5 checks to ensure a secure email system: You need to ensure that recipient’s email address is accurate. You need to ensure that only the intended recipient can open the email - and not somebody else within the household/office. You need to ensure that the email has not been read, changed or tampered with by others on its way to the recipient. You need to ensure the recipient that the originator actually sent the email, not somebody else. You need to provide the recipient a secure way to reply.

An Architecture for secure communications

E-mail security is hot. The idea that sensitive information is traveling in e-mails through the unsecured realm of Internet is a security officer’s nightmare.

Something needs to be done, but there is a big confusion about terminology, security requirements and the business’ demand for user-friendly user experiences.

This article introduces the principles and underlying standards for a flexible and scalable security architecture.

Introduction

How to secure the company’s email is on every corporate security officer’s mind. The idea that sensitive information is traveling in the clear across the Internet is a nightmare. But how does one cut through the confusing terminology, security requirements and the business demand for user-friendly user experiences, without losing sight of the need to scale to ever-increasing amounts of traffic, and the needs to support the next generation of communication technologies? Conducting their business securely using their Blackberry and other mobile devices is high on the wish list of the traveling manager, while at the same time Instant Messaging is finding its way to the desktop of the corporate users. And how do you prevent users from sending sensitive information through public messaging services like MSN Messenger, ICQ or Skype?

SAML

Security Assertion Markup Language (SAML) provides a standard to facilitate the exchange of security-relevant information. SAML is based on XML and provides a communication protocol for applications in a community of trust. SAML is the key ingredient for a security infrastructure where the servers for authentication and encryption are separated from each other (see illustration). It is exactly this decoupling which forms the basis for a flexible and scalable security architecture. Because they are often used for authentication as well as for encryption, solutions based on PKI-certificates turn out to be less flexible and demand a lot of organizational procedures for renewal and distribution. But PKI-certificates have proven themselves to be a reliable authentication method and certainly have their place in the new architecture.

 

Federated Authentication

Federated Authentication describes the need for users working in various organizations, who all need to use their own specific authentication methods, but still need to take part in a secured communication community of trust. Think of a pharmaceutical company that maintains relationships with laboratories, production companies, suppliers, the government and other organizations. In such a mix of companies, some would like to protect their investment in PKI-certificates, others have invested in single sign-on infrastructure for authentication, and still others rely on user-id and password. Sigaba’s Federated Authentication services protect your investments in PKI-certificates and S/MIME , allowing different organizations to use their own authentication technologies, while providing a scalable and flexible architecture.