Outlook data files should be encrypted

[Jack L.]

With security threats mounting each day, I was wondering why MS Office does
not have an option to encrypt Outlook data files such as .PST? There is PST
password protection but that is not very secure.

There should be a way to encrypt the data files (no matter if Outlook is
running or not), preventing anyone from obtaining any information after
copying or downloading the data, loading it with their Outlook and then being
able to extract all the information from it. Just think of the damage if the
data (messages/email addresses) falls in the wrong hands!


----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://www.microsoft.com/office/com...826026d71&dg=microsoft.public.outlook.general

 

[Ben M. Schorr - MVP (OneNote)]

You can encrypt them as you encrypt any file - at the file system level.

--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
Author - The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/5m3f5q

 

[Diane Poremsky [MVP]]

You can encrypt the pst just as you can any file. But I'd be more concerned
about keeping people away from my computer so they can't copy my pst to
their outlook.

--
Diane Poremsky [MVP - Outlook]



Outlook Tips by email:
(e-mail address removed)

EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

 

[VanguardLH]

With security threats mounting each day, I was wondering why MS Office does
not have an option to encrypt Outlook data files such as .PST? There is PST
password protection but that is not very secure.

There should be a way to encrypt the data files (no matter if Outlook is
running or not), preventing anyone from obtaining any information after
copying or downloading the data, loading it with their Outlook and then being
able to extract all the information from it. Just think of the damage if the
data (messages/email addresses) falls in the wrong hands!

----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://www.microsoft.com/office/com...826026d71&dg=microsoft.public.outlook.general

Encryption requires decryption. Decryption takes time. Decryption
reduces reliability on many common user hosts because the common user
doesn't understand how or know to export the encryption certificate for
use under a new instance of Windows, or how to import that cert in the
new instance of Windows.

Um, so why can't you encrypt the folder under which the message store is
saved (i.e., where is the .pst file)? If you only want the .pst files
encrypted and not the other files (toolbar customization, addressee
cache, etc.) then change the location of the message store, move your
..pst file to that folder, and encrypt that folder.

Obviously you need to use a version of Windows that includes EFS
(encrypted file system) to have the embedded file system handle the
encryption. The Home Edition version of XP don't come with EFS but the
Pro version does. You never mentioned WHICH versions of Windows in
which you were interested in encryption. Go to Microsoft's web site and
check which Windows versions have EFS included. You get what you pay
for. Alternatively, use a 3rd party product for encryption. You could
use Truecrypt, for example, to create an encrypted drive and you move
your .pst file over there; however, you'll need to configure Truecrypt
to load on Windows start and that means having to answer the password
prompt to allow entry into the encrypted volume. Hell, you could use
TrueCrypt to encrypt your entire OS and data partitions on your hard
disks if you don't mind the performance lag.

You are supposed to be using separate Windows login accounts and using
permissions to control who can access which file. Those permissions are
only effected under the instance of Windows in which they are defined.
So why are you sharing your login account with others if you are
concerned about security?

Encryption is available. It is not an Outlook function. It is an OS
function (if used as a kernel-mode driver to supply an alternate file
system) or 3rd party program, some of which are free, like Truecrypt.
It's up to YOU want you want to add. Just remember that if a hacker can
login as you then they can do whatever you can. So encryption won't
help if they can login as you. They are you.