How Yahoo email encryption could help your business

If Yahoo gets it right, then the end-to-end email encryption the Internet company is promising would be a big help to companies concerned with privacy in the use of webmail, experts say.

Alex Stamos, chief information security officer for Yahoo, announced last week at Black Hat that the company was developing a browser plug-in for encrypting messages sent from Yahoo Mail.

[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

[Yahoo! Encrypts! All! The! Things!]

The company planned to release the plug-in next year.

Stamos demonstrated the plug-in, which was "pretty clunky," Cameron Camp, a security researcher at anti-virus vendor ESET who attended the demo, said. However, the early-stage technology was expected to be much better by the time it's released.

The goal is to make end-to-end encryption (E2EE) easy enough that any company employee or consumer can send email over the Web that remains indecipherable until the recipient decrypts it.

Deploying that level of secrecy today is difficult and is not user friendly, which hampers adoption by all but the most security conscious organizations.

"It's really hard to do," Camp said of E2EE. "Their (Yahoo's) goal is to make it easy enough, so anyone can do it."

Based on the demonstration, a person who wants to send an encrypted message would compose it through the plug-in, as opposed to on the regular Yahoo Mail interface.

See the original post here:
How Yahoo email encryption could help your business