E-mail Encryption Grows More Sophisticated -- and More Important

Carl Weinschenk

Encrypting e-mail ranks high in just about every expert's list of important enterprise security steps. After all, this is a potent way to reduce the dangers from lost laptops, dishonest employees and many other ways in which valuable data is lost. This post at Server Watch drives the point home to those who haven't been paying attention -- or think that somehow the problem is passing them by.

 

The first two paragraphs drive home the point that not encrypting is folly. The balance of the item suggests that Pretty Good Privacy and Gnu Privacy Guard -- which it describes as vendor PGP's "open source/free of cost sibling" -- are good bets. The concept is simple: People sending messages encrypt with the intended recipient's public key. Messages are then decrypted with the private key, which is known only to the receiver.

 

PGP is having a good winter. The vendor scored earlier this month when SC Magazine named its Desktop Enterprise Email v9.6 the top e-mail security product in its yearly industry assessment. The magazine said the product "continues to set the standard for pure e-mail security in an enterprise environment." The company's good December continued when Pitney Bowes, which this release says is the world's largest "mailstream" solution vendor, indicated that it will standardized on the companys platform. Pitney Bowes will use PGP's Universal Gateway Email for legal, human resources and corporate communications.

 

PGP wasn't alone in gaining recognition. Last month, Gartner put Tumbleweed Communications in the Leaders Quadrant of its latest Magic Quadrant for e-mail encryption. The Gartner report says e-mail encryption is becoming a key trend in data-loss prevention (DLP) initiatives. Once those projects transition from passively monitoring traffic to enforcement, Gartner says, DLP becomes a major tool.

 

This link at Pointing Out the Obvious does just that -- it suggests that businesses and individuals must use common sense in selecting who is appropriate for an encrypted message. Since the recipient must take an extra step or two, the writer correctly points out, folks with little patience and technical knowledge are poor candidates for this form of security. The blogger than offers a couple of viable alternatives. Another key question with which organizations must grapple is whether all e-mail, including those that stay in the enterprise, must be encrypted.


 

The most valuable part of the post, however, is a set of links to companies that offer e-mail encryption products or services. In addition to Tumbleweed and PGP, the writer lists IronPort, Voltage, CiperOptics, Entrust and Microsoft.



Add Comment      Leave a comment on this blog post
Dec 30, 2007 8:58 AM Song Song  says:
Email encryption solutions have always been a headache for users as well as administrators. The most main stream solutions use a pull technology or use PGP. Both of these solutions have proven to have several problems, most notably is their lack of ease of use. Ciscos IronPort PostX encryption solution breaks away from the status quo with their push technology. Heres how it works: Reply
Jun 13, 2009 4:33 AM Doug Doug  says:

Voltage SecureMail (http://www.voltage.com/vsn) is a great email and file encryption tool.  Your email address is your public key instead of a PGP key or a certificate.  You can send ad-hoc email to anyone and recipients don't need any special software to read and reply securely.  Encrypted mail is only stored in a sender's sent folder or a recipient's inbox.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.