• United States

Problems with secure messaging in the real world

Jun 01, 20042 mins
Enterprise ApplicationsMessaging Apps

* Reader tells of his experience with secure messaging

A reader of this newsletter recently relayed his organization’s experience with secure messaging.

Here’s a lightly edited version of his message:

“The whole secure messaging thing is a real problem for us and for our customers. The problem is that most third-party solutions, such as Pretty Good Privacy (PGP), pose all sorts of archiving problems and are too difficult for many users to handle. Most users have problems if they need to zip a file, and adding any further steps to mail attachments is a big no-no.

“For the most part, secure messaging is not about hiding a message from your colleagues or sending a message internally within the organization – most mail packages do this very well. The real problems are in sending to people in other organizations. For example, we use Lotus Notes as our e-mail system and have about 2,500 frequent contacts spread across more than 1,000 different organizations. It doesn’t make sense for us to use public keys. At present, we use a 128-bit SSL extranet site and send links to documents on that site.

“Our contacts have to log on and download documents. This works well for documents that need to go to large numbers of people, but it is useless for one-to-one communications. What I’ve found is that although it is ‘against policy’ in our company, our staff still uses the unsecured method of direct e-mail. The majority of our contacts are financial institutions, and this problem is even worse for them. They have no specific policies against this, and much of their communication, including some highly confidential stuff, tends to go by unsecured mail.

“What is really needed is a transparent means of mail transfer where users would simply attach and send e-mail, while servers would perform the necessary encryption, transmission and decryption. Such a scenario is available if we go from one Lotus Notes server to another, but there is currently no cross-platform standard that would suit all types of mail software. Until such a standard appears, mail encryption is likely to remain a niche market.”

This is a classic example of the problem that many organizations have with secure e-mail – they need it, but they don’t use it as they should. I’d like to get your thoughts on the problems associated with secure messaging. Please drop me a line at