In a perfect world, the cloud would provide encryption between each and every email account, between company mail systems and consumers or any mix. If that were possible, all public internet email might eventually be encrypted with user transparency (no special software to fire-up, no need for user names or passwords to access secure messages).
However, in the real world, the majority of email endpoints, especially consumers’ computers, are just not equipped to RECEIVE encrypted email transparently, and there is no practical, technical solution that will make that happen. There are just too many ways to receive email (AOL, Yahoo!, Google, Outlook, Notes, etc.) and too many users to upgrade, even if all the necessary software apps existed. That reality is what drove and has sustained the need for well-known push and pull methods for encrypted delivery of email to recipients who are not equipped for transparency.
Push and pull are alternative ways of using standard desktop browsers to let users view encrypted messages. In the case of push, the actual encrypted message is made available to the browser which decrypts and renders it. Pull leaves the encrypted message at a secure, hosted web portal and allows the browser to view it using the same technology used to protect web purchasing sessions (HTTPS). Some people like push, because the recipient assumes full ownership of the message. Technically, pull better matches the framework of what browsers do and were designed to do, making it friendly to tablets and smartphones and robust to browser and security evolution.