Financial services firms, along with many other companies in regulated industries, are subject to laws or regulations that require archival, supervisory review, and searching of e-mail communications. Also, there are established business processes that require the use of encrypted documents due to the sensitive nature of the content.
Various conventional technologies exist to allow parties to exchange e-mails in encrypted form. These technologies include public key cryptography (PKI) and Secure/Multipurpose Internet Mail Extensions (S/MIME), which require parties to exchange keys or install certificates; “gateway” transport-layer security (TLS) solutions, which typically require e-mail system administrators to make substantial modifications to their e-mail systems; and, proprietary e-mail application plug-ins or web-based interfaces, which usually require recipients to install new software to open documents and e-mails, or to visit a web site to download the attachments. Participants in encrypted e-mail communications may also use native password/encryption facilities available at the time of document creation. These facilities may be found as tools within word processing programs, spreadsheet programs, and charting/presentation programs, for example.
The use of encryption or password protection, however, often creates challenges for compliance with applicable laws or regulations that govern the processing of e-mail communications. Compliance officers who need to browse archives, or supervisors who need to review e-mails, can request that users supply passwords or decrypted documents. When documents are needed by such officers or supervisors, however, the users may no longer be employed by the firm, may have forgotten the passwords, or may otherwise not wish to assist in the effort to search for or review encrypted documents. In addition, firms may wish to monitor or investigate user e-mail communications discreetly, and asking users for passwords can jeopardize the discreet nature of such activity. Also, archive-wide searching of encrypted documents is usually impossible, because search tools are typically unable to scan the content of such documents.
In view of the foregoing issues and deficiencies, more efficient and effective ways are required for processing and storing encrypted e-mail communications and their attachments.