Messaging security service provider Postini Inc has extended the encryption capabilities of its managed email security services, and developed a system it calls federated encryption, which it says should provide organizations and consumers with a new level of flexibility and ease of use in the way they handle encrypted email messaging.
The company said it has enhanced the capability of its managed email services to support the TLS (transport layer security) encryption standard used to secure email messages which are automatically decrypted, filtered, and re-encrypted as they are sent and received. We’ve supported TLS for the past 18 months or so. But we’ve now enhanced our TLS capability in that it is integrated with a flexible policy framework that will allow more policy-based controls for server to server connections Andrew Lochart of Postini said.
The addition of the new Connection Security Module enforces mandatory domain-level TLS connections, restricts connections that cannot be encrypted, and generates alerts when TLS policy cannot be enforced.
We have also added another message encryption alternative which encrypts the message itself, rather than securing the connection Lochart added. For this feature the San Carlos, California-based vendor has turned to Zix Corp, the Dallas, Texas-based supplier of ZixMail and other email encryption technologies.
With the incorporation of a new Zix Encryption Module into its service portfolio, organizations using Postini managed services can opt to approach email encryption in a different manner from how TLS is used. With Zix, Postini holds the encrypted email in one of its secure data centers and alerts the recipient to the fact that they have mail, directing them to its secure website to authenticate themselves and then download it. This type of ‘secure-in-post’ messaging is particularly well suited to organizations such as banks that want to communicate securely with customers that do not have encryption know-how, but want safe receipt of account statements and the like Lockhart suggested.
This makes this Postini service comparable with what rival FrontBridge Technologies Inc is offering. It delivers the encrypted mail into the recipient’s mailbox, then has them authenticate on its website, after which they can view it in clear text.
Postini argues that its federated encryption proposal will put some space between it and its rivals, however. The Postini Encryption Manager suite is framed around a common policy framework and a common management platform, and although it eventually will employ numerous encryption options the company says it will do so without customers having to face the complexity, incompatibility, and costs associated with the handling of multiple encryption standards. Encryption Manager supports Zix encryption today, with support for PGP, S/MIME, and other market standard encryption options in the pipe.
In integrating encryption technologies into the Postini data centers we will be acting as a translator between people encrypting messages in whatever standard they want to choose. We want to be seen as having created point interoperability, and that takes us well beyond where our competitors are right now Lockhart claimed. It will let organizations choose their preferred method of email encryption without having to worry about the recipient’s encryption choices, or any of the desktop or gateway-level encryption requirements and key management capabilities that come into play today.
The new encryption services will be charged use the familiar per user per year subscription regime Postini has in place for its core managed email services. Its base TLS encryption service is effectively free, being bundled into the Perimeter Manager enterprise service.