5 checks to ensure a secure email system: You need to ensure that recipient’s email address is accurate. You need to ensure that only the intended recipient can open the email - and not somebody else within the household/office. You need to ensure that the email has not been read, changed or tampered with by others on its way to the recipient. You need to ensure the recipient that the originator actually sent the email, not somebody else. You need to provide the recipient a secure way to reply.

Secure E-Mail

Separate Authentication From Encryption, Get A Messaging Security Advantage

 

Traditional approaches to messaging security don't satisfy the requirements of a true enterprise solution.

The Internet is today’s defacto communication standard, and enterprise users from clerks to CEOs depend on it daily for the flow of critical and sensitive information. Yet traditional approaches to messaging security satisfy only a subset of the requirements necessary for a true enterprise solution. In particular:

• Password-based solutions that rely on a password to encrypt data compromise security to a point where they do not offer reliable protection of data.
• PKI variation solutions such as PKI/S-MIME and PGP use either difficult and user-unfriendly digital certificates, or equally complicated public/private keys. As a result they suffer from varying degrees of difficulty. Their inability to properly scale is an additional burden that has kept them from being adopted, despite their long-term presence in the security industry.
• Web-based solutions that take advantage of HTTP and Web browser security cause a change in end-user behavior, that is so significant that they have not been readily adopted.

In order for businesses to communicate safely without risking a serious breach in security, they must look beyond point solutions and implement a secure architecture. Security solution providers are now utilizing an architectural approach to create a practical messaging security solution for businesses. An important feature is that these architectures separate authentication and encryption services.

This type of architecture supports single sign-on, in which a user can log in once to the authentication system and can then interact with any application that has a trusted relationship with that system, which is aptly named the separated/federated model. End users are not bothered with multiple logins and businesses can communicate safely without worry.

Authentication Services

Authentication is most valuable when it forms the basis for enforcing access control rules. It takes place both within an organization and among multiple organizations. This can mean multiple login credentials for end users, and massive headaches for administrators who need to synchronize authentication databases and constantly manage password reset requests. Authentication Services overcome this problem and simplified the secure communication process.

Technology must first enable an organization to quickly implement its new business relationships by leveraging existing identities. The solution needs to provide an interface to all identity or authentication infrastructures, so that there is no need for businesses to change current identity systems or synchronize multiple databases for secure messaging.

And, by separating key management from authentication, the authentication solution allows the end-user to create a network of trust among various authentication sources and types, both inside the organization and with business partners.

Key Services

A critical component of the security architecture is the key server, which enables the rightful owner of information designate the individuals who can view it. In order to accomplish this in the most useful and scalable fashion, a distributed key server technology that allows encryption keys must be utilized, and should be managed separately from the encrypted content. This innovative idea allows strong encryption and, in combination with the authentication server, enables federated authentication.

At the core of this concept is a collection of services that create, store and deliver keys to authenticated and authorized requesters. The key server performs its operations according to the strictest security requirements and, because it manages keys instead of content, administrative costs are minimal. This enables an organization to build an industrial-strength, efficient service with high availability and scalability. Additionally, since it uses industry-standard protocols, integration into a business’ existing IT infrastructure is effortless.

This unique architecture will offer auditing, scalability, protection of keys, and minimal performance impact in the context of the overall application. The decoupling of encryption from authentication provides the following benefits:

• Encryption algorithm agnostic — the system is not tied to a specific encryption algorithm
• Authentication agnostic — an organization with an existing authentication solution can continue to leverage its investment in the solution
• Sender control — the sender of any message always retains control of the message and the key, and can change/destroy the message she or he sent out as needed
• Efficiency — because the encryption key size is constant, regardless of data or message size, the key server will scale linearly, compared to the PKI variation solutions which scale exponentially
• Application agnostic — the technology can provide its encryption and authentication to any application (email, statements, IM, and wireless messaging are but a start)

Regulatory compliance and business requirements are forcing organizations to adopt a messaging security solution. However, the limitations of past approaches make implementing them expensive and impractical when attempting to satisfy both.

By separating authentication and key services, the messaging security solution helps organizations meet current security needs and offers extensibility, scalability, and auditability, for future needs. This type of solution is secure, flexible, and vital for the organization as it grows.