Strategic Security: Developing a Secure E-Mail Strategy: Page 4 of 8

>» Staging-Server Encryption

Staging servers are used to store sensitive e-mail that can be retrieved later by the recipient on your secure network. If a user sends an e-mail to a domain that's listed as secure by your outbound security filters, it's routed to a server on your network. E-mail is then sent to the recipient notifying him that he has received a secure message. To read the message, the recipient must log into the secure server, usually using a secure Web portal, to view and respond to the message. This solution can be implemented using gateway devices or can be configured in certain software applications: PostX and Tumbleweed offer good products in this arena. For companies, such as banks, HR firms or credit-card companies, that want to notify customers their attention is needed--for instance, to ascertain that a transaction took place--this method works well.

There are some disadvantages to staging-server encryption, however. If end users correspond often with external recipients, each of those recipients will be forced to maintain yet another in-box and sent-mail box. And forgotten-password resolution for occasional users and automated password recovery must be well-thought-out to prevent additional work and unauthorized access.

>» End-to-End Encryption

End-to-end encryption does what its name suggests: Data is encrypted by the sender and remains so until decrypted by the recipient. Typically, software agents are deployed that let users send encrypted mail by pressing a "Secure Send" button. There are products from PGP, Voltage Security and others that work with all major desktop clients. End-to-end encryption is suitable for environments--such as finance, accounting and HR-- in which sensitive information must be kept secret and transmitted securely.