Secure email and privacy in the cloud with Proton for Business

• Author
• Recent Posts

Brandon Lee

Brandon Lee has been in the IT industry 15+ years and focuses on networking and virtualization. He contributes to the community through various blog posts and technical documentation primarily at Virtualizationhowto.com.

Latest posts by Brandon Lee (see all)

• Windows doesn’t start: Recover partitions, copy files, and reset password with SystemRescue - Tue, Mar 28 2023
• ManageEngine OpManager: Comprehensive monitoring for on-prem, cloud, and containers - Thu, Mar 23 2023
• Install K3s, a lightweight, production-grade Kubernetes distro - Mon, Mar 20 2023

With more businesses migrating their communications and storage services to the cloud, privacy and security are taking center stage. Proton is a company founded on the principles of security and privacy. They offer encrypted communication services that allow individuals and businesses to keep their digital communications secure and private.

What is Proton?

Proton was created as a crowdfunded project that originated in Switzerland in 2014. Its founders wanted to give people control over the privacy of their digital world and to have private, secure email. Proton did this before GDPR and other privacy acts became law in today's modern world. Its founding mission has been to protect both identity and data to prevent having your data sold or stolen and to help secure your data from cybercrime. Today, Proton has millions of users around the globe.

What is Proton for Business?

Proton for Business is a turnkey SaaS solution that provides businesses with a suite of end-to-end encrypted apps to keep business data secure. By using the Proton solution and its inherent encryption, companies can meet compliance requirements regarding data such as PII, financial information, and other sensitive data to be protected.

It provides the following features:

• Secure collaboration
• Only customers possess the encryption key
• IMAP/SMTP support for standard email clients
• Cross-platform support with dedicated apps for mobile clients
• Proton for Business Admin Console
• Easy Switch Utility for migrations
• Priority customer support
• Cost-effective and scalable

How does Proton for Business implement the zero access and end-to-end encryption technologies?

Zero-access encryption and end-to-end encryption

Proton uses two types of encryption—zero-access encryption and end-to-end encryption. With zero-access encryption, Proton encrypts received emails using the account owner's encryption key. Zero-access encryption protects emails received, even from other email providers, as the data is immediately encrypted and unreadable, even by the Proton service itself. This data encryption-at-rest technology ensures that your data stays your data, even if Proton servers are hacked. Without your specific encryption key, which Proton does not possess, the bad guys cannot access your data.

Most cloud providers keep the encryption key to read emails and communications for targeted advertising purposes. However, when their servers are hacked and compromised, attackers can access the encryption key, allowing them to read your data. Since Proton's goal is privacy and security and not advertising, their zero-access encryption approach is much more secure.

They also use end-to-end encryption, complete encryption from start to finish. For example, if a Proton user sends an email to another Proton user, the data is never visible, even to Proton, during the exchange. With these two encryption mechanisms, your information is fully protected and only visible to those you choose.

Proton for Business plans

There are three Proton for Business plans:

• Mail Essentials—6.99 €/user per month. This is the simplest plan, offering you secure email with 15 GB of total storage and 10 addresses per user, support for 3 custom email domains, and basic VPN access on one device per user.
• Business—10.99 €/user per month. This plan gives you secure email with 500 GB of total storage and 15 email addresses per user, support for 10 custom email domains, and the highest-speed VPN on 10 devices per user with more servers worldwide and extra security features.
• Enterprise—Negotiable through sales. This plan provides as much storage as you need, multiple email addresses per user, support for 10+ custom email domains, and a dedicated account manager.

You can take a look at the detailed comparison of the plans.

Proton for Business solutions

Let's take a closer look at the individual services offered by Proton for Business. These include:

• Proton Mail
• Proton Calendar
• Proton Drive
• Proton VPN

Proton Mail

Proton Mail uses end-to-end encryption to keep your business users' conversations private. The encryption and security processes are independently audited and help protect your business from breaches. One advantage of Proton for Business email is that it does not serve ads to you based on email activity. In addition, they take great pains to hide personalized information and prevent things such as tracking pixels and a visible IP address.

One thing that stands out is the advanced security layers they have built into Proton mail. These include the following:

• PhishGuard—This feature helps to defend against phishing attacks by flagging potentially spoofed email addresses and clearly marking them.
• Link protection—This feature in Proton Mail for web, iOS, and Android displays the full URL and requests additional confirmation from you before opening the link.
• SPF, DKIM, and DMARC—These features help prevent others from sending emails from your domain and ensure the contents of messages have not been tampered with.
• DNS Certificate Authority Authorization—This feature reduces the likelihood of a fake certificate being issued, and issued certificates are only for a given domain or subdomain.
• Advanced protection—This feature uses machine learning to detect sophisticated attacks launched against specific accounts.
• Hardware-level security—Proton hosts its servers across several locations within Switzerland and never uses public cloud environments.
• DANE and MTA-STS—Proton uses SMTP TLS to communicate with non-Proton email accounts, which helps protect your emails from attacks that attempt to remove encryption to protect against malicious interception.
• Web Key Directory—This feature makes it easier to send PGP-encrypted emails to people not using Proton email. Proton servers use WKD to look for keys in external domains and automatically enable end-to-end encryption whenever possible.
• Two-factor authentication (2FA)—Proton supports 2FA to protect against attack.
• Device-level security—This security layer uses PIN protection for Android and the AppKey Protection System for iOS to defend against attempts to compromise mobile devices.
• Expect-CT—This security layer instructs your browser to reject any certificate that does not exist in Certificate Transparency.

Proton Email provides strong privacy and security for your inbox

Proton Calendar

As part of the Proton for Business offering, companies get Proton Calendar, which assumes the same security and privacy benefits as Proton Mail. Proton Calendar automatically secures calendar events with end-to-end encryption. Even when Proton users receive calendar events from non-Proton users, the events are shared with zero-access encryption.

Event details, such as title, description, location, and people invited, are encrypted. Like Proton Mail, Proton cannot read the calendar events in your account, as your private key—which only you can access—is used to apply encryption to your calendar events.

Proton Calendar provides encrypted calendaring for business customers

Proton Drive

Organizations utilize the cloud heavily for storage space, in addition to email and calendaring capabilities, as part of Software-as-a-Service (SaaS) offerings from hyperscalers. However, as with cloud SaaS email from the big vendors, your files are accessible by the provider. Therefore, if their servers are compromised, your data is at risk. In addition, compliance concerns mean that you have complete control over your business-critical data.

Proton Drive is a cloud storage solution from Proton that allows companies to have secure private cloud storage. Again, you control the encryption key, so Proton cannot access your files. This means that attackers also do not have access to your files. Proton Drive is a secure vault that allows granting and revoking access.

The nice thing is you don't lose functionality. It works like other cloud providers in that the Proton Drive apps provide automatic cross-device syncing, which most are accustomed to with current cloud SaaS providers. Proton Drive is available in a beta version. When navigating the service, you need to agree to the terms of beta access.

Enabling beta access for Proton Drive

Hopefully, Proton Drive file storage will soon be a GA release.

Proton VPN

The Proton VPN solution, as part of Proton for Business, offers secure VPN tunneling, allowing passwords, confidential data, and other traffic to have an extra layer of security. It enables businesses to establish trust in the Internet connection used by end-users, no matter what type of connection it may be (home, public, office, etc.). The Proton VPN solution provides multiplatform support, including PCs, Macs, smartphones, and routers. In addition, it offers native apps for Windows, macOS, Linux, Chromebook, Android, and iOS/iPadOS.

Part of the Proton VPN solution is a VPN accelerator, which helps improve VPN connection speeds. Proton says this can be as much as 400%. The Proton VPN Accelerator works by offloading CPU processing and streamlining the overhead of the VPN protocols used.

Although Proton is located in Switzerland, it offers VPN servers worldwide to reduce latency and unnecessary network hops. Proton refers to these VPN servers as secure core servers. They are fully owned and operated by Proton.

Using Proton

Signing up for and using Proton was simple and intuitive. When you sign up, the wizard walks you through choosing your Proton account and finalizing the configuration.

Proton for Business setup wizard

The Proton interface allows easy switching between your Proton apps, including Mail, Calendar, Drive, and VPN.

Viewing the Proton apps in the unlimited console

The Easy Switch functionality allows importing/migrating from Google, Yahoo, Outlook, and other email systems.

Import accounts via the Easy Switch wizard

You can also connect your custom domain to Proton. It allows you to set up custom email addresses to align with your current email addresses in your environment.

Adding domains in Proton

You can easily add email addresses for user accounts.

Adding email addresses in Proton Mail

Managing your encryption keys, including encryption prompts and PGP settings, and even exporting your keys, can be performed using the console.

Managing Proton encryption keys

Impressions and wrapping up

Proton's attention to detail and mission to provide secure email and privacy for individuals and businesses stands out. The control over your data is above and beyond what you find in standard public cloud environments due to the extensive encryption implemented in the solution, including zero-access and end-to-end encryption.

For businesses that want an "easy button" to check the boxes needed for compliance and to increase their overall security and privacy stance for digital communications and file storage, Proton is a great solution.