Is it safe to use a messaging portal?


12 March 2021

After all, what is not there cannot leak!

Have you ever wondered if it is secure, copy all those confidential emails to a user portal in the cloud to keep them there for a long time together with all other confidential emails from the other customers of your secure email provider?

Unnecessary data concentration

The GDPR calls for data minimisation and for good reason; data concentration is not secure. As a cyber criminal you know where you are going to try to break in, where there is a lot to be gained. Moreover, it is unnecessary because secure email is also possible without data concentration.

In the Netherlands there is a large supplier field for secure e-mailing. There are currently 7 solutions certified for the NTA 7516. These solutions are suitable for sending confidential information of the LOWA 3 level (say very confidential).

The largest suppliers offer a so-called portal solution / private cloud / pick-up message service, with the result that for more than 80% of all securely sent e-mails the recipient receives such an awkward message: “An important mail is waiting for you”. As a result, the image of secure emailing is that “it must be done for privacy reasons and the retrieval message is simply inevitable”.

This arose when TLS connections were not yet widely used

Encryption is now used on e-mail traffic in approximately 98% of email traffic. As a result, newer secure email solutions such as SecuMailer have a solution to deliver secure emails without a portal.

So instead of doing more than 80% of all confidential emails with a retrieval message and lock, you can limit this to 2% of the emails sent.

This offers great advantages in terms of security, ease of use and options for receivers and users.

Moreover, it gives a better interpretation of the GDPR: privacy by design, privacy by default, consent of the person involved and transparency.

Why is data minimisation a requirement of the GDPR?

This prevents unnecessary copies of your confidential emails from being stored. Then fewer data leaks can occur. After all, what is not there cannot leak.

SecuMailer completes secure emailing by delivering all emails via encrypted connections to the recipient’s mailbox. Only if it cannot be encrypted because the recipient has taken too few security measures (2% of the cases), a pick-up message with SMS code will be used as an alternative delivery. This ensures great convenience for the recipient, simply e-mailing without aftercare at your organisation and applying best practices in the field of the GDPR.

Secure emailing is finally normal emailing again, but then secure.