Twitter Us!

Proofpoint - Email Security, Email Archiving and Data Loss Prevention.Proofpoint Secure Messaging: Email Encryption Software

Encrypt sensitive information

Proofpoint Secure Messaging: Email Encryption SoftwareProofpoint Secure Messaging module adds powerful, policy-based email encryption software to your deployment. Proofpoint's powerful, policy-driven encryption features help mitigate the risks associated with regulatory violations, data loss and corporate policy violations by applying encryption automatically based on customizable policies.

Benefits of Encrypted Email Communication:

 

Features:

Encrypted email is commonly used to transmit sensitive or confidential information-including operational data, trade secrets, legal documents, financial information, and personal healthcare and identity information-both inside and outside the enterprise.

The need to secure this confidential information—and comply with a growing body of regulations that govern the transmission of private data—have made policy-based encrypted email a "must have" feature of a complete messaging security solution. The Proofpoint Secure Messaging module meets these requirements with the industry's most powerful and flexible solution for policy-driven secure messaging.

Policy-driven secure messaging
Training end-users in the proper use of encryption systems can be a significant barrier to successful deployment of traditional secure messaging solutions. But Proofpoint Secure Messaging is much easier to use and manage. Proofpoint's secure messaging solution automatically and dynamically applies encryption or decryption based on your organization's policies, right at the gateway. As a result, end-users don't need to take any special actions to take advantage of encryption features and your compliance and content security policies are consistently and accurately applied on an as-needed basis.

Easy to administer
Unlike alternative approaches (such as PKI) to encrypted email, Proofpoint's identity based email encryption software features provide effective protection for sensitive information without the administrative burdens and infrastructure costs typically associated with secure messaging.

  • Easy policy management: All encryption policies—whether they are driven by regulatory compliance, data security or internal corporate concerns—are centrally managed and enforced at the gateway. The Proofpoint Messaging Security Console provides a convenient graphical interface for defining encryption policies, which can be triggered based on message content identified by the Proofpoint Regulatory Compliance, Proofpoint Content Compliance or Proofpoint Digital Asset Security modules.
     
  • Simplified key and certificate management: Using Voltage Security's IBE (Identity-Based Encryption) technology, public keys are generated on-demand, eliminating the daunting certificate lifecycle and key management requirements of other encryption solutions. Ongoing maintenance of certificates and Certificate Revocation Lists (CRLs) is not required.
     
  • Minimal data storage and archive requirements: Proofpoint Secure Messaging also simplifies the storage, backup and recovery overhead usually associated with message encryption. Using IBE, messages and keys do not need to be backed up or stored for extended periods of time.

Easy to use
Proofpoint Secure Messaging operates transparently to end-users without requiring software downloads or the installation and maintenance of desktop encryption clients. Proofpoint's encryption solution automatically encrypts and decrypts sensitive content as required, without end-users having to use and manage complicated digital certificates or encryption keys.

Low total cost-of-ownership
The Proofpoint Secure Messaging module seamlessly interfaces with other Proofpoint modules including Proofpoint Regulatory Compliance and Proofpoint Digital Asset Security. Easy deployment and minimal ongoing management requirements greatly reduce the ongoing costs associated with managing your secure messaging solution. And Proofpoint's unparalleled ease-of-use for end-users minimizes support, training and helpdesk costs.

Extremely granular control of encryption policies
As in Proofpoint's anti-spam, anti-virus and content security modules, secure messaging policies are managed and enforced on an enterprise level from a single location, using the Proofpoint Messaging Security Console. Once defined, enterprise encryption policies are applied automatically at the gateway, eliminating the risk of user error.

Message encryption policies can be extremely granular—encryption can be triggered by any combination of:

  • Structured data matches: Such as the presence of protected healthcare or financial information such as HIPAA codes, ABA routing numbers, credit card numbers and social security numbers as detected by the Proofpoint Regulatory Compliance module.
  • Unstructured data matches: Such as the presence of confidential information as detected by the Proofpoint Digital Asset Security module.
  • Keywords and regular expressions found in the subject line or content of messages as defined in the Proofpoint Content Compliance module.
  • Message origin or destination: Encrypt messages based on destination (e.g., a specific business partner or supplier) or sender. Messages can also be encrypted based on other message attributes such as attachment type.

Apply inbound policies to encrypted messages
Email can also be decrypted at the gateway, allowing Proofpoint's anti-spam, anti-virus and content compliance policies to be applied to encrypted email before it is delivered to end-users, ensuring that encrypted spam, malware and non-compliant messages are properly handled.

Technology:

The Proofpoint Secure Messaging module is powered by Identity-Based Encryption (IBE) technology from Voltage Security. Voltage IBE is a public key cryptography system that uses common identities-such as an email address-as public keys, eliminating the need for certificates, Certificate Revocation Lists and other costly infrastructure.

The result is a powerful encryption solution that is easy to implement and easy to manage, without the overhead and cost inherent in traditional security solutions.

How does IBE work?
Any user can communicate securely with any other user by using the recipient's email address as the encryption (or public) key. Decryption (or private) keys are generated by the Proofpoint Secure Messaging module on an as-needed basis. These keys can be recreated at any time, eliminating the need to archive or store decryption keys.

These basic properties allow for a secure messaging environment where certificates are never required and users need to know nothing other than their email addresses.

Compare:

Key Features Proofpoint Secure Messaging PKI-based Solutions Webmail-based Solutions Symmetric Solutions
Usability four-circle one-circle four-circle three-circle
Scalability four-circle one-circle one-circle one-circle
Authentication Options four-circle four-circle one-circle one-circle
Ad-hoc Messaging four-circle one-circle two-circle four-circle
Disaster Recovery four-circle two-circle one-circle one-circle
Integration with Inbound Anti-virus, Anti-spam, Content Filtering four-circle one-circle none-circle one-circle

The table above summarizes the key differences between Proofpoint Secure Messaging and other email encryption solutions. These solutions can be differentiated along six important criteria.

Usability
Proofpoint's solution eliminates the need to use certificates, certificate revocation lists and all the costly and complex infrastructure associated with PKI systems. As a result, it is substantially easier to use and offers a much lower total cost-of-ownership.

Scalability
Each type of solution scales differently because each approach requires different sorts of information to be stored. The relatively high storage requirements associated with most solutions create a variety of disaster recovery, retention and backup problems (which are not shared by Proofpoint Secure Messaging):

  • With PKI solutions, you need to create keys as well as store and distribute certificates and revocation lists, which become onerous to manage over time.
  • In webmail-based systems, all messages are sent to a separate inbox that resides in a parallel messaging architecture. This parallel mail infrastructure needs to store all messages and archive them.
  • With symmetric solutions, keys are issued for every user and every message. This means that an online server must be available to encrypt and decrypt messages.

Authentication
Authentication is central to any encryption system. Proofpoint provides the widest array of options for authentication, including RSA SecureID, email answerback, question and answer, PIN/password, Active Directory, LDAP and custom adaptors. Most other solutions provide very limited integration capabilities for authentication.

Ad-hoc Messaging
Being able to send secure messages to recipients with whom you have never corresponded is a key requirement. Most solutions require pre-registration or the creation of additional, redundant credentials-which cannot be backed up-before encrypted messaging can be enabled. Proofpoint Secure Messaging was designed from the ground up to simplify this scenario and requires no user pre-registration nor software download to receive messages.

Disaster Recovery
Most solutions require the storage of information pertaining to certificates, credentials, users and messages in order to encrypt. With Proofpoint Secure Messaging, none of this information ever has to be centrally stored, which makes it very easy to restore after a disaster.

Integration with Inbound Message Scanning Services
Proofpoint is one of the only solutions to provide complete, end-to-end, content-level encryption with the ability to scan messages for viruses, spam or content compliance and to archive messages in the clear (i.e., in their unencrypted form).

Documentation:

PDF File
Download the Proofpoint Secure Messaging Datasheet (PDF).