View Single Post
Old 3 Apr 2018, 09:10 AM   #1
William9
The "e" in e-mail
 
Join Date: Nov 2005
Location: San Francisco
Posts: 2,280
Encryption at rest on email servers - Important?

General questions for discussion:
  1. What security risks does email encryption at rest mitigate?
  2. How important is encryption at rest from the data security standpoint?
  3. Which email providers encrypt their customers data at rest?
I'm not referring to encryption in transit that occurs when both the sending and receiving email systems support SSL or TLS. Rather, the questions are regarding messages filed in a customers account.

I assumed that having email data encrypted at rest on my email service providers' machines would help to prevent someone from stealing my data by hacking. Of course, encryption would not prevent theft of data if the hacker were using my login credentials. Is the security benefit of encryption at rest limited to preventing someone from accessing data when a physical drive is stolen?

I'm pretty sure that Google encrypts Gmail data a rest. Microsoft encrypts its business accounts. I'm not sure about free Outlook.com. And of course the paid email services that advertise a high level of security such as LuxSci encrypt data at rest.
William9 is offline   Reply With Quote