Monday, September 28, 2015

Followup: Questions to ask Cloudstar or any encrypted email provider

I can see that my cloudstar post is getting a fair amount of views, and I wanted to follow up.  Below are some questions you should ask potential encryption vendors.

Furthermore, a lot of my clients are under the impression that the encrypted service provider they've been pushed to is MANDATORY - but that is not often the case! The true case is that it's mandatory your email is encrypted, and in 99% of cases, it is!

So before you make the leap to cloudstar, or any similar service provider, ask them these questions:

1 How and where are emails encrypted?

2 How and where are emails decrypted?

3 What benefit does your service offer over default TLS?  (Other than preventing non-encrypted delivery, because this is an optional feature of every mail host I've seen, including exchange).

4 What happens if the recipient doesn't allow for encryption?

5 When/if you create a portal page to send to a user who doesn't meet encryption standards, how do they gain access to the portal?

5b If no password is required, and the email is delivered unencrypted, even with a secure URL - wouldn't someone who sniffed the email simply be able to follow the URL?

6 If the portal is hosting attachments, what is the retention period on that? Would my client's clients be able to open an email from several years ago and pull that data?

7 Are you able to whitelist spam from specific users? (Some of our clients forward their received spam to an address for resolution - phrase filtering will likely bounce these messages as spam).

8 What are your uptime expectations and what happens if the gears stop turning? From ISP's to cloud-storage, everyone seems to experience some downtime, from time to time.

9 Can you provide audit encryption logs?

10 What liability does your service accept for both sending and receiving emails?

No comments:

Post a Comment