image displayed if flash reader not installed

Email Encryption

Email encryption allows confidential information to be sent securely over the Internet. There are 3 ways in which this can be achieved.

File encryption software
At a simple level, software such as Sophos Safeguard Private Crypto can be installed on a PC to encrypt the file by means of a password which can either be pre-arranged or given over the telephone when the file is sent via email. When the email is received, the file is decrypted using the password. The advantage of this approach is that it is cheap and relatively simple to use, and is suitable for applications such as sending financial quotes to brokers. The disadvantage of this approach is that it relies on the user to ensure that the confidential data is encrypted before sending, and it also transmits information with file extensions that may be blocked by the recipient’s email security defences.

Email Encryption Software
Until recently, the majority of applications for encryption were met using either PGP software or an S/MIME Certificate. In both cases, mail is encrypted with a known key by the sender, and decrypted by the recipient using a corresponding decryption key.

There are three main disadvantages to this approach.

  • Client software encrypts everything including malware and viruses, so passing encrypted mail through an organisation’s email security defences in an encrypted format presents an identifiable security risk

  • The process still relies on the user remembering to encrypt confidential documents.

  • Whilst this is feasible for regular correspondents, traditional S/MIME and PGP client based encryption relies on having a pre-established relationship for the exchange of keys. Today, there is a growing demand to be able to send secure email to recipients who may not have the appropriate decryption client / certificate.

McAfee Email Gateway also provides a gateway implementation for both PGP and S/MIME encryption. The advantage of this approach over client based encryption is that recipients’ PGP public keys are stored on the Secure Mail MTA, and S/Mime certificates can be retrieved via a lookup to the local LDAP server. Every time that a message is sent to recipient for whom a public key is stored, it is automatically encrypted and sent out using the appropriate PGP or S/Mime encryption. Using a gateway based encryption system also allows emails to be virus checked as they pass through the internet gateway.

Identity Based Encryption (IBE)
Identity Based Encryption overcomes the majority of the shortcomings of client based encryption as it doesn’t require the recipient to have set up a public key to be able to receive secure email. Instead, the email is encrypted using the recipient’s email address. An email is sent either with:

  • The encrypted content as an envelope attachment in which case the recipient simply logs into a key server which triggers an automatic downloading of the decryption keys … OR

  • A link to a secure webmail portal from which the email message and attachments are downloaded.

The first method is most popular since it requires no onsite storage of message content, but the secure webmail approach provides greater control over copying and forwarding of message and attachment content for high security applications.

Both Ironport and McAfee Email Gateway provide support for Identity Based Encryption, although Ironport does not support storage of attachments on a secure web portal. McAfee Email Gateway also includes email data leakage prevention capabilities which enables you to “fingerprint” your confidential information and prevent it from being sent out unencrypted over the public internet.

Clearview Systems are accredited partners for Ironport and McAfee. Our engineers will be able to advise you which product is best suited to your needs, and can also help with product assessment, trials and deployment to your user base.