Fortra's Clearswift Secure Email Gateway appliance provides a number of options to secure email sent over the Internet through the use of encryption.
Securing messages by encryption ensures that messages have:
- Confidentiality – generally messages can’t be read by the wrong person
- Integrity – the message is intact and can be shown to have not been modified by anyone from sender to recipient
- Non-repudiation – the content of the message and the information about who sent the message can be used in law to prove that something did or didn’t happen
In comparison to competitive products on the market, the Clearswift Secure Email Gateway appliance supports a wider range of technological approaches to enable businesses to communicate securely.
The on-premise Clearswift Secure Email Gateway can be configured to encrypt messages based on the traffic’s direction or by policy, e.g. credit card details found in attachment.
The various encryption methods are suited to different user communities, frequency of messages and whether encryption is required to/from the desktop, or just whilst it travels across the Internet.
Transport Layer Security (TLS)
This mechanism does not permit securing messages all the way from the sender’s desktop to the recipient’s, but is used to secure messages over the Internet between servers. It is completely transparent to end users and is therefore widely used. TLS is also available on the ARgon product.
Password
This method takes the sender’s message and attachments and wraps them up into a password-protected Zip file which is delivered to the recipient. The sender still has to get the password to the recipient, typically using a different medium such SMS, or email to a secondary email account.
Portal Push/Pull
The hosted email portal allows senders to send messages to recipients who receive them using a webmail style mail client and can reply back to the sender in a secure fashion. This technology is geared towards low volumes of message transaction to users of all levels. Advanced users can adjust their settings so that they can receive encrypted messages directly to their corporate mail client without having to login to the secure webmail portal.
Secure MIME (S/MIME)
Secure MIME is a standard for sending secure messages and widely used in Europe. This system uses public key cryptography, where users have both a private and a public key which are mathematically linked so that a message encrypted with a public key can *ONLY* be opened by the recipient using their corresponding private key. The Gateway can use this technology for encrypting messages between servers and users.
Pretty Good Privacy (PGP)
Pretty Good Privacy is a similar mechanism to S/MIME where users have both private and public keys but use different sets of algorithms.
Portable Document Format (PDF)
This entails embedding the message and the attachment into a password protected PDF file, in the same way that password-protected messages are created. The password must be distributed safely.
Records Management (DRM)
This approach allows recipients to be able to receive data over email or via hyperlink and only they can access the data. They are restricted as to what they can do with the data (such as forward or print) and the data can be revoked at any time.
Identity Based Encryption (IBE)
This is an encryption system where the recipient doesn’t have to have a key or certificate. The sender is able to encrypt a message to the recipient where the recipient’s key is derived from their name or email address.