Email Encryption Vendors

First Last
First Last used Ask the Experts™
on
Hi -

I already have a spam email system (websense) in place. I'd like to add email encryption, but beyond TLS. I want something that notifies the 3rd party they have a secure email waiting and somehow securely delivers the message.

What are your recommendations?

Basic Facts:

100~ users
Exchange 2010 with DAG
Mixed environment OWA, Outlook 2003-2013.
Email Filter Websense at each Exchange location

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Software and Hardware Engineer
Commented:
Depends on what you want to do with it I guess. I am assuming you don't want to create your own system :)

What you are describing is usually called "oracle based encryption" (despite Oracle not being a company that offer it :)

What usually happens with such solutions is this.
1) the message is encrypted to a session key (this is common across almost all solutions, including pgp and s/mime, so no surprises there)
2) the session key is sent securely to a key oracle (in some solutions, it is generated at the key oracle and sent to the encryption software, but the difference is marginal; in any case, it is encrypted with a unique key, owned by the recipient, on the key oracle server. This key need not exist before a given recipient is messaged, but won't then be protected until the recipient has set a password)
3) the message is sent either to the intended recipient, or to a storage server (systems vary, but to the intended recipient is most common)
4) the message contains a reference url to the key oracle's website where the recipient must log in (creating an account if they don't have one)
5) once the recipient logs in, their password is used to decrypt their secret key, which decrypts the session key, which can then be used to decrypt the message and display it via the website.
6) the recipient may read and optionally securely reply to the mail using what amounts to a webmail like interface.

Providers of such a service include:
Cisco (CRES, requires an "Ironport" email security appliance)
Microsoft (Exchange Hosted Encryption, requires their "forefront" cloud-hosted email scanning package)
PGP Inc (universal gateway; one of the few solutions where the mail is held in your own appliance for increased security/resistance to NSA style attacks)
ZixCorp - offer both appliance based and purely software based solutions.

Author

Commented:
This is exactly what I was looking to obtain! Thank you for the knowledge.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial