Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What Is the Best Email Encryption Gateway For a Small Business?

Posted by Soulskill on from the randomize-all-outbound-communications dept.

Attila Dimedici writes "I am in the process of implementing an Email Encryption Gateway for my company. I checked with my various contacts in the industry and came away with Voltage as the best solution. However, as I have been working with them to implement a solution, I have been sadly disappointed by their lack of professionalism. Every time I think I am one question away from being ready to pull the trigger, I discover something that my contact with them had not mentioned before that has to be ironed out by the various stakeholders on my end. So, my question for Slashdot readers is this: what is your experience with implementing an Email Encryption Gateway for your company and what solution would you recommend?"

4 of 155 comments (clear)

  1. Re:Outlook.com by RobbieCrash · · Score: 5, Informative

    BES offers a shitload of benefits if you want to use them. Blocking things like the camera or SMS, limiting WiFi connectivity, security configuration, password requirements, etc, on company owned and paid for phones is a requirement for many large enterprises. Additionally, ActiveSync isn't as feature complete with syncing in most cases (Android doesn't do tasks or notes for example), while BES provides complete bi-directional sync between BlackBerrys and Exchange. Remote software management, an always on administrator controlled VPN connection is another benefit.

    We had issues with our Exchange server's gateway and it wasn't able to get to the internet, however the tunnel to our location that had BES was up and it had internet connectivity, so our BBs were receiving email communicating what was going on and who was doing what. Sure we could've done that with personal email or with BBM/GTalk, but this way we didn't need to.

    BES is a pain in the ass when you don't need any of the above and all you're doing is syncing email, calendar and contacts. But those are all critical features in many places.

    --
    Keep on knockin'
    https://robbiecrash.me
  2. Re:Outlook.com by sneakyimp · · Score: 5, Informative

    I disagree that Outlook.com is all that great. If you want your email to be truly secure, you need to encrypt it at the client and, in trying to set this up with one of my clients, I found that a) the documentation on this process using Outlook is very poor, b) one must pay to purchase a Digital Certificate for Outlook, and c) once my client did purchase a Digital Cert from one of the vendors listed on microsoft's website, windows and/or Outlook 2010 could not find this certificate or did not recognize it. A waste of time and money.

    I found it much easier to configure Thunderbird with a self-signed certificate and OpenPGP. The email is encrypted on my computer and decrypted on the client's computer. However, it's probably not feasible to train a bunch of tech-challenged workers to do this themselves and would likely introduce too much of a training/support burden for any sizeable IT shop.

    I realize that M$ may offer some handy tools for IT managers tasked with managing a large organization -- if you are willing to pay for it. I also find it extremely disappointing that client-based email encryption is not more widespread and easy to implement.

  3. Not really the best practice by Bruce+Perens · · Score: 5, Informative

    Rather than an encryption gateway, having your email client handle encryption avoids the problem of man-in-the-middle attacks between the gateway and the client.

    I don't have much reason to encrypt, but Thunderbird has my certificate installed and does my digital signing. This is not unusual for a modern email client.

    --
    Bruce Perens.
  4. Then I can't (won't) read email from you. by Ungrounded+Lightning · · Score: 5, Informative

    Cisco IronPort. We use it and rely on it heavily for secure emails regarding pii for our pension fund.

    Then I can't (won't) read any email you send me.

    To read Cisco IronPort mail you must install software from Cisco.

    To install the software from Cisco you must sign an EULA - which makes a BIG POINT of being a binding contract.

    The EULA has anti-reverse-engineering terms that, were I to sign them, would (IMHO) make me unemployable in the computer security field.

    Therefore I will not install the software.

    Therefore I cannot decrypt "secure" email you send me.

    Therefore I will not do business with your company.

    Do you REALLY want to FORCE your clients to CONTRACT WITH A THIRD PARTY and SIGN AWAY THEIR RIGHTS in order to exchange important email with you?

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way