Why Email Encryption Projects Fail and How to Make Sure Yours Doesn’t
All too often we meet companies who tell us how their last email encryption solution didn’t work for them. They found themselves with a provider that did not deliver or perhaps they anticipated so much more then what was actually delivered.
If a solution to a problem creates more problems than it solves - you begin to lose trust with the entire industry. Implementing a new tool is more stressful the second time. So much resource has been spent on procuring the first provider and once the contract has been escaped, it has to be done all over again with less confidence. So, how do companies ensure their email encryption projects are spot on the first time round?
We’ve spoken to many companies who have had this experience and we’ve noticed some consistencies amongst their stories. We’ve decided to put together a list of top reasons that email encryption projects fail. In the context of your recent email encryption project, or maybe one you have coming up, I hope this shines a light on what can be avoided in the future and what needs to be done to increase budgets and procure a tool that is right for you.
Being Driven by Costs
Email encryption software needs a budget and a procurement strategy. All too often, companies see email encryption as nothing but a box ticking compliance exercise and because of this, they fail to get the investment they need, choosing to pick a provider that quotes the cheapest price.
This is a huge problem because email encryption has many benefits for operational efficiency, trust, fraud reduction, cybersecurity, finance, human resources, customer service, marketing and more. There’s so much more to it then box ticking!
Cost should not be the only factor to consider when buying a solution so, make sure you really map out the functionality you need and consider the resource burden required when that function doesn’t exist. Some more examples of this in points below.
Not Finding the Right Fit
When an organisation decides on a provider simply because of cost, they will likely find out afterwards that certain features the chosen tool offered are not actually practical in reality.
For example, Office 365 has the ability to recall messages but if you look at how this feature is actually delivered by different providers, it can happen with an easy button click or a lengthy ticketing system which may not even get resolved in time.
If you’re simply concerned about compliance, then either way works. But if you care about operational efficiency and actually being able to recall messages, then you’d probably want to have the easy button over the lengthy ticketing system.
Not Enough Regional Support
Data protection laws vary widely by countries and languages. A good email encryption solution will be tactile enough to support different laws and different languages or in some cases, like in Canada - different languages for the same country! This means email signatures, terms and conditions, privacy policies and data security messages.
You need an email tool that doesn’t force an organisation to communicate in new ways, rather, it should learn and understand how the organisation communicates and fit an email encryption technology on top of that.
Additionally, compliance isn’t a set place, it’s a moving target that email encryption providers need to be constantly adapting towards. An organisation needs to be aware of the newest features and the adaptability of the email encryption provider it goes with.
Supporting Outdated Technology
Costs can soar if an email encryption technology needs to be backed up by multiple third-party integrations or technology. Because email encryption is considered a box ticking exercise for compliance, considerations are often not made about the features of the email tool that are important to have.
One example of this oversight is branding. Organisations often find that the cheapest tools do not support forced email signatures, branded domains or web pages in their tool. Whether it’s through an integration with the company’s Active Directory or through email hierarchy features in the back-end, branding is important.
Look out for the ability to manage corporate email signatures and branding, something that can also be mentioned in budgeting for the tool because it plays an important role for marketing and branding departments and will be missed if it cannot be configured.
Being Resource Intensive
Organisations who fail with their email encryption projects often pay less for their tools but more than double the needed resource in-house to manage the use of the tool. Let’s take a customer service team as an example. They need email encryption to tick a compliance box but they soon found that their tool requires individual employees to whitelist email addresses and any difficulties met with the tool has resulted in hours spent trying to fix bugs.
If they had just spent a little more on the tool they would have found an easy central administration feature where emails can be whitelisted to the whole organisation or individual mail groups by a super admin user. They also might have found a 24/7 support function for when they encounter problems. Now the email encryption provider or super user is paid to solve these problems instead of each employee in the customer service department spending time on it individually.
Short Term Planning
Covid-19 has brought into light many of the issues that companies have with their email solutions. Most humans are not long term thinkers and companies are even worse because employees and management teams only ever think about what they need NOW, instead of what they will need to support a company’s longevity.
It’s worth considering that short-term planning is also another resource burden because implementing a new tool (when the old one becomes outdated or not fit-for-purpose) requires budget approvals, research, procurement, purchase, implementation, onboarding and training. This is a huge resource to companies and it can be avoided if the right tool is purchased at the onset.
As digital transactions become the norm, most processes are moved online and require, by default, good security and identity verification technologies to underpin them. This ensures, not just compliance but protection of personal data and security of vulnerabilities that can be exploited by hackers.
If more organisations consider the importance of digitisation and automation, they will invest more heavily into a tool that they know they will have for a lifetime. Now that Covid-19 has brought these issues to light, it’s easy to see that email encryption isn’t just a box ticking exercise, it’s also a future-proofing exercise.
Ciphermail’s Email Encryption gateway doesn’t just support business compliance. To learn more, visit our website.
For more information on ways that email encryption and signing tools can make digital transformation possible, read the article How Email Encryption and Signing Enhance Digital Transformation.