Your Online Email is Now HTTPS SSL Secured! (default)
Yes, great now we don’t get hacked while we login from your neighbors unsecured wireless router you’ve been using for the last year.
Or maybe you’re a “Coffee House” WiFi user and just can’t seem to find time to check if the connection is secured or unsecured.
Tech Sarcasm: That little icon you see is showing you the wireless connection is unsecured by the way. If you don’t know what I’m referring to, well, then that confirms you don’t know if you’re connected secured or unsecured. Yes, that’s a trick to find out if you know which tells any tech you are most likely not protected.
Now, the reason for this post is to point out to all my “Medical Industry Friends” that love to pass patient information over Gmail Email Servers.
The HTTPS secured connection is good and part of your NIST.Gov required features but and this is a big but.
The Email is stored on a hard drive that is not secured by NIST.Gov required methods.
So you’re still violating PHI rules put into place by HIPAA enforced by HITECH and Tested by NIST.
Nice try by the way, your lawyer would argue this but your 12 year old neighbor kid would be able to explain why HTTPS means only in transit and not when at rest.
Let me offer a couple of examples of what is good with SSL HTTPS and what it covers.
Hello Server GMail, I'm Murray and I'm coming from the Wireless network at Sam's coffee shop. GMail say's Ok Murray, let me set your in SSL Encrypted Connection so your Username and Password and all the contents you send from your computer are encrypted using SSL standards.
I think I see a Secured link now, great I can send my password over the unsecured network.
End of Story Example.
Now, what many people confuse this with is "Secured Data Storage" which also travels over SSL connections but while the data is at rest on the external hard drive it's encrypted as well. Your GMail email is not stored encrypted by default it's only received by SSL secured connection.
This also means when you send email from Gmail it doesn't say it will send via SSL connection because other servers might not be able to handle SSL connections. Then that email wouldn't leave.
Let's review what I have said, You are securely connected to GMail.
Ok, that's it, from that point it's all unsecured data once again.
If you need more simple email security questions answered create yourself a service desk ticket and we will get it published.
Don't worry, estimates are given before answers published.