Email Encryption is a vital tool for businesses to ensure that their email communications are safe. Email is not a secure method of communication and it’s possible to expose the content of emails, putting confidential information and data at risk. Consequently, businesses need to encrypt sensitive emails and attachments.
Sending encrypted email is often compulsory for legal or regulatory reasons. It’s also often the case that a business has the information it wants to be kept out of public view. Email Encryption software allows businesses to secure emails, making sure they are accessed only by the intended recipient and giving end users more security controls.
In this list of the best email encryption solutions, we’ll be looking at the methods of encryption these products offer, the controls they provide to IT admins, their ease of use for senders and recipients and the quality of reporting they offer.
Trustifi is an email encryption platform that provides enhanced protection for your email communications. Their innovative platform provides secure end-to-end email encryption for all email platforms, to help your organization stay protected from email threats, and fully compliant with data protection regulations. Encrypting email with Trustifi is seamless. Senders are able to send encrypted emails and remain compliant in just one click, and recipients can access encrypted emails without needing to create an account or sign into a portal. Trustifi’s encryption solution is fully cloud-based and is a strong solution for MSPs looking for an encryption service for their clients.
Trustifi provides secure end-to-end encryption. The service is deployed to Outlook and Gmail via API integration, which is quick and straightforward. Encrypted emails are delivered instantly, with comprehensive protection for all inbound and outbound emails and attachments. Encrypted emails are sent with two-factor authentication controls, without requiring the recipient to register for an account – this means that users are protected, even if their contacts aren’t using Trustifi. Admins are also able to configure data loss protection rules to automatically encrypt sensitive email data, such as those with credit card information, or other personal data, which eliminates human risk factor and ensures that confidential content is always secured.
Trustifi gives email senders a huge amount of control over encrypted emails they have sent. Users can revoke access to encrypted emails, edit the information in encrypted email messages and attachments after emails have been sent (with originals stored for compliance purposes), block users from receiving encrypted emails, and set expiration dates for emails. In addition, users can view email data directly within their email inbox, including when encrypted emails have been received, opened and read by the recipient. Trustifi offers powerful encryption that is both highly secure, and easy to use. We’d recommend it for MSPs, resellers and end-clients looking for cost-effective, cloud-based email encryption.
Cisco offers a safe and trusted email encryption tool with a wide range of customisable features and policies on offer. The encryption method used here is a secure web portal. Admins can set policies to automatically encrypt emails, or end users can do so manually. The major strength of this service is the range of features it offers to end users. They can recall emails, expire access to emails and receive receipts when an email has been opened.
Cisco allows users to control the ability of end users to forward and reply to emails. These controls are available with the users’ normal email client, making them easy to use. Admin’s get access to reports, detailing when these controls are being used. Customers like this service for the range of end user controls on offer.
Cisco Secure Email Encryption Service
Pricing is supplied via a quotation request.
Echoworx is a premium encryption platform offering eight different types of email encryption. This includes a secure web portal, which allows end users to log in to send and receive secure emails. It also includes end to end encryption and Secure PDF encryption. This involves sending emails as PDF document which cannot be opened by anyone but the intended recipient. Admin’s can set custom policies, which decide which emails must be encrypted. End users can encrypt emails themselves via their existing email client.
Echoworx provide high-quality access and audit reports, so you have visibility over who is accessing encrypted email. They also provide additional features such as large file encryption.
Echoworx offers a huge amount of features and policies. Its biggest strength is that despite these complex features, the service is still easy to install, manage and actually use. We’d recommend this service to organizations looking for multiple encryption methods to secure their communications.
Echoworx OneWorld Pricing
Pricing is supplied via a quotation request.
Egress provide email encryption and security solutions. They offer three email security solutions, Egress Prevent, Protect and Defend. Egress Protect provides enterprise-grade encryption, used by governments and industries to secure email delivery.
Egress uses AES-256 bit encryption to provide message-level protection via an on-premises, cloud or hybrid solution, while comprehensive permissions include read-only access, disabled attachment downloads, and restricted forwarding. Egress is best suited to Office 365 environments.
Egress provides full audit logs and allows end users to revoke access to delivered emails, helping to prevent security breaches. The service makes it easy for Office 365 users to encrypt, send and receive encrypted large files without leaving their email inbox. Users are also able to add watermarks with the recipient’s email address and restrict printing to prevent data leakage.
In addition to encryption, Egress also provides protection against misaddressed emails and attachments, warning users if they are about to accidentally cause a data breach.
Egress is the top email encryption solution for Office 365 users. The Egress Office 365 add-in sits seamlessly in users’ email environments, so they receive enhanced email security with no added hassle. Egress is fully compliant with data regulations such as HIPAA. The solution is suitable for organizations of all sizes, and customers include large enterprises and government agencies, as well as small businesses.
Egress Pricing
Pricing is supplied via a quotation request.
Microsoft Office Message Encryption is easy to use within O365. It offers some useful features; users can send secure email both internally and externally very easily. It’s also very cheap and easy to implement. Admins can create custom policies, so that end users can stop encrypted emails from being forwarded. There are a few features missing, however, such as attachment encryption. There is also no reporting currently offered, but this is being added.
Microsoft Office Message Encryption is easy to use within O365. It offers some useful features; users can send secure email both internally and externally very easily. It’s also very cheap and easy to implement. Admins can create custom policies, so that end users can stop encrypted emails from being forwarded. There are a few features missing, however, such as attachment encryption. There is also no reporting currently offered, but this is being added.
Microsoft Office Message Encryption Pricing
To use Office 365 Message Encryption, purchase Office 365 E3.
Mimecast is a globally leading security vendor for businesses. They offer an encryption service which uses a secure web portal method of encryption. This means users can send encrypted messages via their existing email client, and recipients can log in to a webpage to view them. Mimecast offer a trusted and secure platform, so you can send emails without fear of data loss. They offer a number of features to protect data. This includes giving admins reports, but not actually letting them see the contents of an encrypted email.
Mimecast offer a range of end user controls. This includes being able to see when an email has been read and putting restrictions on forwarding and printing of encrypted emails. End users can also revoke access if an email was sent accidentally. All of these controls are accessible from the users’ existing email service, making them easy to use.
This product is not standalone, but part of Mimecast’s ‘Information Archiving’ and ‘Secure Messaging subscriptions. This means that this is a great encryption option if you are already a Mimecast customer.
Mimecast Pricing
Pricing is supplied via a quotation request.
Paubox is a market leader in HIPAA compliant email, working to provide secure email communication for healthcare organizations via encryption and data loss prevention methods. The Paubox email suite is an all-in-one solution to encrypt email, eliminate display name spoofing attacks, prevent phishing attacks, and protect data. This solution encrypts emails automatically, without needing any additional input from either the sender or recipient of the email, and with no portal and no password required.
The Paubox email suite helps organizations to better protect themselves by leducing the risk of emails being sent that contain unsecured PHI and ensuring that every email sent out is encrypted/ Paybox encrypted email are HIPAA compliant by default, and employees are blocked from transmitting unauthorized PHI via data protection rules. This solution operates under the HITRUST CSF framework, processes and stores data in US data centers, uses Transport Layer Security 1.3 as the default encryption choice, and provides business associate agreements to all customers.
The Paubox email suite uses email filters to block viruses, phishing and spam emails so they never reach your employees inboxes, seamlessly integrates with business email providers like Google Workspace, Microsoft 365, and Microsoft Exchange, and archives inbound and outbound emails (which are stored encrypted at-rest) for eDiscovery, disaster recovery and HIPAA compliance.
Paubox also lets users add filters for automated malware attack prevention, and provides insights into usage, mail logs, quarantined attacks, and notified alerts. This solution is rated highly by users and is well suited to healthcare organizations looking for an easy to use, compliance friendly option for improving their email security and preventing cyber-attacks.
Standard – $29 per month (1 – 10 users)
Plus – $59 per month (1 – 10 users)
Premium – $79 per month (1 – 10 users)
Standard – $29 per month (1 – 10 users)
Plus – $59 per month (1 – 10 users)
Premium – $79 per month (1 – 10 users)
PreVeil Email Encryption is an end-to-end encrypted email service for the Defense Industrial Base. It has a higher level of security compared to the other products listed on this page. PreVeil is built on highly secure encryption standards, and adds an encrypted mailbox to Outlook inboxes, without changing your exisiting email address. With PreVeil, no one but the sender and recipient can ever see the message. If hackers attack the server, all they get is gibberish.
PreVeil’s enteprise encyrptions solution allows IT administrators to create, modify, and delete users and groups, as well as set organization-wide data and recovery policies. Device management controls let admins disable lost or stolen devices quickly. PreVeil’s Approval Group technology allows privileged activities only after cryptographic approval from a set of predetermined administrators or leaders.
No single administrator can compromise an entire organization, for example by exporting messages or files, without authorization from others. PreVeil is a highly secure encryption platform, and is fully compliant with stringent information governance requirements such as SOC-2, GDPR, HIPAA, PCI, NIST 800-171, and CMMC. It’s suitable for organizations needing the most secure encyrption standards to protect highly sensitive data.
PreVeil Pricing
End‐to‐end encrypted email and file sharing service for the Defense Industrial Base.
PreVeil Email & Drive For Gov Community = $360 user / year
Virtru offers a secure cloud-based email and data encryption platform, which gives users more control over how their emails are interacted with. Virtru encrypted email can be opened directly within the email client, and are encrypted end-to-end. With Virtru, users can easily read and send encrypted emails directly from their inbox, and admins can set easily set security policies to enforce organization wide.
Virtru is the top encryption solution for GSuite, allowing users to encrypt email directly from Gmail, and encrypting Google Drive documents.
Virtru allows end users to encrypt emails directly from their email client. From here, they can also see who has opened emails they’ve sent, revoke access to email they have sent, control email forwarding, and even add watermarks to encrypted attachments. Virtru deploys quickly, and gives admins the ability to see where emails and files are being shared. Admins can also set, enforce and configure security policies across the enterprise from the admin dashboard.
Virtru is built for enterprise users, with a feature set designed for mid-sized to larger organizations rather than very small organizations. Virtru’s enterprise features include the ability to choose to host your encryption keys to meet data protection, privacy or data location requirements.
Virtru Pricing
1-9 users = $699 annual platform fee plus $60 / user / year
10-99 users = $1,999 annual platform fee plus $60 / user / year
100+ users = request a quote
ZixEncrypt offers policy-based email encryption which streamlines the process for end users. Admins set custom policies based on certain keywords, or departments. ZixEncrypt encrypts emails which come under these policies automatically. This simplifies the process for end users, as they don’t need to manually encrypt emails. Encryption works via a secure web portal, secure PDF encryption, or end to end encryption. The platform offers a ‘Best Method of Delivery’ feature, which automatically choses the best of these methods to send the encrypted email.
Zix implements content filters, which automatically encrypts emails. This to send an encrypted email, users simply create a message and hit ‘send’. To open the encrypted email, receipients simply open the encrypted email like regular email.
Zix is a trusted, global security provider, with good levels of customer support. Zix offers pre-defined encryption polices for different sectors, including healthcare, finance, public sector and education.
ZixEncrypt Pricing
Pricing is supplied via a quotation request.
How Does Email Encryption Work?
With email being the predominant means of business communication, your email is a tempting target for a hostile actor. There are multiple protocols that have been used to encrypt emails, each with their own history and strengths and weaknesses. The most used types of encryption are TLS, AES, PGP, and S/MIME.
TLS
TLS stands for Transport Layer Security and has evolved from SSL (Secure Socket Layer). This type of encryption is in use whenever you see the padlock icon in search bar of web browsers where a secure connection is established. It can be used to send emails, as well as other file types. TLS will ensure your data is safe whilst in transit, it cannot, however, protect emails that are in your inbox.
AES
Advanced Encryption Standard is a robust and effective method of sending data securely. It uses a symmetric key cipher which makes it incredibly fast, but no less secure. The encryption acts like a trap door – it is easy to go in one direction (encryption) but much harder to go backwards (decrypt) unless you have the right key.
To hack AES-256, an attacker would need to work out a number that is 78 digits long to decrypt your data. While 256 is the highest encryption level on use, it can also be used in 128- or 192-bit formats. This type of encryption is used by governmental organizations.
PGP
PGP stands for Pretty Good Privacy (no, really), and uses symmetric-key cryptography to protect your email, texts, and files. It has been the de facto email encryption method since its invention in 1991. The public key is used to encrypt the data, while a separate key is used to decrypt the data. As you are not using the same key for both processes, there is less opportunity for an attacker to steal the key.
S/MIME
This builds on Multipurpose Internet Mail Extension (MIME) by employing asymmetric encryption methods. This means that there are a pair of keys – one is public and the other is private. Not only does S/MIME protect your email whilst in transit, but it ensures the email is not modified and protects against email spoofing. S/MIME also uses digital certificates to verify sender identity. This type of encryption will need to be implemented on the user endpoint.
What Features Should You Look For In An Email Encryption Solution?
1. Cloud-Based End-To-End Encryption
2. Policy-Based Data Loss Prevention
3. Legal Compliance
4. Range Of Delivery Methods Available
5. End User Controls
6. Easy-To-Use Admin Console With Reporting
7. Branding Options
8. Accuracy and deliverability
