E-mail Encryption

CRES Is Horrible

I just had a painful conversation with a friendly but foolish offshore Cisco salesperson who tried to sell me a Cisco e-mail encryption appliance when I asked the simple question “Does Cisco offer an Outlook plugin to decrypt messages?”

I clarified that I was not a Cisco client but I needed to decrypt and reply to messages sent from someone who is a Cisco client that uses the Cisco e-mail encryption product.  It was a ridiculous conversation but the short version (which I essentially figured out for myself) is that non-Cisco clients can only read these e-mails from the Cisco web site, while Cisco clients can install an Outlook plugin, assuming they purchased the right license.

The user of the Cisco Registered Envelope Service (CRES) sends out an encrypted e-mail using the Outlook plugin, so it’s a single button-click to enable encryption.  But it’s an ugly process for the non-Cisco-client recipients.

  1. Receive an e-mail with an attachment (ultimately just a link to the CRES website)
  2. Double-click the attachment to open it, which will launch the default web browser: Microsoft Edge in Windows 10, at least for users who haven’t switched to something like Chrome or Firefox
  3. The Cisco website simply doesn’t work in Edge, but it doesn’t actually alert you to that fact.  You just have to figure it out for yourself.
  4. So you have to drag the attachment to the desktop then
  5. Right-click it and Open With some other browser
  6. Then you have to register with CRES (a one-time deal) and then
  7. Login, every time you access a CRES encrypted message.

That’s pretty convenient, right?

I would not recommend CRES to anyone who wants to send encrypted messages outside their own organization, because recipients will quietly hate you for it.

Aren’t My E-mail Messages Encrypted Already?

Yes and no.  The current standard is to encrypt them in transit using SSL and/or TLS, meaning that, yes, in many cases, they are already encrypted, but it ultimately depends on the sending and receiving e-mail servers and what they support.  Older ones may not support encryption and many servers will fall back to unencrypted transmissions.  Gmail and many others encrypt messages by default, so a Gmail user sending a message to another Gmail user has a fully encrypted transmission between accounts.

The short version is that it’s possible your message is encrypted but it’s not required, so you cannot (yet) depend on it.  Maybe that will change some day.

Since CRES Is Horrible, What Should I Use?

The Virtru Logo

We’ve started using Virtru recently, initially because it’s free (and there are paid versions, of course) and ultimately because it’s actually very user friendly.  Since it’s free, every aspect of it is available to any person, unlike Cisco’s offering.  They offer plugins for Outlook and directly integrate with Gmail, if you have a Gmail account and prefer Gmail’s web interface.  If you don’t have Outlook or Gmail, their web interface is pretty good – far less painful than Cisco’s!

I’d offer instructions on how to install and use Virtru, but it’s just a matter of a simple download and installation and a simple registration procedure.  You’ll be fine.

– John

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s