Organizations use a common domain name for their users for email correspondence.   Using ShofarPortfolio each user has a private portfolio or data store that is encrypted using their password alone.  These data stores can be archived using tools in ShofarNexus or other common backup tools as the data store itself is simply files.

From the user’s perspective this operates identically to a central data store implementation.  Industry standard email clients operate normally.

Mobile or periodically offline users using ShofarNexus locally have a full encrypted copy of their correspondence. This allows viewing of previous emails and preparing new emails for sending once reconnected.

Since a user has only their email correspondence.  If they are compromised it is that user and no other user’s email. 

Centrally Controlled Email Data Store

Organizations typically implement a centrally controlled email system where there is a single common data store for all email.  The objective is centralized management, backup, and control of security.  However, placing all sensitive email in one location makes that location a primary target for compromise.

Compromises of these secure stores are common and only a fraction of the incidents appear in the news media.  These secure stores are compromised by hackers, whistleblowers, disgruntle employees, and the like.  Once compromised, all data is exposed.

With a distributed data store the organization does not have monitoring ability of their users.  This is the tradeoff of central control with the potential of massive data compromises versus the distributed model with no central point of compromise and no central oversight or monitoring of users.

Compromised User Example

With the distributed model, if User C is compromised, self-inflicted or otherwise, only correspondence to and from User C is exposed.  Correspondence between User A and User B remains private.