OMiT Computing

Considering that Email in it's standard form must not be regarded as secure, what are the options if you have sensitive information to send and other forms of communication just won't do? There are several secure email methods out there, the trick is picking one that suits you, your objectives, the type of information you want to send, the software platform you use and the policies of your business or organisation. The main options for you to choose from are:

1. GPG - GnuPrivacy Guard based solutions. GPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880. GPG allows you to encrypt and sign your communications using a versatile key method. There are a number of programs and email client plugins that are based on GPG/OpenPGP that add the signing and encryption function into popular email clients such as Microsoft Outlook and Mozilla Thunderbird, there are even browser plugins that work with webmail services. This option will encrypt and secure your sensitive emails, however, there are some limitations. GPG/OpenPGP will not encrypt the subject line, but will encrypt the body message and any attachments. This method requires that all parties to an email must have created a key pair (private and public) and shared their public key, either directly or via a key server service such as pool.sks-keyservers.net. This method does require some technical knowledge of how it works and if this sounds a little too complicated then it's probably not going to work for you.
2. Gateway Based Solutions - Secure email gateways are appliances or servers that sit between your email server and the internet, for them to be effective all outbound and inbound email must pass through them. This does not mean that the gateway has to sit on your site, it can be hosted anywhere, your email just has to pass through it, which can be securely achieved with DNS and SSL/TLS. The advantage of gateway based solutions is that your local administrators can set uniform rules for mail routing and when to trigger encryption. Most gateways will provide some form of reporting allowing you to analyse how your users are using email and how encryption is being used. This is probably the simplest option with regard to everyday usage but can be expensive. 
3. Third Party Secure Email Providers - This option hands all your email over to a third party who will encrypt your mailboxes and all emails that you wish to be encrypted. The third party provider will have no access to your mailboxes, you will control the encryption keys. You are limited as to the email client you use, as some providers use their own version of encryption technology. This enables them to overcome limitations in other technologies, for example, subject lines can also be encrypted. With this option you need to be mindful of where your data is stored to ensure that any data privacy laws that your business or organisation is subject to will be adhered to. This option has a good balance between simplicity and cost and will be attractive to smaller businesses and organisations that don't have a technical resource available.

 As a small consultancy OMiT Computing uses option 3 and secures sensitive communications with https://tutanota.com , so you can be sure that if we need to exchange sensitive data it will be done with the appropriate level of security.

If you want to find out what option is best for you contact Nick Wright by email to This email address is being protected from spambots. You need JavaScript enabled to view it., call on 01772915045 or send a message on the contact page.