Trusttone

Member Area
Email Encryption Product Selection Considerations
2010.01.27 02:44:55 Hemant Thakkar
Table of Contents
  1. Desktop Clients
    1. Password based
    2. PKI based
    3. IBE based
  2. Gateways
  3. Hosted Service
  4. TrustTone Products

There are many email encryption products on the market with a variety of approaches to solving the problem. The problem of course is that of providing strong security guarantee while making it easy to use. This blog will briefly describe the types of products in the market with more details about differences between different TrustTone product offerings.

Email Encryption Desktop Clients

Client products perform email encryption at the originating user's desktop. Typically this is accomplished through a plug-in module that enhances the email application with encryption features. This approach generally limits the type of email applications supported by the product since the vendor has to make a marketing decision about how many email application plug-ins should be provided. Microsoft Outlook is by far the most universally (and generally the only one) supported by this approach. Even among the desktop products, technical approaches vary.

Password based

Some desktop client products use shared password approach. Sender and recipients must have a common secret password that can be used to encrypt the email message. This approach becomes very difficult to manage as number of users for email encryption grows. To manage passwords for emails between numerous users where each email message may contain more than one recipients is near impossible. This approach works fine for one-to-one or very-few-to-very-few users communicating with email encryption.

PKI based

Public Key Infrastructure (PKI) allows a user to send encrypted email to another user if both users have keys and certificates issued by recognized Certificate Authorities (CA). Most email applications such as MS Outloook, already support sending encrypted email using certificates. The problem is that a user to coordinate acquition and management of keys and certificates for all the users she wants to communicate with is a nightmare, given the case that many of the recipients do not belong to the same organizaition as the sender and do not share the same IT infrastructure.

IBE based

Identity Based Encryption (IBE) allows a sender to send encrypted message just by knowing a unique public identifier for the recipient. Typically email address serve as such a unique public identifier. Identity Based Encryption schemes typically use new cryptos (based on Weil-pair functions, Jacobian functions etc.) to provide this behavior.

With ubiquitous connectivity, it is also possible to create IBE like scheme by creating a transparent key and certificate management layer on top of legacy PKI technology. TrustTone products (both desktop and gateway) take this approach and create what we can Identity Based PKI or IBPKI.

IBE or IBPKI based products provide strong security and ease of use since the key and certificate management is completely hidden from the user and managed transparently by the system.

Email Encryption Gateways

Gateway products perform email encryption at the IT boundary of the organization. End users' emails are routed through the gateway which examines the content of the email message and determines based on policy rules defined by the organization to encrypt the outgoing email message or not. Incoming messages are similarly routed through the gateway which performs decryption of incoming encrypted messages as needed.

This approach is generally more suitable for all but very small organizations. Gateway products allow IT department to manage the security aspects, define and enforce encrytion policy globally through one central unit. If encryption policy rules are defined in alignment with the business processes and workflow, it effectively provide automatic encryption whereby a user does not have to make an 'encrypt or not' decision - the rules will force the encryption as needed.

Email Encryption Hosted Service

Hosted email encryption service acts as a traditional email hosting service with a twist. The twist is that emails can be encrypted based on some policy rules. This approach works for very small to very large organizations. The disadvantage is that service provider has access to all encrypted emails. In some cases that may not be ok for compliance with regulations.

TrustTone Email Encryption Products

TrustTone currently provides client and gateway products. We will provide hostes service very soon.

The client product works for MS Outlook email application and as mentioned above, it is suitable for an individual user or a small organization (fewer than 10 users).

The gateway product works with all email applications and it is suitable for small, medium and large organizations. It is also the most appropriate solution for meeting compliance for privacy regulations since no private data or keys are passed through any third party infrastructures.


Tags: product selection | Encryption | email encryption
 
Reply this post
Name:

E-mail:

  Enter text shown in left:
 



Tags

Nevada Privacy law NRS 603.A SB227 201 CMR 17 Massachusetts Cloud Computing Security Secure email privacy-protected email email encryption TLS Encryption product selection

Bookmark & Share