharing
In digital communication, it is important to ensure secure sharing of information comprehensively. In addition to email, for example, the information security of digital forms and documents must be considered.
“We also provide straightforward solutions for secure sharing of electronic forms and confidential file sharing. Additionally, our services support one another and make up an easy-to-use and secure package,” adds Miikka.
5. Building information security starts with categorizing your own information
It is not a good idea for an organization to encrypt and process all information in the same way. For example, most emails do not need to be encrypted. However, it is important to understand that information, which needs to be encrypted, should be handled consistently throughout the whole organization, from customer service to management.
When developing information security protocols, it is important to understand which of the information within the company must be processed with special care.
As Miikka adds to the fifth tip: “There is no need to do this kind of information management planning on your own. It is much better to get an expert in the field to do it for you instead. We help you find a suitable expert to support you in planning your information management. We also have more than 50 partners who deliver our licenses to various organizations of different sizes.”
Benefits of Secure Mail:
- No software installations needed by the sender or the recipient.
- The sender can select the security level according to the information security need.
- The recipient can reply to an encrypted email securely.
- The same user experience for all recipients.
- External parties can also start an encrypted email communication towards the company, for example, from the company’s website.
- An option to design the look of the encrypted emails to match the corporate image.
Miikka guides the software architecture and development at SSH. He has over 20 years of experience in IT industry, building teams and developing products in startups and large enterprises.