For companies that want to encrypt outbound e-mail without burdening recipients with client requirements, both PostX Corp.s PostX Trusted Enterprise and Voltage Security Inc.s SecureMail do a good job of providing simple-to-use solutions.
Trusted Enterprise 5.0 and SecureMail 1.5 made it easy for recipients to receive encrypted e-mail in eWEEK Labs tests. We found that Trusted Enterprise provides better management tools and is more extensible, but its more complex than SecureMail. SecureMail integrates well with Microsoft Corp.s Outlook to simplify the step of encrypting e-mail at the senders desktop, but it needs better tools for auditing communications.
Trusted Enterprise is priced at $35,000 for a redundant server implementation. SecureMail starts at $75,000 for 250 client licenses and an unlimited number of recipient licenses. SecureMails license scenario allows 250 internal users to generate encrypted messages that can be read by an unlimited number of external recipients through the Voltage Zero Download Messenger client.
Both applications, which shipped in August, can encrypt e-mail messages inside the firewall and point the recipient to a Web server that delivers the encrypted message to the recipient. In addition, Trusted Enterprise can deliver an encrypted envelope that can be decrypted and viewed offline without additional client software.
Competitors such as Liquid Machines Inc.s Email Control (formerly Omniva Policy Manager) do support policy-based encryption.
The approach PostX takes toward secure delivery with Trusted Enterprise differs considerably from Voltages in that Trusted Enterprise works with PostXs Trusted E-Business to deliver account statements.
This difference was evident in our tests: Trusted Enterprise includes components for encrypting and decrypting e-mail, managing keys, enrolling users and providing access to hosted mailboxes. Companies have flexible options for delivering messages to recipients in different ways.
We tested the system with the hosted mailbox component, called WebSafe, and the enrollment system, called Enroll. Regardless of the message delivery system, Trusted Enterprise does require users to enroll or have a directory-based account.
On the message delivery side, we deployed the system so that users would receive encrypted messages as HTML, with a signed Java applet managing the key exchange and decryption between the server and recipient. Trusted Enterprise also supports S/MIME (Secure Multipurpose Internet Mail Extension) for authentication, so trusted partners can exchange messages securely at the gateway.
With the WebSafe server, administrators have a way to track recipients opened messages as well as failed authentication attempts. The opened e-mail message also includes a secure reply link so recipients can encrypt responses.
Overall, the management tools give administrators good control over application components, generating reports and managing users, keys and certificates. If users forget their passwords for old envelope messages, administrators must manually recover the key through the console.
On the reporting side, we liked the report builder within the system. It allowed us to quickly generate reports on a number of criteria—something SecureMail lacks. The one downside of the way the management console works is that administrators need to create reports; there isnt a report-only console for auditors who will need to monitor communications. This capability has been added to a forthcoming update, PostX officials said.
SecureMail differs from Trusted Enterprise in that users send secure communications to recipients via an HTML message that authenticates the recipient against the senders Voltage Policy Server or can be read using a downloadable SecureMail reader, rather than through enrollment and using a Java applet to decrypt messages. We found Voltages Zero Download Messenger much simpler than the trusted-messaging method used by PostX, although it also operates under the assumption the user will open an HTML e-mail.
Architecturally, Voltage takes a different approach with SecureMail. As with Trusted Enterprise, users run a plug-in for Outlook or IBMs Lotus Notes that provides the ability to encrypt a message when sending it. SecureMail differs in that two servers manage the keys and decryption process, with the Policy Suite Server managing the master key behind the firewall and the Public Parameter Server outside the firewall authenticating recipients.
SecureMails sender features are easy to use. We could send encrypted messages directly from the Policy Server through the Web browser. Voltage also has a Windows-based IdentityManager client that allows administrators to manage identities on a client system as well as encrypt and decrypt content in the Windows clipboard.
From an administrative standpoint, the Web-based console gives administrators good control over managing SecureMail. We could create multiple districts based on domains, and we particularly liked the tool that allowed us to easily save, back up and restore server states to a single file. This ability also makes it easy to apply settings from one district to another.
SecureMail supports trusted districts, simplifying encrypted communications between partners as well as ensuring that communications to particular domains are always encrypted. Administrators can also configure message size to ensure that Zero Download Messenger users do not violate message-size policies.
The biggest administrative shortcoming is in reporting. The server captures a limited amount of information, and this information is stored in a couple of log files, so administrators have to do considerable work to isolate particular events.