Millions of email messages are sent every day. Ordinary email messages are not secure because the message content is transmitted in clear text. While some email messages may be suitable or even intended for public dissemination, many email messages are not.
People often email personal, private, financial, business-sensitive and other non-public information. Despite the private nature of these email messages, many are sent over public networks without any security precautions. As a result, people assume the risk that their private information may become public.
Cryptography is a method for securing email message content. Because secure emails are encrypted before transmission, only the users having the necessary decryption key are able to decrypt and read the message contents.
The use of a secure webmail portal is a robust way to protect email privacy between an enterprise having encryption capabilities and consumers or businesses which do not have matching decryption capabilities. Typically, the originating enterprise will have an on-site Gateway device that can encrypt directly to parties with the ability to decrypt, and encrypt to the secure webmail portal as an alternative for parties who are less well equipped. Such parties can then access the messages using SSL/TLS browser security following email notification with provision of an appropriate mail access url.
When the secure webmail portal is provided ‘in-the-cloud’ by a service provider, the service provider necessarily has possession of both the encrypted message contents and the decryption key. This is necessary because the service provider must be able to decrypt the contents to enable message rendering through the recipient user's browser. ‘Cloud-based’ services are desirable as operation and maintenance of the associated technologies is quite complex and places a significant support burden on an enterprise's staff. However, using such services provides some risk to an enterprise's data as the enterprise does not have full control of their data because the service provider has access to the contents of the enterprise's protected data.