Are You Exposed? Secure Migration of Encrypted #LotusNotes Content

I recently saw a post from another vendor discussing encrypted content in Lotus Notes and their recommendations for migration. Unfortunately, the post provided contradictory and incomplete information, so I thought some clarification may be beneficial.

 

Essentially, the post stated there are two approaches for migrating encrypted content:

  1. Have the end users do the migration
  2. Decrypt the all of the data prior to the migration

 

The vendor stated that users do not care about migration and should not be involved, so they recommend decrypting all of the data in advance. However, they continue by saying the approach that works best is communicating to the users and asking them to participate in the process by clicking a Notes button to decrypt all of their secure content prior to the migration. So, is the recommended approach to include the users in the process or not?

 

The more concerning aspect of this recommendation is decrypting all of the content in Notes prior to the migration. This information was encrypted for a reason and users would likely prefer not to expose it. By extension, if I want to transfer money from one bank to another, does that mean the best approach is unlocking the bank doors and opening the vault in the weeks leading up to the transfer? That would certainly make it easier for the moving company (along with everyone else) to access my money. In addition, we could ask the movers to send a notification informing everyone when the move will occur and that all security measures will be disabled in the weeks leading up to the transfer. Actually, I think I prefer a secure, online transfer.

 

For those concerned about the privacy and security of Notes data during migration, it may be beneficial to consider the following, alternate approach using Notes Migrator for Exchange:

  1. After properly configuring Notes Migrator for Exchange (NME), migrate users in batches to meet the organizations needs and timing
  2. As users start accessing content in Outlook, they can easily identify the Notes encrypted items using a Search Folder

  1. NME can be configured to include a link to the Self-Service Desktop Migrator component configured for Silent Mode

  1. Users click the link and enter their Notes password (Note: this level of involvement is very similar to the other vendor's approach of clicking a Notes button)

  1. NME runs silently to access content with the user's credentials and update the encrypted body content in the Exchange mailbox.

 

Without Notes Migrator for Exchange and its unique capabilities, organizations would have to accept the claim that all data must be decrypted in Notes in order to migrate it. However, NME provides a secure method of migrating encrypted Notes content without decrypting it before or during the migration. In addition, there are options for showing a progress bar, displaying a summary screen, and other customizations to tailor the experience to the needs of each organization. And, most importantly, the data in Notes is still encrypted and protected even after the migration.

About the Author