Clash of the e-mail encryptors
E-mail security solutions from PGP, PostX, Sigaba, and Tumbleweed compete on flexibility, power, and ease
In this roundup, I reviewed four solutions that provide excellent end-to-end mail security. PGP Universal, PostX Enterprise Platform 5.0, Sigaba Secure Email 5.0, and Tumbleweed Secure Messenger 6.0 all handled my test scenarios without a problem, securely delivering encrypted e-mail to both standard mail clients and to SSL-secured Web portals.
All four products install on a server separate from your mail server, acting as a proxy for all inbound and outbound traffic. Because they sit directly in the mail stream, they have the opportunity to do additional processing on the messages. For example, both PostX and Tumbleweed come with very flexible and powerful mail-routing capabilities. As messages move in or out of the gateway, they can be blocked or diverted based on header information and message contents. With some forethought, you can automate a lot of your mail processing. All four vendors allow you to scan for viruses at the gateway as well as enforce some level of content filtering.
Click for larger view.
Another important consideration, especially for federal government agencies and companies doing business with them, is whether the product has received FIPS (Federal Information Processing Standards) 140 validation. Created by the National Institute of Standards and Technology (NIST), FIPS 140 is a U.S. government standard for cryptographic products. Only PGP has been validated to FIPS 140-2, with Sigaba and Tumbleweed each validated at FIPS 140-1. PostX does use RSA cryptos that have been validated at FIPS 140-1, but as a whole, PostX is still undergoing FIPS validation.
Finally, it's also important to consider how users are added and removed from the system, and what kind of auditing and reporting is included. Should users be allowed to auto-enroll in the system? PostX, Sigaba, and Tumbleweed allow new users to create accounts automatically, while PGP restricts deliveries to previously validated e-mail users. All four vendors provide some form of logging and reporting, with PostX and Tumbleweed providing the most comprehensive capabilities here.
PGP Universal is a pure e-mail security product, providing mail encryption, anti-virus scanning, and attachment filtering, along with PGP’s zero-footprint Web-mail interface, Web Messenger. While you don’t get the e-mail routing engine or secure statement delivery offered in PostX and Sigaba, Universal does allow administrators to easily create different encryption and signing policies for various mail domains and quickly manage individual user’s keys.