Steps taken by Yahoo and more recently, Google, to make their cloud email solutions more secure are to be commended.  It’s great to know that data sent between your browser and your cloud vendor’s webmail servers is always protected.  In this case, browser-based SSL is used.  So the connection is as secure as when you access your online bank.  Google’s announcement indicates that they also secure your data as it moves between their data centers.  Another commendable step.

What shouldn’t be commended, however, is the resulting false sense of security portrayed in the numerous publications covering these events.  A common thread in these articles is that these security updates allow Yahoo and Google email users to safely send sensitive data over the Internet.

Unfortunately, this could not be further from the truth.  In each case, security was added to the systems used by their own customers.  That’s great if all your email correspondence is with other Yahoo subscribers (if you use Yahoo email) or with other Gmail users (if you use Gmail). But more often email correspondence involves more than just the sender’s system.  In these cases, the email message leaves the sender’s system and travels across the public Internet, often hopping across many 3rd party systems on its way to the recipient.  Hops are typically run by organizations, universities and government agencies not related to the transaction.  They’re what makes the internet resilient, so that if one path is down, a different one can be taken.  At any point in its journey, the email message and its attachments can be examined, not only by the operators of these hops, but also by tapping into the wiring in between.

With new privacy and compliance regulations being developed or expanded on a regular basis, and the stiff fines and penalties for transmitting sensitive data across the internet, there’s never been a greater need for end-to-end security in the form of email encryption.  Maintaining security during an email’s journey across different systems, providing compliance and tracking data to prove your message was sent securely, and maintaining ease of use for all involved are what will keep commerce flowing, and the Internet as the backbone of this communication.