Encryption, once a tool used mainly by security professionals, activists and others with reason to suspect their communications may be at risk, has been moving ever deeper into the mainstream in recent months. Now, Microsoft is planning to roll out a new encrypted email service on its Office 365 site that will make sending and receiving secure email much simpler.
The new service, known as Office 365 Message Encryption, is designed to simplify the process of using encrypted email, something that hasn’t been as easy as most users would like. Setting up and using many secure email applications can be an arduous and confusing process, particularly for users who may not be familiar with security. Microsoft’s new service, which will be available in the first quarter of 2014, uses a system that’s somewhat similar to other secure email systems, wherein a user receives an email with an encrypted attachment and instructions for opening it.
“No matter what the destination-Outlook.com, Yahoo, Gmail, Exchange Server, Lotus Notes, GroupWise, Squirrel Mail, you name it-you can send sensitive business communications with an additional level of protection against unauthorized access. There are many business situations where this type of encryption is essential,” Microsoft’s Shobhit Sahay said in a blog post explaining the new service.
“When an external recipient receives an encrypted message from your company, they see an encrypted attachment and an instruction to view the encrypted message. You can open the attachment right from your inbox, and the attachment opens in a new browser window. To view the message, you just follow the simple instructions for authenticating via your Office 365 ID or Microsoft Account.”
Since the start of the summer, when the Edward Snowden NSA leaks began, encrypted communications have become a hot topic in the security and privacy communities, as well as in the wider user community. The secure email service reportedly used by Snowden, Lavabit, shut down in August, as did the Silent Mail system run by Silent Circle, both moves coming on the heels of government demands for Lavabit’s SSL keys.
Microsoft’s new service isn’t really the same kind of system as those, but it’s meant to help businesses secure their sensitive communications through the use of a variety of encryption schemes. When the data is at rest in Microsoft’s data center, it will be protected by BitLocker. The connection between the client and the Office 365 servers is protected by SSL ad the messages will be encrypted and signed using S/MIME.
The system will use a simple Web interface for administration, and enterprise administrators have the ability to set up riles that determine which emails will be encrypted.
“The Message Encryption interface, based on Outlook Web App, is modern and easy to navigate. You can easily find information and perform quick tasks such as reply, forward, insert, attach, and so on. As an added measure of protection, when the receiver replies to the sender of the encrypted message or forwards the message, those emails are also encrypted,” Sahay said.
Image from Flickr photos of FutUndBeidl.