I received an email recently from a company requesting documentation from me and advising to send it back to them in a secure fashion (restricted with a password). Shouldn’t be an issue for a compliance specialist, to be fair, but their request got me wondering about how accessible the secure sending of documents via email is for businesses and solo operators?
There are many specialised options in the market place that provide secure email and the more popular business suites do provide an element of security also. We took a dive into the world of secure email and here’s what we came up with.
Our blog post compares four major email services—Tuta Mail (formerly Tutonota) ProtonMail, Gmail for Business, and Microsoft Outlook—focusing on their GDPR compliance, security features, and overall suitability for financial professionals and other industries.
GDPR Compliance and Privacy Laws
Nowadays we are all used to the requirements of GDPR, in fact the regulation lends itself to building and maintaining trust and integrity within any industry. Email services must offer robust protections, not only for the security of communications but also in how they handle and store personal data.
Tuta Mail and Proton are designed with privacy as their cornerstone making them strong candidates for GDPR compliance;
Tuta Mail is hosted in Germany, a country which is known for its stringent privacy laws. The service encrypts emails end to end, including email bodies, attachments and even subject lines. This encryption extends to the users entire mailbox, which is stored encrypted, ensuring that personal data in inaccessible to anyone without proper authorisation, including the service provider themselves.
ProtonMail operates out of Switzerland, another country with strict privacy regulations. Similar to Tuta Mail, ProtonMail provides end to end encryption for emails. However, it goes a step further by offering self-destructing emails, which enhance privacy by limited data exposure over time.
In contrast, Gmail for Business and Microsoft Outlook operate under US jurisdiction albeit with data centres in Europe. Both services comply with GDPR but aren’t strangers to having differing interpretations of data privacy, particularly since the Privacy Shield Framework was rejected as inadequate by the EU Justice system. However, they do offer strong encryption during transit but often require additional configurations or third party tools to achieve end to end encryption – but it can be done.
Detailed Security Features
Understanding the security features of each email service is vital for those who must ensure the confidentiality and integrity of communications. Here’s how they all stack up in terms of security features.
Tuta Mail;
End to end Encryption; All data, including emails, contacts and calendar entries are encrypted on the client side before being transmitted. This means data is unreadable to anyone except the sender and recipient (provided the recipient accesses the mail via the link issued)
Two-Factor Authentication(2FA); Enhances security by requiring a second form of verification beyond just a password.
Open Source; The transparency of open source software allows for community verification of its security, reducing the risks of backdoor attacks.
ProtonMail;
End to End Encryption; Similar to Tuta Mail, ProtonMail encrypts emails between users within their service, ensuring that no third parties, not even ProtonMail can access the contents.
Zero Access Encryption; Ensures that emails are encrypted in such a way that only the account hold can decrypt and read them.
Secure Core Architecture; Routes emails through multiple services before leaving ProtonMail’s network, significantly increasing security against network-based attacks.
Gmail for Business;
Transport Layer Security (TLS); Encrypts emails in transit, however, both sender and recipient must have TLS capabilities for it to function, and it does not encrypt data at rest
Advanced Phishing Protection; Uses machine learning to detect and block phishing attempts more effectively.
Information Rights Management (IRM); Allows senders to set permissions on email content, like preventing forwarding, copying or printing to protect sensitive information.
Microsoft Outlook;
Data Loss Prevention (DLP); has capabilities that identify, monitor and protect sensitive information through deep content analysis.
Encryption in Transit and at Rest; Emails are encrypted both when sent and stored but end to end encryption requires configuration or additional tools.
Enterprise-Level Security; offers integration with advanced threat protection and compliance tools which is suitable for larger organisations.
Each of these services offers unique advantages. For example, the open-source nature of Tuta Mail and ProtonMail offers a level of transparency about their security that is valuable in high-stakes environments such as the financial industry. In contrast, Gmail for Business and Microsoft Outlook provide extensive security measures that integrate seamlessly with their broader suite of productivity tools, which may be crucial for larger organisations with more complex operational needs and can be helpful for small businesses too.
Cost Comparison
The cost of email services can be a significant factor for smaller businesses, especially when balancing budget constraints with the need for robust security and compliance features. So next up is pricing (as at the time of writing this blog);
Tuta Mail;
Free Version available; Offers basic email functions and limited storage but only for personal usage
Premium Plans; starts at approximately €6 per user per month with business plans varying on the number of users and additional features like custom support and expanded storage.
Business Benefits; Cost effective for financial brokers, and other professionals who prioritise strong encryption and data privacy but do not require extensive integrations with other business tools
ProtonMail;
Free Version available; includes limited storage and email capabilities but again for personal users only.
Premium Plans; starts at €6.99 per month per user, with higher-tier plans offering more storage, additional email addresses and support for custom domains.
Business Benefits; Ideal for those who need robust security features, including zero-access encryption and secure core architecture, though at a higher cost than Tuta Mail
Gmail for Business;
No Free Version available; Plans start at approximately €6 per user per month which includes not just email, but also access to the entire Google Workspace suite.
Additional Features; Includes extensive collaboration tools and integration capabilities, which may justify the higher price for larger firms or those needing comprehensive productivity tools.
Microsoft Outlook;
No Free Business Version; Pricing starts around €5.60 for the basic plan which also includes access to Microsoft’s suite of productivity tools
Additional Features; Offers advanced security and compliance tools as part of the higher-tier plans, necessary for larger organisation or those with specific compliance needs.
For financial brokers, the decision often hinges on not just the cost but also the specific needs of their firm. Those prioritising top-tier security might find the higher cost of ProtonMail justifiable, while others may prefer the comprehensive productivity and security balance offered by Gmail and Outlook. Budget conscience brokers or small firms might lean towards Tuta Mail for its affordability and robust security measures.
Limitations of Each Service
While we are all about the positives and advantages to email services, it would be remiss of us not to look at the limitations. Understanding these can also help an informed decision to suit your operations.
Tuta Mail & ProtonMail
Tuta Mail focuses primarily on security and privacy, which can limit it’s integration with other business tools. This might pose a challenge for those who rely on seamless integration with CRM systems or other productivity tools.
While it excels in security Tuta Mail’s features outside of email security are somewhat basic compared to more comprehensive business suites.
Although ProtonMail offers robust security features, its cost is higher compared to Tuta Mail which might be a concern for cost-sensitive firms.
Like Tuta Mail, ProtonMail has limited compatibility with third party services, which might hinder firms who need extensive interoperability with other software.
Gmail for Business and Microsoft Outlook;
While both services offer strong security measures, they do not provide end to end encryption by default. Firms will need to implement additional configurations or use third party tools to achieve the highest security levels.
For those that are conscious of storing data outside of the EEA, while both Gmail and Microsoft have data centres in Europe, they also fall under US jurisdiction and their services are subject to laws like the Cloud Act, which may be of concern for some.
The Preferred Choice
Do the limitations outweigh the advantages? Certainly for brokers and other businesses that are prioritising seamless integration and extensive features, Microsoft Outlook would seem to be the appropriate choice. On the other hand, in the case of Tuta Mail and ProtonMail, while they clearly offer superior solutions in security, one must wonder if it is a necessary evil that sacrifices an ease in doing business.
As a business grows, so too does the requirement to use more software integration and support that is going to lighten the load. And while encryption is important, doing business is priority. With so many limitations on what integrations can be used within Tuta Mail and ProtonMail, the ease of doing business really does win our vote, (along with a sprinkle of common sense security measures!)