Why end-to-end encryption (E2EE) is not usually the medium of choice in organisations.

My thoughts on end-to-end encryption
Tobias Burkart,
Senior BDM, Cryptshare

Can Cryptshare encrypt end-to-end?

Again and again I am asked whether Cryptshare can also encrypt end-to-end. In such instances, I always ask the counterquestion: What exactly is meant by this? For me, end-to-end encryption actually refers to the end of the communication chain, meaning from client to client.

Why this often turns out not to be useful in practice, the questioners can commonly answer me themselves:

Disadvantages of end-to-end encryption

  • Effortful operation, directly on the client
  • Requirements: Software, key or certificate on the end device
  • No archiving
  • No security (malware, data leakage)
  • Difficult backup scenarios
  • Holiday or sick leave arrangements
  • Leaving of the employee. What happens to the private key?

This means

If the transfer from the sender to the digital inbox of the receiving company (analogue: reception/HQ/post office) is secured, internal distribution can then be realised at the receiving company via their existing infrastructure.

Often, users on the receiving side don‘t want to have to use additional software but would rather like to be allowed to maintain their familiar processes.

It is perfectly adequate if the sensitive information is transmitted securely from the sending client to the receiving company/organisation. The same applies the other way round.

Advantages of not using end-to-end encryption

 

Very low operating costs, as the system is centrally managed and you do not have to go back to individual client management, sparing the TCO.

Using the already existing IT security infrastructure on both sides (mail gateway, firewall, content and malware scanning, DLP, etc.), in which a lot of money has been invested, instead of cancelling this by using end-to-end. This is userfriendly and creates acceptance among staff.

 

The possibility of the information on both sides to be archived or transferred directly and automated into a central document management system. This leads to an ideal further processing for the user, instead of creating hurdles it accelerates communication.

The communication works for external contacts with the onboard resources of their systems and requires no software installation and certificate management. Therefore, communication between people is enabled instead of prevented.

What is end-to-end encryption (E2EE) and how does it work?

In end-to-end encryption (E2EE), information is encrypted and decrypted directly at the communication partners. For example, a file is encrypted at the sender before it is transmitted. The nodes involved in the transmission (such as service providers) cannot access the encrypted information, but can only determine the sender and recipient information that is necessary for the delivery of the file. Decryption then only takes place after transmission on the recipient side.

Cryptographic procedures are used for encryption and decryption. For example, symmetrical or asymmetrical encryption with public keys and private keys.

The concept of end-to-end encryption is considered very secure and reliably protects information from unwanted access by third parties. Nevertheless, this also results in some practical disadvantages, which we address on this page.

Related content