Regulatory requirements make it mandatory for companies to archive their digital correspondence compliantly for many years. In an age when business emails are increasingly transmitted in encrypted form, this is often much more easily said than done. At first glance audit-proof archiving and encrypted emails appear to be mutually exclusive. But IT managers who combine their solutions for email encryption and archiving smartly can easily overcome both challenges simultaneously.
Archiving encrypted emails requires private key management
The initial problem facing many businesses in their efforts to archive encrypted emails is the following: if an incoming email is stored in an encrypted form in the archive,it can only be decrypted using the matching private key belonging to the recipient. This is particularly challenging if the relevant recipient has already left the company by the time of the archive search or a new private key has been generated in the meanwhile. Considering mandatory retention periods of up to ten years, both of these scenarios are quite likely. In order to ensure that all private keys which may be required for archived emails are available at all times, a potential solution consists in integrating private key management into the archive. However, this solution would require constant, effort-intensive management of the private keys.
Gateway-based security solutions combine archiving with encryption
The archiving and retrieval of electronic messages can be made much easier, by contrast, if an encrypted email is already decrypted prior to physically being archived. By employing a gateway-based security solution, such as Retarus E-Mail Security, it becomes possible to seamlessly combine email encryption with an email archive. In this scenario, the decryption of the email is not carried out in the client of the user, but rather centrally via the email security solution. The decrypted email is subsequently stored in the archive. In this way, it is then possible to retrieve the email at any time. This means that it becomes irrelevant whether the matching private key still is available at the time of the research. The archive itself is, however, still protected by the company’s own encryption key. This ensures the preclusion of any unauthorized access by third parties – not even the email security service provider.