Clash of the e-mail encryptors
E-mail security solutions from PGP, PostX, Sigaba, and Tumbleweed compete on flexibility, power, and ease
Click for larger view.
Registered Envelopes have a couple of features that make them attractive. First, because the user must authenticate back to the PostX server to retrieve the decryption key, this event is logged, providing positive auditing of message retrieval. Second, it allows you to "shred" or lock out keys based on failed log-in attempts or inactivity. The one drawback to Registered Envelopes is that users must be online in order to authenticate and retrieve the key for decryption, but you can optionally allow users to cache the key locally after opening the message, in order to access the message again offline.
Offline Envelopes package the message content and encrypted key together, negating the need for the recipient to be online to read the message. The decryption key is encoded using ARC4 or AES, and the user's name and password unlock the e-mail. As long as your company enforces a strong password policy -- eight or more characters with at least one non-alpha character, for example -- privacy should be sufficiently protected.
PKI Envelopes are available for those with an existing PKI infrastructure. PKI Envelopes have many of the same characteristics as offline envelopes, but security is bolstered by the session key being encrypted using RSA.
Because all of these envelopes rely on Java technology, there is the slight chance that they won't work with a recipient's OS or browser. To combat this, PostX allows the user to choose Open Online, a feature that sends the message back to the PostX server and opens it on the server, where the recipient can read and reply to the e-mail over SSL. For situations where Java is not available -- or stripped out, as in the case of Microsoft Outlook Web Access -- Open Online is a great option. PostX also offers a Windows application that you can install on users' desktops, if security requires messages to be encrypted at the client, or if you simply want to speed up the process by handling encryption and decryption automatically in the background.