Clash of the e-mail encryptors
E-mail security solutions from PGP, PostX, Sigaba, and Tumbleweed compete on flexibility, power, and ease
Depending on the mail client your company is using, and whether you want to encrypt at the desktop or at the gateway, you may or may not need to deploy PGP Universal’s desktop application, PGP Satellite. Satellite handles encryption and decryption of messages automatically in the background on the user's Windows PC or Mac. If your company is using Microsoft Outlook and IMAP, and encrypting at the gateway is good enough, Satellite isn't strictly necessary. However, if your users plan on sending and receiving mail through Microsoft Outlook Web Access, then PGP Satellite is a must.
Universal is not the Swiss army knife of e-mail security products, nor is it meant to be. What you get is a scalable, high-performance platform for providing rock-solid, end-to-end encryption, via S/MIME or TLS. Universal comes with a wide range of ciphers, including AES, CAST, IDEA, Twofish, and 3DES. Clients can manage their own keys, and you can expire keys automatically after a specified period of inactivity. Optionally, Universal comes with Norton AntiVirus for scanning file attachments as they pass through the gateway. You can also create a list of file types to block, such as preventing users from mailing .exe or MP3 files.
If you were to compare PGP Universal against the other products in this review strictly on the number of clickable items in the user interface, Universal would be a distant last – but that isn’t necessarily a bad thing. PGP Universal’s clean and easy-to-navigate GUI hides complexity, abstracting much of the domain and policy management required by other products. Defining mail domains and choosing the default encryption and signing settings is literally a three-step process, allowing you to manage more domains with less chance of error.
I was able to create policies for two domains in my test bed in a matter of minutes, one for the local domain, which included Universal, and one for my external domain. For each domain, I could choose whether to encrypt all mail or none, and whether digital signatures were required. Unfortunately, you don’t get the super-granular policy management found in PostX and Tumbleweed.
Universal provides a number of ways to handle messages sent to "untrusted" users, or users who don’t already have a key. You can bounce the mail back to the sender, send it through unencrypted, send it with a link back to the Web-based Web Messenger portal, or send it with a Smart Trailer. A message with a Smart Trailer is sent in the clear, but includes a link to a Web page where the user can enroll and create a key.
Web Messenger is the most graceful way to send mail to new users. An e-mail from the Web Messenger service lets the recipient know there is a secured message waiting for them. A link takes them back to the SSL-secured Web portal, where they then create an account, log in, and download the PGP Satellite client. They can then read and reply to the message and download any attachments. Unlike PostX and Tumbleweed’s mail portals, PGP's does not allow users to create new mail or manage folders.
PostX Enterprise Platform 5.0