E-Mail Encryption: Lots of Choices, Plenty of Tradeoffs

Corporate espionage is big business these days. So it makes
sense to deploy some kind of encryption system to ensure that
prying eyes can’t decipher anything garnered from intercepted
messages or from stolen computers. Whether it is customer data,
employee data, intellectual property or confidential financial
information, losing anything can be seriously detrimental.

“Lost or stolen data can cripple a business’s
reputation and financial standing,” says Than Tran, product
marketing manager at PGP Corp. of Palo Alto, CA. “A business
must ensure e-mails containing sensitive information are kept
secure and that they comply with privacy laws to assure safe
transactions for their customers and the privacy of their

Encryption Systems

Tran explains that there are several different methods of e-mail
encryption. Endpoint-to-Endpoint represents full encryption from
the originating device to the recipient device. This method
provides the highest level of security by allowing no intervening
points at which plaintext data can be read by anyone but the
intended parties. The drawback is that this mode also creates the
greatest amount of complexity from an implementation,
administration and management perspective. This complexity mainly
results from the fact that encryption software must be installed
and maintained on the endpoint that integrates with the client
email reader software.

Gateway-to-Endpoint is one way to simplify things. It provides
full encryption from a gateway system within the sender’s
network to the recipient’s endpoint. In this scenario, the
message leaves the sender’s desktop in plaintext and is
encrypted by a gateway located within relative proximity to the
email server. This mode eliminates the need for any encryption
software or user interaction on the sender’s side.

“Another variation on this is Gateway-to-Gateway,”
says Tran. “It is like Gateway-to-Endpoint, but adds an
encryption gateway on the recipient’s side, thus eliminating
desktop software and administrative costs on that end as

Finally, there is Gateway-to-Web which provides access to
sensitive data via a Web server, possibly co-located on the gateway
itself. The data is typically protected via transport layer
encryption, such as Secure Sockets Layer (SSL). This allows secure
communication to occur with any recipient, regardless of its
architecture or level of sophistication.

“In this scenario, a standard message is sent to the
recipient, advising that a secure message is waiting at the
gateway,” says Tran. “The recipient retrieves this
message via a secure connection, which may also require
authentication with credentials delivered by an out-of-band

PGP Encryption

PGP offers several solutions to ensure secure and simple email
encryption. PGP Universal Server enables organizations to control
deployment, automate user and key management, enforce policy, and
centralize reporting for one or more encryption applications. The
company can start with a single encryption application, growing a
deployment across the enterprise and out to customers and partners.
The application scales well as new systems are added and integrates
easily with the existing infrastructure. PGP Universal Server
automates the creation of user accounts, management of user keys,
delivery of policy updates to applications, installation of
software updates and also does logging and monitoring.

It is supplemented at the desktop level by PGP Desktop
Professional, which is managed by PGP Universal, to secure email,
data stored on disk and AIM traffic. It also provides digital
signature capability.

“PGP Whole Disk Encryption technology is used for full
disk encryption, securing all date including often overlooked
temporary, swap, and hibernation files that include copies of
sensitive data, files and e-mails,” says Tran. “As a
business grows and requires more bandwidth/security it is best to
then upgrade to PGP Universal Series, a robust and scalable e-mail
encryption platform.”

A perpetual license for PGP Desktop
9.6 for Windows costs $149.

Choose Wisely

Tran offers some advice for businesses with regard to email

“The challenge for email encryption is to select a
solution that will support the growth and changes within the
business’s email architecture and will also be leveraged by
non-email applications requiring encryption services,” he
says. “It is absolutely vital for a company to encrypt not
just e-mails but also files that contain sensitive information with
the highest level of protection. It can be a costly and devastating
set back to a business, if sensitive data is exposed to unintended

Reason? According to Gartner Inc. of Stamford, CT, 84 percent of
high-cost security incidents occur when insiders send confidential
data outside the company without properly securing the data.

“Different companies have different needs and should
assess its own risk before deciding to implement a security
solution,” says Tran. “Furthermore, it is critical that
a business conducts frequent audit of its security procedures,
processes and technologies in order to comply with ever changing

Article courtesy of Enterprise IT Planet

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including eSecurity Planet and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest Articles

Follow Us On Social Media

Explore More