Email Encryption Components and Considerations

Armored Knight with Sealed Scroll — An armored knight with closed visor sitting atop a galloping white horse, holding a sealed scroll in one hand and raising a sword victoriously with the other hand. The scroll has a wax seal imprinted with a coat of arms. The background is a towering castle surrounded by a moat with a drawbridge raised. Digital encryption locks and algorithms in metallic tones surround the scroll symbolizing advanced security.

Email Encryption Components and Considerations

Encryption Algorithms - There are several encryption algorithms that can be used to encrypt email messages, such as AES, Blowfish, RC4, etc. The most commonly used today is AES due to its strength and speed. The encryption algorithm should be strong enough to protect the contents of the email.

Encryption Keys - Encryption keys are required to encrypt and decrypt the email messages. Keys can be symmetric (single private key used by sender and recipient) or asymmetric (public-private key pairs). The key length, typically 128-bit or higher, impacts the strength of the encryption. Proper key management is critical.

Digital Certificates - Digital certificates issued by a trusted Certificate Authority can be used to encrypt email and validate identities. S/MIME and PGP both rely on digital certificates for encrypting and authenticating email. Certificates should be current and validated.

Sender/Recipient Authentication - Encrypted email should authenticate the identities of the sender and recipient to ensure only intended recipients can open the email. Digital signatures and certificates help provide this authentication.

End-to-end Encryption - For maximum security, encryption should apply end-to-end from sender to recipient. This prevents intermediate servers from accessing the email contents if encrypted only between endpoints.

User Experience - The encryption method should have minimal impact on user experience. It should be easy for users to encrypt, decrypt and authenticate messages.

Compliance - Solutions should comply with email encryption standards and regulations for the industry. HIPAA, PCI DSS, and GDPR have specific email encryption requirements.

Cost - Affordability can be a factor when choosing an enterprise-grade encryption solution depending on the size of the organization.

Maintenance - Proper maintenance is required such as certificate renewal, software updates, and key rotation policies to ensure optimal security over time.

2005: Zix VPM 2.3 - Enterprise-wide virtual private messenger routing options, content scanning, blocking, classification, and interoperability

Hardware

In 2005, Zix released Zix VPM (Virtual Private Messenger) enterprise-wide email encryption solution version 2.3 on a Dell 1850 or Dell 750, with hardware support. It also included features requested by users, including routing options for greater flexibility, increased interoperability, and the ability to control when email is encrypted.

New features of the product included:

New routing capabilities that enable options such as forwarding messages to administrator, customized bounce messages, action notifications to sender, and blocking incoming mail per policy
End-user ability to force messages to be sent in plain text or to encrypt on demand
An S/MIME interoperability module
Support for Transport Layer Security (TLS)
Enhanced and more robust lexicons with concise terminology
Improved performance and security updates, including content scanning and no unnecessary scanning of binary files

Several customers, including Detroit Medical Center, conducted beta testing. "With Zix VPM 2.3 we have measured a 50 percent improvement in our mail flow response times," said Eric M. Foote of Detroit Medical Center Information Services. Stability has also improved, including less hands-on administrative time required. The granularity of the message classification has also greatly improved thereby giving us greater control of our encryption policies."

Zix VPM is a server-based enterprise solution for organizations that require a high level of email security and encryption. The service provides a secure e-messaging gateway without the need to create, deploy, or manage end-user encryption keys and software. It offers send-to-anyone capability, corporate-defined policy management, and remains transparent to end users.

"Zix VPM has proven to be an ideal solution for a variety of business sectors that handle sensitive information, including securing HIPAA information for the healthcare community and sensitive account numbers and other private data for the financial community," said Nigel Johnson for Zix. "We currently have more than 200 Zix VPM customers and 300,000 contracted seats, and encrypted messages have been sent to more than four million unique addresses through our Zix Data Center using our Best Method of Delivery. The enhancements to this latest version help expand functionality and provide a flexible, easy-to-use solution, while continuing to provide accelerated installation for a system-wide encryption solution."