Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Email Encryption Vendors

Posted on 2014-02-25
2
Medium Priority
?
481 Views
Last Modified: 2014-02-26
Hi -

I already have a spam email system (websense) in place. I'd like to add email encryption, but beyond TLS. I want something that notifies the 3rd party they have a secure email waiting and somehow securely delivers the message.

What are your recommendations?

Basic Facts:

100~ users
Exchange 2010 with DAG
Mixed environment OWA, Outlook 2003-2013.
Email Filter Websense at each Exchange location

Thanks
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 39887218
Depends on what you want to do with it I guess. I am assuming you don't want to create your own system :)

What you are describing is usually called "oracle based encryption" (despite Oracle not being a company that offer it :)

What usually happens with such solutions is this.
1) the message is encrypted to a session key (this is common across almost all solutions, including pgp and s/mime, so no surprises there)
2) the session key is sent securely to a key oracle (in some solutions, it is generated at the key oracle and sent to the encryption software, but the difference is marginal; in any case, it is encrypted with a unique key, owned by the recipient, on the key oracle server. This key need not exist before a given recipient is messaged, but won't then be protected until the recipient has set a password)
3) the message is sent either to the intended recipient, or to a storage server (systems vary, but to the intended recipient is most common)
4) the message contains a reference url to the key oracle's website where the recipient must log in (creating an account if they don't have one)
5) once the recipient logs in, their password is used to decrypt their secret key, which decrypts the session key, which can then be used to decrypt the message and display it via the website.
6) the recipient may read and optionally securely reply to the mail using what amounts to a webmail like interface.

Providers of such a service include:
Cisco (CRES, requires an "Ironport" email security appliance)
Microsoft (Exchange Hosted Encryption, requires their "forefront" cloud-hosted email scanning package)
PGP Inc (universal gateway; one of the few solutions where the mail is held in your own appliance for increased security/resistance to NSA style attacks)
ZixCorp - offer both appliance based and purely software based solutions.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 39889031
This is exactly what I was looking to obtain! Thank you for the knowledge.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question