Secure/Encrypted Emails in Outlook/Exchange 2010

Looking for suggestions on securing/encrypting emails in my outlook/exchange 2010 environment. I want a user friendly way for my users to be able to selectively send secure email to users external users.

I currently have a hosted email filtering solution in place and does provide this capability but it would require some changes that we are not ready to make.

I'm looking for alternative solutions that would provide this functionality.
dowhatyoudo22Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jay_BrooksCommented:
See this article:
http://office.microsoft.com/en-us/outlook-help/encrypt-email-messages-HP010355559.aspx

Then visit www.Comodo.com for a free certificate...

Good luck!
0
dowhatyoudo22Author Commented:
This reads like every individual user would have to get a certificate and every recipient would also require a certificate. Is that correct or am I missing something. Also is it possible to for me to just get one certificate and then issue that certificate to each user that requests it for email encryption?
0
Jay_BrooksCommented:
Yes, every user would need a certificate.  They send it to the recipient before they send an encrypted message.  I do not have any experience with global certificates.  Sorry.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Dave HoweSoftware and Hardware EngineerCommented:
you can share a certificate, but its usually not advisable. with autoenrollment, you can have exchange issue the certificates automatically, but they won't be readily trusted outside of your own organization.

The usual alternative to preshared certificate encryption is called "oracle based encryption" - which isn't a product of the company oracle, despite the name :)

Microsoft offer this in their hosted exchange product, zixmail is a standalone solution, as is pgp universal gateway and cisco's CRES product (which requires you to have an ironport appliance to use)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simon Butler (Sembee)ConsultantCommented:
Microsoft have a standalone encrypted mail solution as well.
What this allows you to do is specify (usually via a word in the subject line) that the email needs to be secure. The recipient then gets an email to say that there is an email waiting and a link to go to. They can then read the email on a web page that Microsoft have provided.

Otherwise it is the certificate route, which I find that unless a user will be fired for not using it, or works in an environment where security is second nature, they aren't used.

Simon.
0
Dave HoweSoftware and Hardware EngineerCommented:
I wasn't aware MS had a standalone version - I have only seen Microsoft EHE; do you have a link to the standalone version?
0
Simon Butler (Sembee)ConsultantCommented:
Just to confirm - it is still a hosted solution, but doesn't require the use of Office365 - that is what I meant. They don't have something that you can install locally.

Simon.
0
Dave HoweSoftware and Hardware EngineerCommented:
Ok, don't recall mentioning O365 - which is a horrible solution anyhow. Real downside of any hosted solution via MS is that you are by default sharing with the American government, and given *all* the major players in this field are American based, none of them are really much better for that.  PGP universal IS an on-premise server, which is one improvement, but I would still not trust it not to be compromised.

I keep telling myself that one of these days I must get around to writing an open source, locally hosted solution, but there are a few impediments - firstly, who is going to trust a solution randomly posted to sourceforge, and second, one of the strengths of going with the commercial providers is that you only have to sign up once, and can then receive from and reply to anyone who is a customer of that vendor, rather than having to do it once per correspondent - if you are doing that, you might as well just post the stuff via Drupal and save all the effort :)
0
dowhatyoudo22Author Commented:
Thanks for all the insight. It is all pretty useful information. So what I gather is that my only options are:
 - option #1: use a hosted solution. Which I already have in place. I just need to configure my environment to make use of its capabilities

- option #2: use a certificate. Which will require the purchasing of said certificate from a trusted third party for each individual user. Or use one trusted third party certificate and attempt use it for each individual user.

- option #3: obtain an appliance of some sort.

Am I missing anything?
0
Dave HoweSoftware and Hardware EngineerCommented:
only that for option #2 you can issue your own certificates, and then relying parties have to explicitly trust them (instead of relying on paid for certs, which are increasingly untrustworthy anyhow :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.