Encryption at rest on email servers - Important?
 

General questions for discussion:

1. What security risks does email encryption at rest mitigate?
2. How important is encryption at rest from the data security standpoint?
3. Which email providers encrypt their customers data at rest?

I'm not referring to encryption in transit that occurs when both the sending and receiving email systems support SSL or TLS. Rather, the questions are regarding messages filed in a customers account.

I assumed that having email data encrypted at rest on my email service providers' machines would help to prevent someone from stealing my data by hacking. Of course, encryption would not prevent theft of data if the hacker were using my login credentials. Is the security benefit of encryption at rest limited to preventing someone from accessing data when a physical drive is stolen?

I'm pretty sure that Google encrypts Gmail data a rest. Microsoft encrypts its business accounts. I'm not sure about free Outlook.com. And of course the paid email services that advertise a high level of security such as LuxSci encrypt data at rest.

Not sure really, since I think the largest danger is giving up your login information via a phishing attack or other malware. Once they have your credentials and can unencrypt your emails anyway, what does it matter? I suppose there is some vulnerability at certain email providers that your emails can be read by staff or access given via some backdoor, and then if they are encrypted nobody should be able to read them. With smaller providers there is really nothing other than trust that they won't read your email.

> What security risks does email encryption at rest mitigate?

It prevents plain text emails from being readable if someone physically steals the hard drive from the email service providers server.

It also protects plain text from being readable if the service provider retires the drive without sanitizing it before dumping it in the trash, leaving it out on a desk, or sending it to a computer recycling company that doesn't properly destroy it.

Any example where an unauthorized person gets physical access to the drive fits here.

> Once they have your credentials and can unencrypt your emails anyway, what does it matter?

Different things, having your username and password doesn't mean a bad guy can decrypt an encrypted hard drive.

Sure, but that is an unlikely scenario according to studies like the one Google released recently. On the other hand, the most likely scenario is that your credentials get stolen or hacked and then bad guys just log in and get your email that way. If you are really worried for some reason that data at rest is in danger go with a huge provider where the data is scattered around the world in multiple centers that have military-grade security. I doubt Google disposes of dead drives in the trash and even if they did what are the chances your information will be on the drive? Encryption at rest is mainly a worry for those who store data at small providers where you have no idea how protected it is, and if that is the case how do you know the provider doesn't have your encryption keys too?