Secure Email Encryption (UpStream Encrypt)
What is Secure Email Encryption and how does UpStream Encrypt tie into it?
Secure Email Encryption is a means of preventing access to emails sent, except to their designated recipient.
This includes both protecting the content from both low and mid-level interception while in transit as well as limiting access to the content behind authentication safeguards. When it comes to reducing liability and the ensuring the safety of data, this is where things get real.
If you’ve ever communicated with a financial or medical organization over email, the moment any sort of sensitive information, such as a Social Security Number, bank statement or Protected Health Information (PHI) comes up, the message content was likely stripped away and placed into a secure portal that you could only access by special login, wherein communication could continue, but only via their portal (or application). These portals are usually purposefully created secure messaging servers that the provider built out where the content lives and dies on their system, rather than being transmitted to your mail server over potentially compromised connections or mail accounts.
When a recipient receives an encrypted message, they’re instead receiving a link to the Secure Message Server to log in (to authenticate themselves) and then read and respond to the message, all on the provider’s platform, never ever having been sent out over the open Internet.
Some providers may also offer a more convenient option that inherently trusts that your mail account is secure, but enforces a special delivery method that ensures data encryption while in transit is met.
Given the large number of financial, government, medical and research organizations that UpStream works with, Secure Email Encryption is a fact-of-life for our clients who handle sensitive data and we bring both of these email transport methods to the table to keep their data safe even after it has left our servers.
UpStream Encrypt is a separate add-on subscription for clients who regularly need to communicate sensitive data with external vendors or clients and want to protect that, both for their own safety and liability mitigation, as well as for providing that enhanced feeling of trust of working with an organization that values security enough to secure their transmissions this way.
As a secondary use case, UpStream Encrypt can also tie in with regular Data Leak Prevention policies that the organization may have in place (or want to put into place) to prevent data from getting out inadvertently (or intentionally). Instead of automatically blocking certain content from going out, the email instead can be encrypted and still be sent out to the intended recipient.
How does UpStream Encrypt work?
UpStream Encrypt ties in with UpStream’s Outbound Filtering functionality, specifically with the Data Leak Prevention (DLP) policies contained within that feature, to trigger under one of two circumstances:
When an email’s content meeting the Data Leak Prevention policy’s criteria is met, and the “action” to be taken upon that message is to encrypt it before delivering to the recipient.
When a message is intentionally encrypted by the sender, either via the Outlook Desktop Client/Outlook Web Access or via a keyword-based trigger policy.
Once an email meets either of these triggers, it is relayed from the Email Filtering servers to the UpStream Encrypt servers, where message encryption occurs. What happens next depends on the settings chosen by the organization: TLS-Verified email transmission or Secure Message Portal access.
Secure email delivery with encryption, which uses an enhanced version of SMTP Secure (SMTPS) featuring TLS-Verify Enforcement, requires that the recipient servers support a higher grade of transport encryption than normal. If the recipient server does, the message is transmitted over the encrypted tunnel before being delivered to the user like any other message. This is a ‘no fuss, no muss’ method for the recipient to read the message without having to do anything different from a regular email.
In the event that SMTPS with TLS-Verify is not supported, or the organization prefers a higher grade of security, Upstream’s Secure Message Portal will hold the message and send the recipient a notification requesting that they register with UpStream and log into a dedicated mail portal to read and respond to the message. This portal provides additional security locks, such as MultiFactor Authentication (MFA), if desired.
In either case, the message has been securely transmitted to the recipient.
With UpStream Encrypt effectively operating as a ‘last hop’ for message delivery for an organization, entries would need to be made into the Sender Policy Framework (SPF) DNS records to authorize the service as a qualified sender to satisfy DMARC requirements. More on how all that works and the benefits of it can be found here.
What does UpStream Encrypt do for me?
The biggest advantage of encrypting sensitive emails is the mitigation of liability for the organization and providing peace of mind for your clients and vendors that you value their data and relationship with them enough to protect them.
It’s a fact of life that sensitive data is sent via email every day, both out of convenience and of ignorance on how easy it is to intercept by others. Many of us are guilty of doing this ourselves and don’t want to go through an additional step of encrypting/securing that data; it’s true.
UpStream Encrypt offers the flexibility of automating this process so that sensitive content can be automatically encrypted without any action by the sender, while still allowing for manual encryption when desired, both via a simple button press or by typing a keyword.
Everybody wins under this kind of umbrella deployment and UpStream can guide the way to a safer, more secure future.
State Level Regulations
International Regulations
Customize the Branding of your UpStream Encrypt Portal page to reflect your organization’s branding, offering the assurance of whom you’re communicating with is the real deal.
Choose which Encryption options you’d like to use when sending out messages, including fail-safe methods when one or the other isn’t available.
Provide clear visibility to the Sender of the email that the message was transmitted securely to the recipient with success notifications.
Choose whether you’d like to require recipients to use MultiFactor Authentication to access the Message Portal for heightened security.
Select from predefined and curated Data Leak Prevention policies that can automatically encrypt data that is being sent out that matches them, such as our Healthcare Regulations policy.
Financial Regulations
Federal Privacy Regulations
Education and K-12 Regulations