U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

  1. Science and Technology Directorate
  2. News Room
  3. Snapshot: S&T Strengthens Mobile Device Email Security and Privacy

Snapshot: S&T Strengthens Mobile Device Email Security and Privacy

Release Date: April 14, 2020

Large and small organizations alike now rely heavily on mobile devices like smartphones or tablets to enable their workers, customers and management to connect and collaborate, even when some or all of them are working remotely. For many corporate and government organizations, support for remote communication is mission-essential.  

Typically, these organizations purchase and administer their mobile devices. Staff members use these corporate- or government-owned devices for their business-related communications, but they often don’t want to carry a second device for their personal communications. 

In addition to encryption with physical security, EPRIVO Enterprise 2.0 offers unique privacy controls for each email type—personal or business—that allow the sender to manage private emails in the cloud and on the email recipient’s device. Through EPRIVO, private emails can be recalled anytime to make them vanish. The Corporate-Owned, Personally Enabled (COPE) model of device ownership allows staff members to link personal accounts such as email to their corporate- or government-owned devices. But by enabling employees to access to both business and personal content on their mobile devices, COPE brings new security challenges to organizations.

Device users may prioritize convenience over strong security, accidently share sensitive information with unintended audiences, or use their corporate- or government-owned devices in contexts in which sensitive business information should not be shared. Solutions that address the users’ communication privacy, while enabling organizations to protect business content are essential to making COPE work for everyone.

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T), along with BlueRISC, Inc., is developing a new Cloud-based Root-of-Trust (CRoT) technology called EPRIVO Enterprise 2.0 to address some of these concerns. Within the same application, the CRoT technology separates business from personal assets and enables enterprise policy enforcement for access to sensitive data. 

BlueRISC has integrated the CRoT technology into its EPRIVO Enterprise 2.0 private email application. With the EPRIVO app on their iOS or Android mobile devices, users can easily and securely access both their existing personal email accounts, such as Gmail, Yahoo and Hotmail, and their corporate or government email accounts. EPRIVO supports Android, iOS, macOS and Windows; in other words, it is a private email application that can be used on both mobile devices as well as computers.

“The EPRIVO Enterprise 2.0 email system ensures the confidentiality of email in transit, in cloud storage at an email service provider, and when stored on the mobile device, providing both physical and cryptographically based protections,” said Kris Carver, BlueRISC Technical Director. “Users can specify controls for the emails they send, including recalling messages or preventing the receiver from forwarding a message.”

S&T’s support has enabled BlueRISC to transition its CRoT technology to add enterprise security protections to EPRIVO email. Enterprise security administrators can use the enterprise administrator’s console to set security policy for each user’s enterprise email account, ensuring that business messages are protected. 

Meanwhile, EPRIVO users can continue to use and retain full control over their personal email accounts that are accessed via the corporate- or government-owned mobile device. Users also can choose to add security protections to their personal email accounts through settings on the EPRIVO app.

“S&T’s support for BlueRISC’s EPRIVO Enterprise 2.0 is providing enterprise security administrators and mobile device users a valuable tool that protects the security and privacy of both business and personal email on corporate- or government- owned mobile devices,” said S&T Mobile Security Research and Development Program Manager Vincent Sritapan.

More information and links to the EPRIVO Enterprise 2.0 application on various platforms can be found at https://www.eprivo.com.

Last Updated: 04/14/2020
Was this page helpful?
This page was not helpful because the content