Mailprotector, an email security, management, and hosting provider with U.S. headquarters in Greenville, S.C., will soon introduce a completely re-architected version of its ForcEncrypt email encryption solution designed to protect email content more thoroughly and affordably.
The new system, which is due to reach market within the next two weeks, encrypts data locally on the sender’s server, transmits it across the internet via ordinary email, and then decrypts it locally on the recipient’s server, storing only the encryption keys in Mailprotector’s hosted data center. Most email encryption solutions house both data and keys in the cloud, according to Ted Roller, Mailprotector’s acting channel chief, who calls that a security risk.
“When you put a whole bunch of confidential data in one place, it makes a target,” he says, noting that if attackers succeed in compromising that target they can potentially access not just encrypted information but the keys needed to view it. Hackers, moreover, aren’t the only ones who could potentially benefit from that arrangement.
“The government can still secretly access data from cloud providers, whether we like it or not,” observes Mailprotector CEO David Setzer. By storing keys off-premises and data on-premises, the new release of ForcEncrypt makes reading encrypted records all but impossible for cybercriminals, intelligence agencies, and law enforcement authorities alike.
“You’ve got a technology now that by separating the two components, the encrypted payload and the key, makes the acquisition of encrypted data very, very difficult,” Setzer says.
The new system, which Mailprotector has been showcasing this week at the CompTIA ChannelCon event in Hollywood, Fla., spares MSPs and their clients the hassle and expense of migrating large volumes of data from one cloud to another when switching encryption service providers as well, and dramatically reduces Mailprotector’s hosted storage requirements, resulting in lower overhead expenses.
“We’ve translated that into roughly a 50 percent cost reduction over traditional encryption services and solutions,” Roller says. Channel pros can pocket that money and collect higher margins, he adds, or pass the savings on to their clients. Those who choose the latter option will make encrypting all data instead of just the most sensitive information, as experts recommend, far more affordable for their customers.
“Adoption of encryption at the SMB level is terrible today. It just barely exists, and the reason is because of the cost associated with it,” Roller asserts. “We’re changing that game.”
They’re doing so, moreover, without making decryption time consuming or complex for email recipients who don’t use ForcEncrypt, he continues, because equipping a client device to access encrypted text takes roughly 30 seconds and need only be done once.
“It’s not a painful or tricky process,” Roller states.
Interestingly, while re-engineering ForcEncrypt to store keys and data separately had been on the system’s roadmap for some time, Intel Security’s decision late last year to phase out its economically priced McAfee SaaS Email Encryption solution, among other products, accelerated the timetable for that effort. According to Roller, Mailprotector foresaw a lot of awkward conversations ahead for MSPs when they informed clients that they would soon have to choose between exposing their email to greater risk or buying a new and costlier encryption solution.
“Channel partners aren’t really good at dealing with unhappy people,” he observes. Launching a potential McAfee SaaS Email Encryption replacement with a comparably low price but richer functionality would eliminate that ordeal.
Mailprotector plans to add more robust administrative capabilities to ForcEncrypt in future releases, including integration with its management interface that will let technicians set encryption policies and enforce them automatically.