BMWi study on obstacles to electronic encryption

The BMWi study on barriers to electronic encryption confirms: Only what has to be done is done. Encryption is technically possible in 72 percent of companies. 94 percent of the respondents see encryption as a principle of proper business management. However, concerns about effort and costs are putting investments on the back burner.

Poor usability or a lack of expertise hindered the use of existing solutions. The self-motivation to encrypt email communication based on the analysis of the threat situation is not sufficient in many cases. In order to make encryption the standard, a certain external motivation must be added via pressure from business partners, customers and also legal or industry-specific requirements.

An example: EDI@Energy

One successful example is the introduction of the "EDI@Energy - regulations on the transmission path" in the energy industry last year. All electronic market communication in the German energy industry is now encrypted according to the latest security standards. Responsibilities and sanctions for the possible cases of error have been defined, which means that there are no longer any unencrypted e-mails between market partners in the energy industry.

Technically, the encryption is solved via Secure Email Gateways, which work automatically in the background.

One third without encryption- deceptive security for the others

According to the BMWi study, encrypted data transmission - which also includes e-mails - is available at 72 percent of SMEs and over 91 percent of large companies. However, this does not mean that the existing encryption solutions are used across the board. However, this is of great importance. Encrypting the individual e-mail with explosive content worth protecting is only half the battle, because what happens to the remaining e-mails that reach and leave the company unprotected?

In times of cheap storage space and efficient Big Data analyses, one possible attack scenario is to intercept the entire email traffic of a company and evaluate it in a structured manner. This provides a very intimate insight into companies and their business relationships. This real security threat can only be countered with Secure Email Gateways as highly automated infrastructure solutions.

Conclusions

Single-user solutions, often free of charge, as currently used by the majority of SMEs, do not scale and actually lead to high expenses and training requirements.

The logical consequence of the study would be regulations that require the use of encryption solutions across the board using secure technologies. Legislators and industry associations would be called upon to establish firm rules. Instead, new awareness campaigns are being launched and appeals are being made to the common sense of companies, with an IT compass as a guide that only inadequately captures the current market situation.

Regardless of the BMWi study requirements will soon come into force that will force encryption in companies. Due to the IT Security Act, other critical infrastructures will soon be in focus after the energy sector. Similar requirements for secure electronic communication are expected. (Source: Zertificon)

The European General Data Protection Regulation (EU GDPR) also places companies under obligation when processing personal data. Read more about this in the current issue of Management & Quality.