Encrypting e-mail ranks high in just about every expert's list of important enterprise security steps. After all, this is a potent way to reduce the dangers from lost laptops, dishonest employees and many other ways in which valuable data is lost. This post at Server Watch drives the point home to those who haven't been paying attention -- or think that somehow the problem is passing them by.
The first two paragraphs drive home the point that not encrypting is folly. The balance of the item suggests that Pretty Good Privacy and Gnu Privacy Guard -- which it describes as vendor PGP's "open source/free of cost sibling" -- are good bets. The concept is simple: People sending messages encrypt with the intended recipient's public key. Messages are then decrypted with the private key, which is known only to the receiver.
PGP is having a good winter. The vendor scored earlier this month when SC Magazine named its Desktop Enterprise Email v9.6 the top e-mail security product in its yearly industry assessment. The magazine said the product "continues to set the standard for pure e-mail security in an enterprise environment." The company's good December continued when Pitney Bowes, which this release says is the world's largest "mailstream" solution vendor, indicated that it will standardized on the companys platform. Pitney Bowes will use PGP's Universal Gateway Email for legal, human resources and corporate communications.
PGP wasn't alone in gaining recognition. Last month, Gartner put Tumbleweed Communications in the Leaders Quadrant of its latest Magic Quadrant for e-mail encryption. The Gartner report says e-mail encryption is becoming a key trend in data-loss prevention (DLP) initiatives. Once those projects transition from passively monitoring traffic to enforcement, Gartner says, DLP becomes a major tool.
This link at Pointing Out the Obvious does just that -- it suggests that businesses and individuals must use common sense in selecting who is appropriate for an encrypted message. Since the recipient must take an extra step or two, the writer correctly points out, folks with little patience and technical knowledge are poor candidates for this form of security. The blogger than offers a couple of viable alternatives. Another key question with which organizations must grapple is whether all e-mail, including those that stay in the enterprise, must be encrypted.
The most valuable part of the post, however, is a set of links to companies that offer e-mail encryption products or services. In addition to Tumbleweed and PGP, the writer lists IronPort, Voltage, CiperOptics, Entrust and Microsoft.