EmailDiscussions.com - View Single Post - Encryption at rest on email servers

William9 · 3 Apr 2018, 09:10 AM

General questions for discussion:

What security risks does email encryption at rest mitigate?
How important is encryption at rest from the data security standpoint?
Which email providers encrypt their customers data at rest?

I'm not referring to encryption in transit that occurs when both the sending and receiving email systems support SSL or TLS. Rather, the questions are regarding messages filed in a customers account.

I assumed that having email data encrypted at rest on my email service providers' machines would help to prevent someone from stealing my data by hacking. Of course, encryption would not prevent theft of data if the hacker were using my login credentials. Is the security benefit of encryption at rest limited to preventing someone from accessing data when a physical drive is stolen?

I'm pretty sure that Google encrypts Gmail data a rest. Microsoft encrypts its business accounts. I'm not sure about free Outlook.com. And of course the paid email services that advertise a high level of security such as LuxSci encrypt data at rest.

3 Apr 2018, 09:10 AM	#1
William9 The "e" in e-mail Join Date: Nov 2005 Location: San Francisco Posts: 2,281	Encryption at rest on email servers - Important? General questions for discussion: What security risks does email encryption at rest mitigate? How important is encryption at rest from the data security standpoint? Which email providers encrypt their customers data at rest? I'm not referring to encryption in transit that occurs when both the sending and receiving email systems support SSL or TLS. Rather, the questions are regarding messages filed in a customers account. I assumed that having email data encrypted at rest on my email service providers' machines would help to prevent someone from stealing my data by hacking. Of course, encryption would not prevent theft of data if the hacker were using my login credentials. Is the security benefit of encryption at rest limited to preventing someone from accessing data when a physical drive is stolen? I'm pretty sure that Google encrypts Gmail data a rest. Microsoft encrypts its business accounts. I'm not sure about free Outlook.com. And of course the paid email services that advertise a high level of security such as LuxSci encrypt data at rest.