|
 Messaging Server - benefits
| Messaging Server - delivery and mailclients
|
Messaging Server - basic functioning |
| |
Risk Mitigation vs. Productivity—Automation is Key |
Regardless of the types of messaging environments in use, for email to succeed as a medium of communication for sensitive information, it must have security capabilities that are comparable to those provided in the meta physical world. However, security functionality by itself is not enough, users must actually ‘use’ it. While a Compliance Officer or Chief Security Officer (CSO) is naturally most concerned about mitigating exposure to risks or non-compliance, they must also uphold the productivity of the organization. To remain successful, security must be easy-to-use and seamless/interoperable with the messaging environments of desired recipients, so that users do not have to change the way they work to securely collaborate and exchange information. They must not be required to understand the inner workings of email security or even make decisions about what to encrypt, and when, or for whom.
Entrust Entelligence Messaging Server (EMS) is a core component of Entrust’s Email Security Solution that can address many of the issues and requirements of sending secure email to employees and business partners. It is based on an appliance-based server that streamlines deployment and management. The Messaging Server architecture provides flexible secure delivery methods such as a secure web mail interface, is based on open standards, and integrates with other boundary services such as anti-virus, anti-spam and content monitoring and analysis technology.
|
Some Key Features of EMS |
 |
Web-based configuration and user administration |
|
Single or multi-node appliance architecture with built-in clustering capability |
|
Customer-controlled software update and migration service |
|
Flexible secure delivery — per recipient, per domain, and system default |
|
Interoperability with external S/MIME-based and OpenPGP-based secure email users |
|
Automated credential management for S/MIME and OpenPGP, based on key and certificate harvesting |
|
Integration with content monitoring and analysis services, enabling filtering of encrypted mail |
|
Interoperability with certification authority from Microsoft or Entrust |
|
Support for native Lotus Notes security format and identities |
|
Basic functioning |
Entrust Entelligence Messaging Server allows multiple email encryption deployment models and flexible delivery options to suit both internal and external user requirements. The Messaging Server appliance hosts an email encryption application. The application encrypts email messages on the server side before sending them to recipients. This behavior contrasts with many competitive email encryption solutions in which email encryption is completed on the client side.
In an End-to-End encryption scenario for example, the Messaging Server user sends an email to a recipient. The email is encrypted for Messaging Server, sent to Messaging Server where it is re-encrypted for the intended recipient and then sent to the recipient. The sender does not need to exchange encryption keys with the recipient, or even know the recipient’s type of email application or preferred method of secure delivery in order to send a secured message, while content scanning and other compliance securing measurements can be done on the unencrypted Mail.
|
|
|
|
|
Harvesting of S/MIME and PGP Keys |
Although S/MIME and OpenPGP security technologies are built into the majority of deployed mail clients, they are still perceived to be difficult to use. One of the primary challenges to email encryption adoption is key exchange — in other words, how to get the certificate of the person for whom you wish to encrypt. Individual key exchanges are relatively simple, but don’t scale well in large organizations. Certificate searches in LDAP directories are also possible, but most organizations are unwilling to open their directories up to the Internet.
The Entrust Entelligence Messaging Server finds the middle ground between the above two scenarios by supporting “harvesting”:
- if a recipient’s key or certificate is not available in the directory or local repository, Messaging Server will send an email to the recipient requesting a certificate
- the recipient replies to the request and digitally signs the message
- upon receipt of the signed reply, Messaging Server extracts the certificate and stores it in the repository for use in future correspondences with that recipient by any user within the organization;
- several models are available for establishing trust in harvested certificates
- queued messages are securely delivered using the retrieved certificate
In addition to 'harvesting' existing credentials, the latest version of Entrust Entelligence Messaging Server can generate S/MIME credentials for external users that do not already have S/MIME certificates.
Management of external certificates
The Messaging Server can efficiently manage external certificates. In many e-mail encryption systems a user sending an encrypted message to an external unknown recipient would send a verbal or written request to the recipient to obtain their encryption certificate. Even after the user has an external recipient's certificate, it may expire over time without the user's knowledge. Using the Messaging Server, requests are sent automatically to unknown recipients asking for their email encryption certificates. After recipients send back their certificates (usually by clicking 'reply'), the Messaging Server places them in its database for future email encryption use by other users in your organization. The Messaging Server administrators centrally manage the database and keep the external certificates updated.
|
Certification Authority (On-Board, MS, Entrust) |
The Messaging Server includes an on-board Certification Authority that can seamlessly issue certificates on behalf of internal users and is automatically configured during system startup.
- Create S/MIME (or OpenPGP) proxy certificates for internal users
- Harvest S/MIME (or OpenPGP) certificates from external users
- Create S/MIME certificates for external users
- Importing of existing internal end user credentials
- Integrate EMS with off-board Entrust CA
- Enhanced Open PGP support with OSK export
Often solution providers are positioned against “PKI” complexity, but with EMS you gain the full advantage of having a CA while fully automating credential management.
Support for Offboard Microsoft Certification Authority and Entrust Authority Security Manager
The Messaging Server supports email encryption for email security customers who have deployed certificates from the Microsoft CA or Entrust Authority Security Manager to their internal users. The Messaging Server also supports retrieval of external S/MIME certificates and OpenPGP encryption keys from external users.
|
Web-based secure email |
The Messaging Server product offers secure web-based email to reach recipients that are uncomfortable using S/MIME or OpenPGP. This capability enables users to view encrypted emails through their Web browsers and reply to them. Two deployment models are available to suit customer preferences: WebMail Pull and WebMail Push. With WebMail Pull users receive a notification message indicating that a secure email is available for viewing by clicking on a URL. With WebMail Push the entire message contents are delivered in encrypted form to the recipient and are decrypted upon successful authentication.
|
|
|
|
|
|
|
