: ENTERPRISE EMAIL SECURITY
PATH-BREAKING CONTROL & SECURITY FOR ENTERPRISE EMAIL
ver since email has become a widely acceptedmedium of official communication within enterprises,its security has been debated for following reasons:1.
Sender is never assured whether the confidentialemails are reaching intended recipients2.
Sender is unaware of future tampering to theemail message due to editing by any of therecipients3.
Sender is not assured on whether theinformation is leaked due to printing of the emailmessage4.
Sender can not control the actions that therecipient might take on the email5.
Sender does not have the definitive emailrecipients’ trail after the email has been sent6.
Sender can not guarantee the security of thecommunication due to un-encrypted messagingThe ownership of any breach of email security has beenalways an onus on the sender of email. With thetraditional Email technologies these email securityconcerns remained unanswered as yet.
Current e-mail threats can be classified as follows:
Lack of sender authentication:
The recipientcannot authenticate the sender of the message, itis very easy to tamper the sender’s email addressand send fraudulent email messages – incorporate set-up this could have devastatingimpact. Imagine receiving an email messageclaiming that it has been sent by the CEO –where in the CEO never sent any such message.
Lack of Email Flow Control:
The sender cannotbe assured that the email he / she sends will berestricted to the choice of recipients. Once theemail is sent – the email may be forwarded,replied, edited and resent. Hence, the sender willhave to rely purely on trusting the recipients andthere is no mechanism to
restrict the flow of the email once it is sent out
Email Message Control:
An email received by anend user is open for various forms of tampering.The sender has no way to control the receiverfrom copying, saving or printing a emailmessage.
Email Content Security:
An email sent comeswith no guarantees of security. Mechanisms forchecking of message integrity and ensuring totalcontent security while in transit are missing –there are no built in encryption schemes in thecurrently available email solutions.
Basically, the sender is not in control of the message – once it is sent out – and the recipient has no way toensure that it was indeed sent by the sender – whoclaims to have sent it.
completely eliminates the abovefundamental security limitations – and provides a verystrong secure email solution. It integrates seamlessly withexisting email infrastructure and provides the followingfeatures:
Access Control Mechanism
, whichdefines what different
“classes of users”
areauthorized to do & what they are not authorized todo.
Flow Control Mechanism
, whichdefines what the recipient can do with the messageafter the message is received – like forwarding andreplying – based on what the sender has set whilesending the message.
Message Control Mechanism
whichdefines what recipient can do with the messageafter the message is received – this pertains torights related to editing, copying, saving andprinting – based on what the sender has set whilesending the message.
Use of AAC (Advanced Access Control) Mechanismto determine what Message Control & Flow Controlrights can be enforced by an end user.
REL-ID 2-way authentication implementation toensure authentication of end users.
Securing of emails using a REL-ID Securedframework. Additional features include emailencryption, email message integrity check, emailclassification etc.
Controlling of Message by definition of MessageControl rights per email message sent.
Control of flow of emails via the definition &enforcement of email flow.
Tracking of email flows