Solved

Email Encryption Vendors

Posted on 2014-02-25
2
460 Views
Last Modified: 2014-02-26
Hi -

I already have a spam email system (websense) in place. I'd like to add email encryption, but beyond TLS. I want something that notifies the 3rd party they have a secure email waiting and somehow securely delivers the message.

What are your recommendations?

Basic Facts:

100~ users
Exchange 2010 with DAG
Mixed environment OWA, Outlook 2003-2013.
Email Filter Websense at each Exchange location

Thanks
0
Comment
Question by:First Last
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39887218
Depends on what you want to do with it I guess. I am assuming you don't want to create your own system :)

What you are describing is usually called "oracle based encryption" (despite Oracle not being a company that offer it :)

What usually happens with such solutions is this.
1) the message is encrypted to a session key (this is common across almost all solutions, including pgp and s/mime, so no surprises there)
2) the session key is sent securely to a key oracle (in some solutions, it is generated at the key oracle and sent to the encryption software, but the difference is marginal; in any case, it is encrypted with a unique key, owned by the recipient, on the key oracle server. This key need not exist before a given recipient is messaged, but won't then be protected until the recipient has set a password)
3) the message is sent either to the intended recipient, or to a storage server (systems vary, but to the intended recipient is most common)
4) the message contains a reference url to the key oracle's website where the recipient must log in (creating an account if they don't have one)
5) once the recipient logs in, their password is used to decrypt their secret key, which decrypts the session key, which can then be used to decrypt the message and display it via the website.
6) the recipient may read and optionally securely reply to the mail using what amounts to a webmail like interface.

Providers of such a service include:
Cisco (CRES, requires an "Ironport" email security appliance)
Microsoft (Exchange Hosted Encryption, requires their "forefront" cloud-hosted email scanning package)
PGP Inc (universal gateway; one of the few solutions where the mail is held in your own appliance for increased security/resistance to NSA style attacks)
ZixCorp - offer both appliance based and purely software based solutions.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 39889031
This is exactly what I was looking to obtain! Thank you for the knowledge.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now