WorkMail Security Controls Let’s talk about security for a bit. WorkMail includes a number of security features and controls that will allow it to meet the needs of many types of organizations. Here’s an overview of some of the most important features and controls:
Location Control – The WorkMail administrator can choose to create mailboxes in any supported AWS region. All mail and other data will be stored within the region and will not be transferred to any other region. During the Preview, WorkMail will be supported in the US East (Northern Virginia) and Europe (Ireland) regions, with more to follow over time.
S/MIME – Data in transit to and from Outlook clients and certain iPhone and iPad apps is encrypted using S/MIME. Data in transit to other clients is encrypted using SSL.
Stored Data Encryption – Data at rest (messages, contacts, attachments, and metadata) is encrypted using keys supplied and managed by KMS ( https://aws.amazon.com/kms/ ).
Message Scanning – Incoming and outgoing email messages and attachments are scanned for malware, viruses, and spam.
Mobile Device Policies & Actions – The WorkMail administrator can selectively require encryption, password protection, and automatic screen locking for mobile devices. The administrator can also remotely wipe a lost or mislaid mobile device if necessary.
Sounds like it has the makings of a usable service.