Encrypting Cloud Email Isnt as Easy You’d Think

Fund managers need to consider who holds the encryption keys for cloud-based email, or face potential legal risks.

One of the major stumbling blocks of moving email into the cloud is the perceived data security problem. While there are many benefits to using cloud-based systems, the downside is that data security and privacy is always a top concern for financial firms.

Sandton Capital, a New York-based private equity firm focused on alternative credit opportunities, decided not to host email on its own premises. Instead, it chose to use Gmail, hosted by Google. As the investment firm grew, and it looked at the kind of data it was emailing, it began to focus on the safety and security of this information. With so much of its confidential data related to investors and lenders via email, Sandton turned to cloud-based encryption to protect its data.

We looked at Gmail for a number of ways to encrypt it, and none of them were very seamless, says Rael Nurick, managing partner at Sandton Capital, which manages a $750 million investment fund. While Google offered email encryption, the process required the recipient to register on a different website to decrypt and open the email. In addition, Sandton used Google Apps and found it wasnt that good at seamlessly syncing with other devices.

While hackers and cyber security data breaches are always a concern, this was not the reason that Sandton was concerned about protecting its email. With $750 million under management, there are several hundred positions in its portfolio. We send emails about those positions, and theres information on investors, too, Nurick tells us.

[Do you aspire to the C-suite, or some other spot in upper IT management? Then bulk up your credentials around today's most pressing IT movement, digital business, at the InformationWeek IT Leadership Summit.]

Nurick says that, although security from hackers is important, the firm was even more concerned about outside parties accessing Sandtons emails through a subpoena or legal proceeding. Often, when an email hosting provider is issued a subpoena, it complies immediately and turns over the required emails immediately. Without any oversight by Sandton, he felt, the actions by an email hosting service could add vulnerabilities.

Since Sandtons specialty is purchasing under-performing bank loans and providing rescue finance to troubled companies, it does get into litigation occasionally. The private equity firm had two different sets of data it needed to protect:

Most importantly, Sandton needs to make sure that no outside party, even if they get hold of the data, can read the information, Nurick says.

Different flavors of cloud encryptionNurick feared that he would lose control of his data to third-party hosting companies if they were to receive a court order to turn over confidential email. Big hosting companies like Microsoft and Google have no incentive to do anything but give away all of your emails.

Read this article:
Encrypting Cloud Email Isnt as Easy You'd Think