Wed 15 Feb 2012
Earlier today, a company I recently joined as a board member (and in the interests of full disclosure, an investor as well) announced their first product. The company is called ‘enlocked’ and they are addressing a problem that I’ve felt has been unnecessarily ignored for many years. That is:
While we almost all use email as our primary communications vehicle today, there are still some things that we must reserve for voice (by phone or in person), hardcopy, or even fax.
Being a security minded person, I cringe whenever my accountant, banker or co-worker asks for some sensitive information over email. I usually break my routine, pick up the phone, and pass the information verbally if I can. Since I’m in the security industry (and running Linux), I have had PGP keys for a long time now and Thunderbird supports PGP nicely using Enigmail. But, most people I communicate with use Windows, don’t have PGP keys and don’t know how to install and generate any of the above. Even if I find someone with a PGP key, the exchange is cumbersome and I cannot read their secure emails on my iPhone, iPad and Kindle Fire.
We all understand the security issues with email. Usually, it is sent entirely in the clear as it goes from your server to the recipients server, open for anyone to read along the way. Another issue is that when an email account is compromised or a device is lost, all emails in the account can be read and your sensitive information is exposed. Never mind that the administrators on those servers could be reading any inbound or outbound message, without you knowing it.
Now, some of you are probably thinking: hey, if I really wanted to use email to send this private information, I could just buy some encryption software, exchange keys with the recipient, and I’m all set. As I said earlier, for those of us who deal with a lot of sensitive data, the complexity (and cost) of doing this is worth it. But, for the average user out there who just wants to send someone a quick message, there is a huge adoption hurdle. These tools aren’t getting used, and people are either interrupting their normal email channel and calling with these details, or they are relying on ‘security by obscurity’ in the hope that their message doesn’t get eavesdropped.
The magic of enlocked is that they’ve figured out how to do this in a truly simple way for the sender, without needing to even contact the recipient in advance, let alone install compatible software. By building simple plug-ins and mobile apps, they can leverage your existing authentication to your email server, connect to a cloud service they’ve built, and take care of all the ugliness. You just hit a “send secured” button. The receiver gets their first enlocked message, and is directed to the enlocked.com site to get a plug in for their device / browser. They authenticate themselves to their email server, and the message is readable. Now that they’ve installed it, future messages (from you or anyone else) require no special handling, they just display automatically. And they can send their own secure email as well.
The best way to really see how well this has been done, is just to try it. The downloads and the service are completely free, so head on over to enlocked and send someone a secret message.