Why "Secure Email" Powered by Paubox

Owned by Ushank
Last updated: Sept 22, 2023
4 min read

“Secure Email” is a salesforce native application that allows the customer to send and receive encrypted emails inside the salesforce. It’s all about security, encryption, and ease of use. The standard salesforce emails are not secured by nature(in transit and at rest).

Companies choose to use Cloud Maven’s “Secure Email” powered by Paubox's Email Encryption solution for two main reasons -

  1. They want to reduce their risk of bad actors intercepting their data in transit (e.g, man in the middle attacks) and eliminate the possibility of sensitive data to be transmitted in plain text. Paubox ensures this by encrypting everything by default with blanket encryption. 

  2. They use email as a main form of communication and need to ensure that the intended recipients can easily read their encrypted emails. Email encryption solutions require you to trade your communication for a false sense of added security. Paubox, on the other hand, delivers a HITRUST CSF Certified level of protection (Paubox is one of the only solutions on the market that has this) without the hassle of dealing with cumbersome additional steps (e.g., portals, plugins, usernames, etc.)

 

Paubox Encrypted Email is designed for ease of use for both senders and recipients. Eliminating extra steps, like plugins, keyphrases, and portals. Paubox is also the only email encryption solution to meet HITRUST CSF certification, which means it meets essential regulatory and industry-defined requirements.

Please refer to the Link to compare versus Microsoft secure email service.

In a typical configuration Microsoft will attempt to send email using Transport Layer Security (TLS).  This may result in TLS 1.2 or higher being used however if the recipient server does not support them then an older less secure protocol may be agreed on.  If the recipient email server does not support SSL/TLS the mail will be delivered without transport layer security.
 
It is possible to configure Microsoft to require TLS for delivery however when this requirement is in place recipients that do not meet the requirement will not receive the email.  This can happen when TLS is not supported but also if there is a temporary error state such as a misconfigured server in a cluster.  Additionally the customer would have to discuss with Microsoft if the resulting configuration was covered by the Microsoft BAA for HIPAA compliance.
 
A key value add with Paubox is that we allow HIPAA compliant email delivery even when a recipient email server can not establish a TLS 1.2 or better connection.  In that scenario we send the Secure Message Link so the mail may be received in the Secure Message Center and maintain HIPAA compliance event when TLS is not supported by the recipient or their server experiences an error preventing the TLS connection.

This is general answer and configuration can depend on broad range of configurations offered by Microsoft.

 

Apart from email security, we have many features in the salesforce app.

  • Automation using process builders, flows, and apex triggers.

  • Support any standard or custom object.

  • Inbound and Outbound (2-way communication and automatic linking)

  • Automatic Linking with the follow-up email.

  • License-based permissions are available.

Paubox offers 4 secure message authentication options:

  1. Seamless: When sending to recipients who support TLS 1.2+, emails are delivered as seamlessly as regular emails. Requiring zero steps to read the encrypted email. This will reflect 97% - 99% of your email volume, depending on.

  2. Secure Link: When sending to recipients who DO NOT support TLS 1.2+ emails will require just 1 click to read. Redirecting to the Secure Message Center.

  3. Secure Login: When sending to recipients who DO NOT support TLS 1.2+ emails will require 1 click to read. Redirecting to the Secure Message Center. This "View Message" link is only suitable for one-time use. After it is clicked on a second time, another email with a new "View Message" link is sent to the ordinal recipient. 

  4. MFA: When sending to recipients who DO NOT support TLS 1.2+ a phone number must be entered the first time they receive a message from this sender. They will then be sent a 6-digit code via SMS to access the message within the Secure Message Center. 

*The authentication options #2 , #3 and  #4 can all be forced for any email of your choice using the Email API. Regardless if the recipient supports a high enough level of encryption or not. 

Data Sheet