In a previous blog, we discussed the importance of user-friendliness in a secure email solution. A product that is not easy to use, will most likely not be used the right way . And that in turn has an effect on the security of a product. But, what makes a product secure and how do we need to apply this when it comes to email security?
Just to get straight to the point: secure email requires, among other things, the correct encryption of your data. If this can't be established, chances are that data may still fall into the wrong hands.
But what is meant by encryption? This is about securing your data, from sending, to delivery and storage. In other words, end-to-end encryption. This ensures that all data is encrypted, sent encrypted and then stored encrypted.
All information is secured for each email transaction, with an automatically generated AES-GCM encryption key. AES-GCM is used, because this mode offers the strongest cryptography and because it allows us to upload large blocks of data in parallel. The keys, however, are not stored on the Smartlockr platform. These are used during transmission on the local machine and on the recipients' local machine.
This means that even Smartlockr can't view information that is shared with a public link.
This ensures that Smartlockr not only uses end-to-end encryption, but makes sure there is no access: encryption with zero-knowledge. Without a key - and therefore the ability to open messages - there is no access to the data. Smartlockr only encrypts and passes on the data.
Encrypting messages is important. But what about sending a message securely? Although encryption plays a major role in security, so does sending over a secure connection.
As long as data is shared over the internet, there is always a chance that data can be intercepted. Finding a secure way to share this data is therefore something to take into consideration.
By using an encryption protocol such as TLS, a Transport Layer Security, messages that are pending between the inbox of the sender and the recipient, are given the correct security. In short, it gives an extra secure layer on top of the encrypted message.
Your message has been sent securely, what's next? The security of your storage shouldn't be forgotten. You don't want people to access your data, even after sending.
Smartlockr uses the data centers of Microsoft Azure. Everything is neatly stored here, without Smartlockr having access to it as a supplier. As a result, data remains securely stored and in case of calamities, access can be obtained via the backups that are made and stored in a second location.