Secure Messaging: Email Encryption Software

The Proofpoint Secure Messaging™ module adds powerful, policy-based email encryption software to your deployment. Proofpoint's powerful, policy-driven encryption features help mitigate the risks associated with regulatory violations, data loss and corporate policy violations by applying encryption automatically based on customizable policies.

Benefits of Encrypted Email Communication

Makes ad hoc, secure communication just as easy as traditional, non-encrypted messaging.

Automatically and dynamically applies encryption or decryption based on your organization's policies, right at the gateway. Your compliance and content security policies are consistently and accurately applied on an as-needed basis.

End-users can easily view their encrypted email through an easy-to-use web-based interface or desktop client.

Identity-based encryption technology eliminates the certificate lifecycle and key management hassles that accompany other encryption solutions.

"Identity theft is a top concern for consumers right now, so we can't let their credit card information get into the wrong hands. Proofpoint is extremely accurate at detecting any sensitive information that's being sent out and it allows us to automatically encrypt that data so it's always safe."
- Steven Romero, Systems Engineer, Outback Steakhouse

Download Encrypted Email Case Study (PDF) »

Webinar: How Do I Protect and Secure Private Data?
White Paper: Email Encryption Made Easy - The Advantages of Identity-based Encryption

Encrypted email is commonly used to transmit sensitive or confidential information-including operational data, trade secrets, legal documents, financial information, and personal healthcare and identity information-both inside and outside the enterprise.

The need to secure this confidential information—and comply with a growing body of regulations that govern the transmission of private data—have made policy-based encrypted email a "must have" feature of a complete messaging security solution. The Proofpoint Secure Messaging module meets these requirements with the industry's most powerful and flexible solution for policy-driven secure messaging.

Policy-driven secure messaging

Training end-users in the proper use of encryption systems can be a significant barrier to successful deployment of traditional secure messaging solutions. But Proofpoint Secure Messaging is much easier to use and manage. Proofpoint's secure messaging solution automatically and dynamically applies encryption or decryption based on your organization's policies, right at the gateway. As a result, end-users don't need to take any special actions to take advantage of encryption features and your compliance and content security policies are consistently and accurately applied on an as-needed basis.

Easy to administer

Unlike alternative approaches (such as PKI) to encrypted email, Proofpoint's identity based email encryption software features provide effective protection for sensitive information without the administrative burdens and infrastructure costs typically associated with secure messaging.

Easy policy management: All encryption policies—whether they are driven by regulatory compliance, data security or internal corporate concerns—are centrally managed and enforced at the gateway. The Proofpoint Messaging Security Console provides a convenient graphical interface for defining encryption policies, which can be triggered based on message content identified by the Proofpoint Regulatory Compliance, Proofpoint Content Compliance or Proofpoint Digital Asset Security modules.
Simplified key and certificate management: Using Voltage Security's IBE (Identity-Based Encryption) technology, public keys are generated on-demand, eliminating the daunting certificate lifecycle and key management requirements of other encryption solutions. Ongoing maintenance of certificates and Certificate Revocation Lists (CRLs) is not required.
Minimal data storage and archive requirements: Proofpoint Secure Messaging also simplifies the storage, backup and recovery overhead usually associated with message encryption. Using IBE, messages and keys do not need to be backed up or stored for extended periods of time.

Easy to use

Proofpoint Secure Messaging operates transparently to end-users without requiring software downloads or the installation and maintenance of desktop encryption clients. Proofpoint's encryption solution automatically encrypts and decrypts sensitive content as required, without end-users having to use and manage complicated digital certificates or encryption keys.

Low total cost-of-ownership

The Proofpoint Secure Messaging module seamlessly interfaces with other Proofpoint modules including Proofpoint Regulatory Compliance and Proofpoint Digital Asset Security. Easy deployment and minimal ongoing management requirements greatly reduce the ongoing costs associated with managing your secure messaging solution. And Proofpoint's unparalleled ease-of-use for end-users minimizes support, training and helpdesk costs.

Extremely granular control of encryption policies

As in Proofpoint's anti-spam, anti-virus and content security modules, secure messaging policies are managed and enforced on an enterprise level from a single location, using the Proofpoint Messaging Security Console. Once defined, enterprise encryption policies are applied automatically at the gateway, eliminating the risk of user error.

Message encryption policies can be extremely granular—encryption can be triggered by any combination of:

Structured data matches: Such as the presence of protected healthcare or financial information such as HIPAA codes, ABA routing numbers, credit card numbers and social security numbers as detected by the Proofpoint Regulatory Compliance module.
Unstructured data matches: Such as the presence of confidential information as detected by the Proofpoint Digital Asset Security module.
Keywords and regular expressions found in the subject line or content of messages as defined in the Proofpoint Content Compliance module.
Message origin or destination: Encrypt messages based on destination (e.g., a specific business partner or supplier) or sender. Messages can also be encrypted based on other message attributes such as attachment type.

Apply inbound policies to encrypted messages

Email can also be decrypted at the gateway, allowing Proofpoint's anti-spam, anti-virus and content compliance policies to be applied to encrypted email before it is delivered to end-users, ensuring that encrypted spam, malware and non-compliant messages are properly handled.

Download the Proofpoint white paper Encryption Made Easy to learn about the advantages of identity-based email encryption software over PKI.

The Proofpoint Secure Messaging module is powered by Identity-Based Encryption (IBE) technology from Voltage Security. Voltage IBE is a public key cryptography system that uses common identities-such as an email address-as public keys, eliminating the need for certificates, Certificate Revocation Lists and other costly infrastructure.

The result is a powerful encryption solution that is easy to implement and easy to manage, without the overhead and cost inherent in traditional security solutions.

How does IBE work?

Any user can communicate securely with any other user by using the recipient's email address as the encryption (or public) key. Decryption (or private) keys are generated by the Proofpoint Secure Messaging module on an as-needed basis. These keys can be recreated at any time, eliminating the need to archive or store decryption keys.

These basic properties allow for a secure messaging environment where certificates are never required and users need to know nothing other than their email addresses.

Summary Comparison of Secure Messaging Solutions

Key Features	Proofpoint Secure Messaging	PKI-based Solutions	Webmail-based Solutions	Symmetric Solutions
Usability
Scalability
Authentication Options
Ad-hoc Messaging
Disaster Recovery
Integration with Inbound Anti-virus, Anti-spam, Content Filtering

The table above summarizes the key differences between Proofpoint Secure Messaging and other email encryption solutions. These solutions can be differentiated along six important criteria.

Usability

Proofpoint's solution eliminates the need to use certificates, certificate revocation lists and all the costly and complex infrastructure associated with PKI systems. As a result, it is substantially easier to use and offers a much lower total cost-of-ownership.

Scalability

Each type of solution scales differently because each approach requires different sorts of information to be stored. The relatively high storage requirements associated with most solutions create a variety of disaster recovery, retention and backup problems (which are not shared by Proofpoint Secure Messaging):

With PKI solutions, you need to create keys as well as store and distribute certificates and revocation lists, which become onerous to manage over time.
In webmail-based systems, all messages are sent to a separate inbox that resides in a parallel messaging architecture. This parallel mail infrastructure needs to store all messages and archive them.
With symmetric solutions, keys are issued for every user and every message. This means that an online server must be available to encrypt and decrypt messages.

Authentication

Authentication is central to any encryption system. Proofpoint provides the widest array of options for authentication, including RSA SecureID, email answerback, question and answer, PIN/password, Active Directory, LDAP and custom adaptors. Most other solutions provide very limited integration capabilities for authentication.

Ad-hoc Messaging

Being able to send secure messages to recipients with whom you have never corresponded is a key requirement. Most solutions require pre-registration or the creation of additional, redundant credentials-which cannot be backed up-before encrypted messaging can be enabled. Proofpoint Secure Messaging was designed from the ground up to simplify this scenario and requires no user pre-registration nor software download to receive messages.

Disaster Recovery

Most solutions require the storage of information pertaining to certificates, credentials, users and messages in order to encrypt. With Proofpoint Secure Messaging, none of this information ever has to be centrally stored, which makes it very easy to restore after a disaster.

Integration with Inbound Message Scanning Services

Proofpoint is one of the only solutions to provide complete, end-to-end, content-level encryption with the ability to scan messages for viruses, spam or content compliance and to archive messages in the clear (i.e., in their unencrypted form).

Kawasaki Motors Manufacturing Corp.

Kawasaki stops spam and viruses and protects against leaks of valuable intellectual property with the Proofpoint Messaging Security Gateway.
Download (149k pdf)

Outback Steakhouse

Restaurant chain Outback Steakhouse grills spam and viruses with the Proofpoint Messaging Security Gateway anti-spam appliance. Outback also protects sensitive customer information in outbound email using Proofpoint's Regulatory Compliance and Secure Messaging modules.
Download outbound case study (364k)

Meadville Medical Center

This 1300 employee hospital uses Proofpoint Regulatory Compliance and Secure Messaging modules to ensure the security of protected health information - and HIPAA compliance - by automatically encrypting email that contains sensitive PHI before transmission.
Download (102k pdf)

MedCentral Health System

This Ohio-based hospital system keeps 3000 inboxes secure against spam and HIPAA compliance violations using the Proofpoint messaging security appliance.
Download (115k pdf)

Placer County Office of Education

California's fastest-growing school districts keep student information secure-while blocking spam and viruses-using Proofpoint's inbound & outbound email security modules.
Download (112k pdf)