Firms urged to embrace email encryption

The head of security at pharmaceuticals giant ICI has called for more businesses to encrypt their emails.

Paul Simmonds, one of the co-founders of security think tank The Jericho Forum, said that encryption would enable businesses to communicate with better levels of trust.

"It's available on every single email product," said Simmonds, global director of information security for ICI. "But nobody is using it. We need to talk it up on an industry level and get a critical mass on this."

Simmonds advocated the use of Transport Layer Security (TLS) — a protocol that can be used to encrypt data packets as they travel between email servers. It is supported by most email applications including Microsoft Exchange and IBM Lotus Domino.

Simmonds was speaking at an event hosted by email filtering company MessageLabs. He added that if people were able to trust each others' emails, there would be no need for filtering services.

"If I can guarantee this comes from Proctor & Gamble, say, then these guys don't have to filter it. They can just give it to me. [TLS] is the biggest well-kept secret in IT," claimed Simmonds.

But MessageLabs itself is sceptical that widespread use of TLS would solve all problems with email security.

"I am always cautious about silver bullets," said Mark Sunner, chief technology officer for MessageLabs. "[Threats] are not going to stand still. This is a constant game of cat and mouse."