Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Protection of critical information with E-mail encryption.

InfoSecurity Europe : 24 January, 2008  (Technical Article)
Sending e-mails with attachments containing crucial business information requires encryption to keep the data safe as explained by Udo Kerst of Astaro.
Email is so firmly established that few users stop to wonder what happens to their emails after they send them. Customer records, sales figures, marketing plans and other business confidential information are regularly attached to emails and sent, without a second thought, across the Internet, an open communication medium. This is analogous to writing a credit card number and security code on a postcard and hoping that no one looks at it on its way through the post. Unprotected e-mail is convenient and efficient but woefully insecure.

Ensuring only intended recipients are able to access information contained within emails has, up until now, required complicated and expensive technology, rarely used by large organisations and well beyond the means of small and medium sized businesses. However, email security is fast becoming a priority for managers across the board. Industry regulations requiring organisations to secure company confidential information are applicable throughout the supply chain. Small and mid-sized companies supplying goods and services to large organisations are obliged to actively participate in ensuring the security of all shared data.

To be acceptable for small or midsized companies, secure email transmission technology needs to be easy to install, administer and, to maximise simplicity, easy to combine with other security components. Its use by individual employees must be enforceable in order to allow company-wide security policy to be implemented but the securing mechanisms should be transparent in use to avoid the need for costly training and to maintain employee productivity. Finally, the solution must be affordable for smaller businesses.

A variety of solutions for secure email transmission are available. The classic approach for securing email infrastructure is to provide each user with software, such as S/MIME or OpenPGP, on their desktop. Users are supplied with internal and external PKI (Public Key Infrastructure) keys, which they administer on their own PCs. These solutions offer sufficient functionality and are cheap to implement, but have high administrative costs and are only suitable for users who possess advanced knowledge of encryption and signature methods, not something many small companies have in abundance.

To overcome some of these challenges, stand-alone centralised solutions, which shift the encryption functionalities from the individual desktop to a dedicated email gateway, are available. Administrators of stand-alone centralised solutions are required to integrate the technology into the existing IT infrastructure and link it in with other security components such as virus scanners and firewalls. These solutions are generally powerful and offer many features and configuration possibilities. However, they are highly complex and expensive so are used only by large companies with the corresponding know-how.

The solution for small and midsized businesses is to integrate centralised email encryption within a Unified Thread Management (UTM) appliance. A UTM appliance offers a suite of security solutions that provide comprehensive protection from Internet threats in a central gateway. Because secure email technology is seamlessly integrated with the UTM's other security functions, there is no need for complicated implementation and encrypted e-mails are checked for damaging content by a centralised virus and content scanner. The administrative interface is also greatly simplified, which reduces the long-term cost of using secure email technologies whilst still offering strong encryption, decryption, and signature verification in accordance with the common S/MIME and OpenPGP standards.

At its simplest, to utilise a UTM's email-security capabilities, businesses need only plug the appliance into their network between the Internet connection and the server, accept the factory presets and import their employees email addresses. Encrypted emails will then be sent between staff, who will probably not even be aware of the change. Every time an external email presenting an industry standard security certificate, is received, the sender's address is added to the list that will be sent encrypted content.

Solutions that require software on each workstation or a centralised, stand-alone, email encryption tool are too complex to manage and operate, as well as being beyond the budget typically available in midsized companies. Centralised email encryption integrated into a UTM appliance provides an ideal combination of security applications and email security in an economical, easy-to-use, all-in-one solution, enabling senders and recipients of email to concentrate on their jobs, safe in the knowledge that their company confidential information is secure.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo