Tresorit bolts on E2EE email via a plug-in for enterprise software

Swiss-Hungarian end-to-end encrypted cloud services provider Tresorit has added a new string to its security bow: It’s started offering E2E encrypted email as a subscription add-on for business users of third party email service providers.

Tresorit’s E2EE module enables subscribers to send and receive strongly encrypted email messages via their usual email provider — with the level of security enhanced as the plug-in is wrapped in the same zero-knowledge promise Tresorit claims for its file storage and sharing products.

How does the tool work? The Tresorit account holder downloads and installs the plug-in which integrates with their existing email client. From launch it’s available for Microsoft Outlook but further integrations are planned, including with Gmail.

An Outlook user can access the function by clicking on the “Email Encryption” button that’s displayed in the top left corner, per a spokeswoman.

“All emails and attachments sent with Tresorit’s email encryption as well as the replies sent to these (regardless of whether the sender of the reply has a Tresorit account or not) will be end-to-end encrypted with the encryption technology used in Tresorit’s cloud storage and file-sharing app. This means, no one besides the sender and the recipient is able to read them,” she told us.

Email users who are not themselves Tresorit subscribers themselves but want to send an E2EE email reply to an E2EE email sent via Tresorit are able to do so without needing to have an account.

“This is possible because replies are encrypted in the sender’s browser,” explains the spokeswoman. “This ensures that reply emails are end-to-end encrypted even when sent by someone who doesn’t have a Tresorit account. As opposed to E2EE email services, this enables E2EE communication even with a recipient who doesn’t have a Tresorit account.

“If someone without a Tresorit account receives an email sent with our email encryption service, s/he receives an encrypted email template with a reference/link to the end-to-end encrypted content (this is similar to our file sharing service Send). By clicking on the link, the recipient can access the decrypted email content in the browser after certain security checks that prevent the email service provider to intercept the content.”

“Currently, we use email validation as a security guarantee (we are sending a code to the email address that the user has to paste into the Tresorit website in the browser), and we are planning to add new methods (password provided by the sender, authentication with public SSO providers),” she adds.

A recipient who’s not a Tresorit subscriber can also send an E2EE reply via an editor in the same browser — by clicking on the “Secure reply” option in the body of the E2EE email they received from the Tresorit user. 

“The original sender receives an email about the reply but as s/he has a Tresorit account and installed plugin it enables us to download the content of the reply from our servers, decrypt it locally and display it to the sender in their email client in a secure and transparent way,” the spokeswoman adds.

The E2EE email plug-in is being targeted at enterprise users — which means Tresorit us not competing directly with E2E webmail provider ProtonMail which is focused on consumers or smaller businesses.

Larger businesses are of course unlikely to want to migrate away from industry email provider staples like Outlook just to get E2E encryption so Tresorit’s approach brings E2E encryption to their existing email client.

“We’re targeting bigger companies already using an email service such as Outlook. Our goal is to integrate end-to-end encryption of emails in existing workflows and make it very easy to send emails securely. Beyond this, we focus on industries that handle a lot of confidential data and have to comply with strict data protection regulations (legal, healthcare, finance and HR, R&D, IT),” the spokeswoman notes.

“Currently, we’re working on making our email encryption work with all major email services such as Gmail (by the end of 2022) and supporting all operating systems and platforms (Mac, Windows etc.) From a technology perspective, our solution is agnostic of what email service the user uses (O365, Gmail, etc.).”

“Instead of a standalone email service, our strategy is to develop end-to-end encrypted tools that easily integrate with workflows and services already used by companies. We aren’t targeting users looking for a whole new email client. We would like to enable companies already using mainstream web clients to add a further level of security to their tools, so they don’t have to roll-out new email addresses to their entire employee base,” she adds.

Pricing for Tresorit’s E2EE email tool costs  €5 per user per month when paid annually, and €6.25 per user per month paid in a monthly plan (on top of the Tresorit subscription fee).

It is also offering a trial period — of 14 days for new customers and between 30 and 90 days for existing customers, depending on their subscription package.

Commenting in a statement, Istvan Lam, CEO, and co-founder, said: “Our vision is to make cloud collaboration both secure and user-friendly with the power of end-to-encryption and help our users protect their digital valuables. We’re bringing our 10-year expertise in cloud encryption to emailing now: our email service is the next big step in creating a secure, end-to-end encrypted workspace for businesses of all sizes.

“In the past year, we have shifted our focus to serve enterprise clients and have learned that 90% of them rely on Tresorit to share data with clients, partners, and auditors outside their organization. Our new email encryption service is our solution to meet this demand.”