Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Strategic Security: Developing a Secure E-Mail Strategy: Page 3 of 8

Large-scale deployments of completely secure e-mail are seen mostly in military, financial, health-care and government organizations. And growing businesses are more likely to deploy secure e-mail solutions for specific departments, such as finance, accounting and HR, according to Gartner. These highly secure e-mail systems are expensive, costing $20,000 to $200,000 for a 2,500-user installation, on top of the cost of an existing e-mail platform, Gartner estimates.

» Boundary Encryption

Boundary solutions work well for communications within the corporate network, but may not work for external e-mail, particularly to general consumers. In the boundary model of e-mail encryption, secure relationships are established with the boundary servers of both partner entities. This is typically a manual process, though it's possible to configure some devices to automatically attempt to deliver the e-mail securely, and then fall back to normal mode if secure channels are unavailable. When a secure connection can be established, all e-mail sent between the two gateway servers is encrypted, which means when the data is most vulnerable, it has already been encrypted as it passes over the Internet. In this model, e-mail transiting within your corporate e-mail infrastructure is not encrypted.

Companies with encryption products in this arena include IronPort, Tumbleweed and Voltage Security. These vendors provide devices that serve as a barrier, residing on the edge of the network, filtering all incoming and outgoing messages for spam, malware and phishing.

More important, to address compliance issues, these devices also can provide encryption using a variety of technologies, including PGP, S/MIME and TLS (Transport Layer Security). TLS adoption continues to rise, and it's likely to remain the preferred method through 2009. This is due to its popularity, acceptance and maturity as a secure transport. PGP (Pretty Good Privacy) is a free technology developed by the company of the same name and is effective and easy to use. It's a public-key technology; servers share their public key and encrypt the message with a private key. Using the public key found and managed by Internet keyservers, receiving e-mail servers can decrypt messages. S/MIME (Secure/Multipurpose Internet Mail Extension) is similar to PGP. Encryption products operating at the boundary are best-suited for small companies that send sensitive data from one corporate entity to another. This solution gives them the most bang for the buck and secures e-mail where it's most vulnerable.