Driven by regulatory and legislative pressures, concern over the privacy and integrity of Internet email communication is moving up the corporate agenda. As a result, businesses are looking towards encryption to secure their email. A 2005 study by Osterman Research indicated that at least 20 per cent of users in a typical organization would be frequent users of a secure messaging capability if it was available to them.
“Secure messaging is becoming more critical in the enterprise and SMB markets, driven by regulations like Sarbanes-Oxley and Gramm-Leach-Bliley, as well as a need to protect critical communications of various types,” said Michael Osterman, president of Osterman Research, Inc. “Users need a way to send encrypted email easily, with minimal disruption to their normal use of email, and they need to be confident that the encrypted emails arrive securely at their intended destination.”
The MessageLabs Boundary Encryption service provides a secure private email network (SPEN) for customers to communicate with designated partners using SMTP over Transport Layer Security (TLS) encryption, without the need for desktop encryption tools. All email sent between an organization’s mail server, MessageLabs and designated partners travels via TLS encrypted channels. This lowers the total cost of ownership (TCO) of managing encryption relationships and the hassle of maintaining encryption clients on individual desktops, while ensuring the privacy and integrity of all email messages passed via these channels.
“One of the great advantages in applying encryption on a boundary-to-boundary basis is that the corporate policy on securing email can be enforced without the need to involve end users in any decisions, or have them change work practices. Any aspect of the policy is out of the hands of individual users,” said Jos White, president of MessageLabs. “Without an enforceable TLS guarantee, organizations can only offer a ‘best effort’ encryption, which is not enough to ensure compliance with industry regulations or legislations such as HIPAA or the Gramm-Leach-Bliley Act. With MessageLabs Boundary Encryption, email is totally secure and guaranteed.”
To use the service, organizations nominate email domains to be subject to encryption and designate partners to be involved in encrypted channels. The MessageLabs service then ensures that communication to and from the service involving these domains is secured using TLS. If an organization communicates with non-designated partners outside the SPEN, then normal unencrypted SMTP is used to pass such messages from the MessageLabs service to the recipient domains.
Email is secured via the SPEN only when it is sent outside the organization’s network, remaining unencrypted or “in the clear” within the corporate network, which facilitates other compliance-led solutions such as archiving. Both incoming and outgoing encrypted email passes through the MessageLabs’ global infrastructure at the Internet level, whereby the full array of MessageLabs email security services can be applied to protect organizations from threats such as viruses, spam and other unwanted content. Customers can control content and apply policies, ensuring that only clean email is then forwarded on to the intended recipient. The service is transparent to the end user, with no desktop tools required.
Using a central management console, organizations can manage their own set of partners. MessageLabs will then perform an automatic check to ensure nominated partners support TLS.
MessageLabs’ range of email security and management services provides organizations with a complete managed email security solution, without the hassle, inconvenience or additional cost of traditional software or hardware solutions. These services ensure the integrity of electronic communications, helping businesses to manage and reduce risk while securing their critical infrastructure and business information.
MessageLabs is the world's leading provider of email security and management services with more than 10,000 clients and offices in eight countries. For more information, please visit http://www.messagelabs.com
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.