Hi there,
From your query, I understand that you are looking to send an email containing PII and you wish to adhere to the NHS data standards while data is in transit still maintaining encryption standards and also looking to confirm the set up necessary, if both AWS architecture and any 3rd party integrations could be used.
Please do correct me if I misunderstood your query.
This is very feasible with the AWS architecture and 3rd party with Microsoft Outlook, with Amazon Work Mail you can managed business email securely. Amazon Work Mail can also be integrated with Microsoft Outlook and also support native iOS and Android email applications. You can use S/MIME (Secure/Multipurpose Internet Mail Extensions) to enable users to send signed or encrypted email both inside and outside of your organization, controlling both the keys that encrypt your data and the location in which your data is stored.[1]
That been said, you can also increase your posture while adhere to NHS standards with the use of an IPsec VPN and a Direct Connect link to a VPC. The IPsec is a protocol suite for securing IP communications by authenticating and encrypting each IP packet of a data stream between the sender and receiver, with the use of an Amazon VPC you can configure an IPsec VPN connection to your own VPC. Establishing an internet key exchange (IKE) security association between your Amazon VPC,VPN gateway, and another network gateway using a pre-shared key as the authenticator.[3]
Lastly, you can also configure an AWS Direct Connect (DX) which is a direct logical connection between the customer’s environment to the end users system. This create an entirely private link eliminating the risk of data in transit being intercepted by threat actors.[4]
I hope you found the above information helpful
References: [1]Amazon WorkMail - Enabling signed or encrypted email https://docs.aws.amazon.com/workmail/latest/adminguide/enable_encryption.html
[2] Configure Certificate Autoenrollment https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731522(v=ws.11)?redirectedfrom=MSDN
[3] AWS Site-to-Site VPN https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-prerequisites
[4] How do I establish an AWS VPN over an AWS Direct Connect connection https://aws.amazon.com/premiumsupport/knowledge-center/create-vpn-direct-connect/
Relevant questions
Transit Gateway data encryption
Accepted Answerasked 5 months agoWhat NHS security standards can be applied to data in transit?
asked 16 days agoSpecification of email address characters that can be specified in SES
asked 7 months agoCan you add custom Security Stadards or edit existing Standards?
asked 2 years agoNitro instances-built in encryption in transit
Accepted Answerasked 3 years agoDataSync with EFS Source fails when policy requires encryption in transit.
Accepted Answerasked 3 months agoEnable security standards
asked 19 days agoTransit Gateway to Direct Connect Gateway to Transit Gateway
Accepted Answerasked 2 years agoEnd-to-end encryption (to be or not to be)
asked 5 days agoTransit Gateway to AWS Instance Encryption
asked 6 months ago