Page 11 - Cyber Warnings - November 2015
P. 11
validity of the certificate. Certificate servers such as www.globaltrustpoint.com collate and validate
certificates from the CA servers.
S/MIME is supported by all popular email clients and has become the standard in the business
world. Because obtaining an S/MIME certificate can involve cost, most private users utilize
OpenPGP based encryption which requires usually free 3rd party software.
Both S/MIME and OpenPGP use a key pair which consists of an encryption and decryption key. The
encryption key is public and must be made available to the message sender whereas the recipient
keeps hold of the private decryption key.
Only the holder of the private key can decrypt messages encrypted with the public key. The public
key also contains information which can be used to check the authenticity and validity of the key.
Certificate Management Challenge
It becomes clear that the real challenge for businesses is not the encryption itself, but the
management of the private and public keys. Private keys for employees have to be protected,
issued and revoked when staff join and leave the company whilst their public keys have to be made
available to communication partners.
At the same time the public keys from communication partners have to be made available to
employees.
Throw into the mix the fact that many communication partners may be using OpenPGP keys and
the scalability of key management suddenly becomes a problem. Public keys from communication
partners have to be searched for, saved, validated and checked against revocation lists in real time.
The PKI challenge is to automate the full key management and make it fully transparent to
employees.
Centrally applied encryption with Policies
Encryption and security is only guaranteed when it is applied every time it is required. Removing the
encryption decision and the key management from employees and making the encryption process
automated and invisible guarantees security and compliance.
The solution is “Secure Email Gateways”. These fully automate the key management and use
configurable policies to ensure that encryption is applied when it is required.
Secure Email Gateways deliver a number of key advantages to businesses. Their centralized
deployment removes the need for any end-user software and training. Emails are en-/decrypted
automatically and all keys are managed centrally. Keys from 3rd parties are checked to ensure that
they are valid and employee's keys are made available to communication partners.
But one of the key advantages delivered by Secure Email Gateways, is the ability to communicate
securely with any partner regardless as to whether they are using S/MIME, OpenPGP or do not
have any encryption software installed at all.
11 Cyber Warnings E-Magazine – November 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide