• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1074
  • Last Modified:

Looking for e-mail encryption appliance

My organization has about 300 Exchange mailboxes.  I am looking for an appliance which will automatically encrypt outbound e-mails based on policies.  My vision is that the recipient would be sent a link to login to the appliance via a browser to view the message.  An Outlook plug-in would be nice and a way to encrypt when using OWA would be a requirement.

I've read about the Cisco Ironport box but that's designed for 5000+ users.  We have neither the volume or money for that type of a solution.  What other products are out there?  A software based solution is also a consideration.
3 Solutions
There are several appliance-based email services that will encrypt and decrypt email for you through your Exchange server, but the one I like and use is one from Zix (http://www.zixcorp.com)
Dave HoweSoftware and Hardware EngineerCommented:
cisco ironport will scale down to 300 users or less - but it IS overkill compared to zixcorp (zix is a similar, oracle based solution though, where the company itself is a single point of security failure; if security on their key oracle is compromised, so are all mails ever sent though the system)

What would be ideal is a solution where the mail is not encrypted, but is instead removed, held locally, and an email notification sent to the recipient to visit a https site to read it - on the first visit, the user can then set up his own user/pass pair, and use that on subsequent visits.  Unfortunately, I am not aware of one currently available and "enterprise class", although there are a couple of open source projects along those lines.
ZixMail from ZixCorp sounds like the right soluetion for you.  I use it for my 200 user infrastructure and provide it as a service to my customers as well.  Logging, ,audit trail, custom policies, and rock solid security were what brought me to this product.  The key security isn't something you should worry about: Zix hold the private key and your VPM appliance holds the public key, neither works without the other.  You can buy one applicance or multiple and they are all identically configured from one console.  There are also two different types of secure Email delivery for non-Zix recipients, but utilize a portal and client-administered password for picking up the Email or their own private key for unlocking the one Email.  Deployment is not that difficult and you can even smart-host and TLS by sending domain.  I shopped IronPort, Code Green, and a few others and this product was the best suited and most flexible solution.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Dave HoweSoftware and Hardware EngineerCommented:
 Unfortunately, key security IS something to worry about. The Zix server holds access to all message keys (although not the messages themselves) and a security failure on that server (or lawful access under warrant by a Law Enforcement Agency) could leave all your mail laid bare to parties who really shouldn't have access to that information.

  Zix is considered "good enough" to satisfy due dilligence for HIPAA audits though, so I doubt in practical terms there is anything to stop you going forward with it as a solution, you will just have to note (in any security audits or reports) that your security is entirely in the hands of a third party - which is fair enough, lots of companies farm out security, firewall admin etc to specialized providers rather than provisioning in-house resource.
damien1234Author Commented:
You guys have really helped.  I'm going to dig a little deeper into Zix and see where that leads me.
Damien: I'm glad you were able to get something useful from our contributions.  Tell them I sent you and...well, you may not get a price break, but I might get a trip to Hawii! :-)

Dave: since the Zix VPM does not store ANY Email itself, I think that this alone would make gaining access to previously sent Email is impossible.  Even mail that is queued to be delivered to a non-subscriber is held at the Zix datacenter, where the public key lies.  The user's private key is encrypted and is held on my ZIXWeb portal server.  Likewise, my Email domain's private key is held on my ZIXVPM while the public elsewhere, and no Email is archived as this is not a feature or within the capacity of the VPM.  Additionally, if you were to review the details of their SAS70 and encryption techniques (these are likely restricted to VAR and Partners), it would probably make you feel a little better about the security.
Dave HoweSoftware and Hardware EngineerCommented:

Did a review of their system as part of the bidding process for one of our customers. According to the material I was sent (I have no access to the material on their site, that's for subscribers only. I nearly dropped them from the bidding process after that, but one of their sales staff, terrified of being dropped from a really obscene amount of potential profit sent me a bunch of them) the mail is encrypted to the user, and the user's private key is held on the Zix server (encrypted to their password, once they have one). each user has only one keypair, no matter how many correspondents they have in the Zixmail system, and the Zixmail central server acts as an oracle - it grants access to the key to the user, based on their login details, and that key is never given to the sender under any circumstances (otherwise you could hack your own zix server after sending an email to - say - the CEO of another company, and theoretically extract their key to unlock mail you have intercepted)

During the key-in process where a new recipient has not yet set up an account at zixmail, the mail is encrypted symmetrically and the symmetric key for that one email is held at the sender's appliance; once the recipient has created his new keypair, the public key is sent to the sender, who responds by encrypting the "queued" mail's symmetric key with the new public key and sends that to Zix to allow decryption of the mail by the recipient.

The weakness (common to all oracle based systems, including the cisco solution) is that if the zix server were compromised, a hacker could modify the system to reveal the secret key for users to a third party. It is also assumed (but no mechanism has been revealed, for obvious reasons) that zixmail's own ability to "recover" lost passphrases and grant lawful access to law enforcement agencies on production of a warrant means they have some way to remove the protection from the secret key when this is needful. A hacker therefore could, if he could compromise that system, gain access to *all* secret keys for all recipients.

This could of course be out of date (been a few years since I reviewed this, and as I say, Zix don't allow access to the applicable information unless you are a customer) but given you can still access historic mail using their servers, I doubt it has changed much.  A possible variant (but one patented by disappearing inc, so they would need to licence that patent) is for the sender's appliance to hold all the symmetric keys, regardless of the oracle status of the recipient, and supply them on-demand when the user needs to read a particular message. The downsides there are:

1) if your server is unavailable on the internet, none of your recipients can read their own mail
2) if your server is unrecoverable due to hardware failure, all your recipients lose all their historic mail (backups would fix this of course, but that opens a completely different can of worms)
3) there would need to be some way to grant legal discovery access - although (again) that could be done at the central server, lawyers have a horrible habit of demanding *you* do things when you hold the data, and whatever access route this has would be yet another gate into your security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now