The Email Gateway: A Swiss Army Knife for Automated Encryption

The average company has 113 SaaS applications in its technology stack, according to research from BetterCloud. While not all of those apps handle sensitive data, many do — including customer relationship management (CRM) and business intelligence tools like Salesforce, Zendesk, and ServiceNow. These apps contain and transmit customer and business details that should remain confidential. Organizations need SaaS encryption solutions that protect the sensitive data flowing in and out of those apps. 

You can think of the Virtru Data Protection Gateway as a “Swiss Army Knife” for automatically encrypting data anywhere it needs protection, as well as decrypting data when needed. Here's a quick video to show how it works. 

Email Gateway Benefits

Here are some of the benefits of implementing an email gateway like the Virtru Data Protection Gateway.

• Invisible to the User: For teams that work at a fast pace, the Virtru Gateway can run behind the scenes, completely invisible to the user. On the back end, content rules can detect and automatically encrypt a message containing sensitive information, so it won't leave your environment unprotected. This requires no action by the user. 
• Versatility: The Virtru Gateway can be configured in a variety of ways, and it can complement a variety of SaaS applications that relay information via email.
• "Daisy Chain" and Customize: Many Virtru customers use the Gateway for both encryption and decryption. (For example, a bank with advanced compliance or reporting requirements may require an archived, unencrypted copy of all email communications.) We'll dive into some of these use cases below. 
  
• Extend Data Control: Virtru's encryption comes with granular policy and access controls that move with the data wherever it goes. When the Virtru Data Protection Gateway secures outgoing content, it also gives you the ability to take action on that content after it leaves — so if an email gets sent to the wrong person, for example, you can revoke access and understand whether the email was opened. 

Outbound Encryption: Protect Sensitive Information Before It Leaves Your Environment

Outbound encryption protects outgoing messages that are being shared outside your organization and can be tied to security rules so that encryption applies only to messages that meet certain criteria. Virtru customers use this to automatically encrypt messages containing specific details like social security numbers or patient records. Some customers connect this to device-generated data, such as a scanner creating and sharing a PDF.  

”I loved the idea of being able to leverage DLP policies to scan and auto-encrypt HIPAA and CJIS information,” said John Hyland, IT Director for the Town of North Andover, Massachusetts. Google has some good DLP blocking, but I really liked Virtru’s method of being able to secure, share, and track data instead of just blocking it.”

With Virtru Encryption Comes Granular Access Control

The Virtru Data Protection Gateway doesn't just trigger encryption: It also adds granular policy and access controls that follow the data wherever it travels. With Virtru, you can change or revoke access to that shared data at any time, even after it's left your network.

Hyland emphasized the persistent protection and access control that follows a Virtru-encrypted email. "I really liked the tracking and auditing Virtru offers on data that has already been shared," he said. 

Jason Karn, Chief Compliance Officer for Total HIPAA, underscores the value of Virtru data protection beyond traditional encryption alone. "Just having data encrypted point-to-point doesn't solve the problem," said Karn. "If that's all it took, then Gmail, Google Workspace, and Office 365 would be sufficient [for protecting PHI]. The real issue is, ‘What do you do when you send PHI to the wrong person?’ Virtru is a minimal expense for the security and safety it provides.”

Customer Success Story: Implementing the Data Protection Gateway at a Global Bank

Here's an example of the Virtru Gateway in action. Watch the video to hear how one of the world's largest banks uses the Virtru Data Protection Gateway for effortless encryption and decryption for emails and files containing sensitive information. 

Inbound Decryption: Enable Scanning, Archiving, and Automated Data Flows

Inbound decryption makes encrypted data readable when it enters your environment. Many organizations use this to archive messages in an unencrypted format, or to run other software like malware or virus scanners. This ensures that organizations can get the most out of the other software they’ve invested in, allowing data to flow through those apps in an unencrypted format. 

Many Virtru customers use apps like Salesforce to manage their customer data, and they want data to be encrypted as it is shared, but they also want to ingest data into their Salesforce instance unencrypted so that their sales teams are able to conduct their work without friction.

This use case extends to other apps created in-house, business intelligence apps like Looker, collaboration tools like Atlassian, and many more. 

Outbound Decryption: Decrypt Messages In Transit to Trusted Environments

A less common Virtru Gateway scenario, this decrypts messages and files that have been encrypted by the sender using the Virtru email plugin. This can be useful for organizations sharing data with a trusted external partner and already have other data protection safeguards in place. 

Some industries, such as the financial sector, have reporting obligations (such as to the Securities and Exchange Commission, the SEC) and need to make eDiscovery available. In these kinds of scenarios, outbound decryption can be followed by another Gateway instance (outbound encryption) to ensure that the decrypted message can be inspected or logged, but then becomes re-encrypted as it moves outside the network. This way, the message is still encrypted when it travels to the recipient, the way the sender intended.  

Inbound Encryption: Protecting Incoming Data As It Enters Your Environment

Inbound encryption ensures that data remains secure as it enters your environment. This can be valuable for organizations in highly regulated industries that want to keep their data completely secure in the cloud, or for organizations that receive inbound highly sensitive information. Healthcare organizations, for example, may receive patients' protected health information (PHI) unsolicited, such as a patient describing their symptoms or sharing their insurance information via email. That information needs to be safeguarded as it’s stored, so it doesn’t become compromised. HR teams may also receive an abundance of resumes containing personally identifiable information (PII). Inbound encryption ensures these messages are wrapped in a layer of security. 

Better Together: These Solutions Pair Well with the Virtru Gateway

Not all workflows require the same protections, so Virtru provides a range of security solutions that complement the Gateway.

Client-Side Email Encryption

For those needing client-side, end-to-end encryption to complement the Gateway's server-side encryption, explore Virtru for Gmail and Microsoft Outlook.

Large File Sharing

For sharing large files (up to 15 GB) in any web browser, Virtru Secure Share provides a platform-agnostic encrypted file sharing solution, perfect for person-to-person file exchanges. Virtru Secure Share integrates with frequently used applications like Zendesk, Google Drive, and Confluence. 

Host Your Own Encryption Keys

You can also pair the Virtru Data Protection Gateway with the Virtru Private Keystore for complete data sovereignty and control over your private encryption keys, which you can host in the location of your choosing, separately from Virtru. 

Deploying the Virtru Data Protection Gateway for SaaS Encryption and Decryption

Customers have the option to choose a fully hosted solution (a Virtru SaaS offering), or to host the Gateway on-premises or in a private cloud. Customers can implement these flows on the Google Cloud Platform, Amazon Web Services, Microsoft Azure, or in a physical data center, if they prefer. Virtru’s team provides comprehensive support to ensure your Gateway meets your needs and is set up according to your specifications.

Start to finish, Virtru’s team can support you through the transition to make sure you get up and running smoothly.

Want to learn more about how you can protect the data flowing through your SaaS apps? Contact Virtru today to start the conversation.