|
|
|
 |
Encryption & Digital Signature
|
|
|
|
|
|
|
|
 |
E-mail confidentiality and authenticity
|
|
|
Confidential business information is more and more frequently exchanged over the internet via e-mail, creating requirements for security measures that ensure confidentiality and verify authorship.
These requirements are met through the use of encryption and digital signatures. Encryption ensures that an e-mail can only be read by the desired recipient. A digital signature ensures that an e-mail has truly originated from the identified sender, and that its content has not been modified. Digital signatures also allow e-mails to be treated as legally valid correspondence.
|
|
|
Encryption, viruses and spam benefit from a centralized approach
|
|
|
Functions for encryption, decryption and digital signature endorsement are ideally implemented centrally on the mail server according to corporate guidelines. This significantly simplifies administration and results in a higher level of enterprise control over the e-mail process.
The ability to check e-mails for viruses and content during encryption and decryption is another benefit. When client-based encryption is used, it's not possible to run such checks centrally because e-mails have already been encrypted by the time they get to the server.
As a global approach for the enterprise, client-based encryption is also rather inefficient. Separate encryption keys for each user must be created and administered. Keys must be invalidated when employees leave the business, making earlier e-mail correspondence unreadable. In the context of archiving regulations, this can lead to substantial difficulties.
These risks are avoided when the encryption process is server-based. Training to make sure users know how to use encryption functions properly is also eliminated. In a server-based encryption implementation, only one encryption key is needed for every cryptography algorithm used by the organization.
Shirking the encryption issue is also no solution. Once sensitive data is sent via unencrypted e-mail, unauthorized distribution of the information becomes a tangible risk. This could be in direct violation of corporate data security guidelines.
|
|
|
The iQ.Suite approach
|
|
|
With iQ.Suite, each outgoing e-mail is first scanned for viruses and spam and then archived before being encrypted and delivered. The process is slightly different for incoming e-mails: first decryption, then virus and content checks, and then archiving and delivery. In this way, all important security checks are made with minimal administrator effort before an outgoing e-mail leaves the house or an incoming e-mail reaches its recipient.
iQ.Suite Crypt, the encryption module of iQ.Suite, provides server-side encryption and decryption functionality and supports parallel usage of all of today's standard cryptographic algorithms. Rules defined by the administrator specify the type of cryptography to use for each user or group. The server-side approach eliminates the ongoing complexities associated with creating and maintaining separate encryption keys for each user, and the work associated with managing a Public Key Infrastructure (PKI) for the bulk of standard users. Existing PKIs can be easily connected to the solution, and when requirements for especially high security exist, for example between specific departments, individual keys can also be used.
In the European Union, guidelines for the implementation of electronic signatures are defined by Directive 1999/93/EG. In Germany, this directive has been enacted by the Signaturgesetz (SigG) and its accompanying Signaturverordnung (SigV). The Office of Telecommunication and Postal Regulation is responsible in all matters of the SigG.
iQ.Suite Trust, the digital signature module of iQ.Suite, provides server-side digital signature functions that meet the requirements of both the EU and German regulations. The module creates and administers the certified pairs of keys that are used to produce digital signatures.
iQ.Suite Trust also acts as the central certifying body for the organization, freeing registration and certification processes from dependence on external authorities and allowing them to be implemented according to corporate guidelines. Administration is simplified and in the long-run less expensive. iQ.Suite Trust can be used in conjunction with iQ.Suite Crypt to create a complete server-based encryption and digital signature solution, or can be used alone to meet independent digital signature requirements.
|
|
|
Benefits of the iQ.Suite approach
|
|
|
- Eliminates the recurring investments associated with creating and maintaining encryption key infrastructures
- Eliminates the deployment of client encryption software and corresponding user education
- Provides centralized, server-based e-mail security without user interaction
- Makes it possible to combine encryption with virus and spam protection to create an integrated e-mail business process
- Generates higher productivity, has a low total cost of ownership and provides a fast return on investment
- Ensures the security of your software investment with regular major releases
|
|
|
Read more about iQ.Suite's encryption and digital signature modules:
|
|
|
|
|
|
|
|
|
