Skip to main content
banner image
venafi logo

Meeting Compliance Mandates for Secure Email and Data Exchange

Meeting Compliance Mandates for Secure Email and Data Exchange

April 6, 2021 | Dipl.-Ing. Michael Gröber, Senior Product Manager Certificates & Managed PKI

Throughout the European Union, parties required to uphold professional secrecy are obliged to encrypt e‑mails and data. These parties include public authorities, industry handling classified information as well as lawyers, patent attorneys, auditors, notaries, tax consultants and more. This obligation to uphold privacy is enshrined in the General Data Protection Regulation (GDPR). The KRITIS Ordinance issued by the Federal Office for Information Security (BSI) also includes the email encryption requirements for the healthcare sector.

However, issues of privacy are bigger than just legislation, they are being brought to the fore by factors, such as numerous known email security incidents, accelerated digital transformation driven by the global pandemic and the trend towards remote work. All of these factors are bringing the topic of e‑mail encryption ever more into sharp focus.

Public authorities that have to meet confidentiality requirements play a pioneering role when it comes to deploying email encryption. In Germany, these authorities are entitled to send data up to ‘restricted’ classification level (‘VS-NfD’—for official use only) by email—but only in encrypted form. However, many organizations in Germany do not use email encryption to exchange this kind of classified data, but instead rely mostly on Chiasmus software, a tool for stationary file encryption. Chiasmus does not support asymmetric cryptography, instead the encrypted files can be made accessible via a shared directory or sent as an e‑mail attachment. This means, however, that the key must be transferred manually. The current BSI approval for Chiasmus is set to expire on 31 December 2021 and is not expected to be renewed. This will leave many organizations searching for new encryption tools. The optimal chaise will be a user-friendly and flexible solution that delivers email encryption and data encryption as one functional unit.

Figure 1. How email communication and data exchange according to ‘restricted’ classification level (VS-NfD) works  ©Bundesdruckerei

Leading organizations in Germany may consider D‑TRUST, a company of the Bundesdruckerei Group that specializes in secure identities and supplies personal certificates for email encryption. To meet compliance regulations, these certificates are ‘Made in Germany’ and BSI-certified according to the ‘Secure CA operation’ technical guideline (BSI TR-3145). When used, the certificates show the recipient who actually sent the message and whether they really are who they claim to be. These identities also ensure the integrity of the information transmitted and that it can only be read by the authorized recipient. As evidence of security, D‑TRUST issues an individual certificate for each key pair. This certificate is automatically linked to the identity of the holder.

Custom certificate and machine identity management solutions are needed to ensure the availability of high-quality certificate products automatically within a few seconds. In particular, the V-PKI (administration PKI) is a solution that supports the increased security requirements for communications in ‘classified’ environments. Our Certificate Service Manager (CSM) integrates with Venafi Trust Protection Platform to offer a web-based managed PKI for central certificate management and requesting.

To comply with privacy regulations, you’ll need to ensure that all IT security requirements are fully observed, even during short-term peak loads. To support the rigors of current challenges as well as future requirements, mobile working measures should have a modular design and be geared specifically to the intended purpose.

You can learn more about D-TRUST and Venafi from the Venafi Marketplace.  

This blog features solutions from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Technology Network is evolving above and beyond just technical integrations.

Related Posts


Learn more about machine identity management.

Like this blog? We think you will love this.
Featured Blog

Citrix Wins Machine Identity Automation Innovator Award

Bridget:  Asit, congratulations to you and Citrix on bringing new

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS MIM For Dummies

TLS Machine Identity Management for Dummies

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Dipl.-Ing. Michael Gröber, Senior Product Manager Certificates & Managed PKI
Dipl.-Ing. Michael Gröber, Senior Product Manager Certificates & Managed PKI
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more