Review: 3 e-mail encryption packages help businesses stay secure
We look at 3 products which will safeguard your e-mail while being both easy to use and easy to afford.Follow @infoworld
You probably know by now that any e-mail that isn't encrypted traverses the Internet in clear text that can easily be viewed with little skill and just some patience. So what are you doing to protect your company's sensitive e-mail?
The right way is to encrypt e-mail messages in their entire path from sender to receiver. You also need to digitally sign them, to ensure that no one else has tampered with them in transit.
[ Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. ]
The problem is that, not long ago, encryption products had two big drawbacks. First, they required a lot of effort devoted towards key management tasks to make sure that everyone's encryption keys were properly exchanged and properly maintained. Public/private key encryption meant that you exchanged the public keys in order to read each other's messages, and in the past this exchange was cumbersome at best. Also, when someone left a corporation, that person's key had to be expired so that they would no longer have access to their e-mail stream.
Second, the products were designed to work between two people who were using a matched set of the same tools. If you sent an encrypted e-mail to some random correspondent who was likely not using any encryption, they couldn't read the message and needed to install the same tool you used to decrypt it.
Today, however, there are a number of low-cost, easy-to-use packages that have gotten around these problems in some clever ways. For this review, I looked at three solutions: Hush Communications' Hushmail for Business, Voltage Security Inc.'s Voltage Secure Network and Connected Gateway and PGP Corp.'s Universal Server.
To test these three products, I created a situation in which a small company had already set up Outlook clients and Microsoft Exchange servers to handle its e-mail and wanted to add a layer of encryption on top of that with as little effort as possible. I assumed the company wanted to be able to send and receive encrypted e-mails to a wide variety of correspondents, and didn't want to install a lot of software on each desktop.
Hush Communications has been around a long time in the encryption world. Its basic business account, which is the least expensive of the three solutions reviewed here, starts at $24 a year per user. (There is also a free personal version that has most of the features found in the business product, with the exception of having your own domain names to send and receive the encrypted e-mails.)
Hush is a completely hosted service: there is nothing to install on the client end, and you just have to set up an e-mail domain on their servers. This can be a plus or a minus depending on your biases toward having your own server on premises. All you need to do is to specify the MX mail account records to point to their mail server for your domain. It lacks the automatic registration for external users that the other vendors offer and the administrative features are spare, but that means that for small companies looking to get started quickly with encryption, Hush is worth taking a closer look.