Achieving Operational Excellence in Government IT
<a href=""><IMG SRC="../../../RealMedia/ads/Creatives/Yahoo_Microsite_1c/solution-center.gif" WIDTH=750 HEIGHT=100 BORDER=0></a>
White Papers IT Jobs Events Research Premium Services Training & Certification Media Kit
   subjects:
   Career/Staffing
   CIO Strategies
   Columns
   Data Mining & Business
   Intelligence

   E-Commerce
   Enterprise Applications
   Enterprise Resource
   Planning

  New!Executive Tech
   IT Management Trends
   IT Research
   IT Service Management
   Network & Systems
   Management

   Security
   Definitions
   IT Management
   Editorial Staff

Search Earthweb

internet.commerce
Be a Commerce Partner
Shop Digital Cameras
Find a Consultant
Biz Magazines-Free
Free Networking Mags.
Business Web Hosting
Fax Over IP
Free Server Magazines
Reference Library
Best Deals on PDAs!
Promote Your Website

An Event for Federal, State & Local Government Agencies
IT Management : Columns : Executive Tech

Related Articles
The Unclear Serial Bus -- A USB Mystery
Microsoft .NET Secrets
- IT Service Management Newsletter -
email:
IT Focus
Linux in the Enterprise

For many enterprises, the use of Linux began as a virtual in-house underground movement. Nowadays organizations of all sizes openly embrace the open-source operating system. This special focus series looks at the development of Linux in the enterprise.

Day 1:
Is Linux Really More Secure Than Windows?

Day 2:
So You Want to Switch to Linux?

Day 3:
Linux Cost Savings Add Up

Product Watch
TZ Windows Cleaner - Clean your online & offline activity tracks
Sothink SWF Quicker 1.1 - Flash movie creation tool
XML Push & Phone Messaging Software - XML Push/Pull messaging from remote systems
ShellBrowser Components for Delphi - Explorer components for Delphi
CitraTest - End-To-End Application Response Management Solution

more products >>

Datamation Definitions
data mining
ERP
extranet
grid computing
intranet
network appliance
outsourcing
storage
VPN
virus
FREE Tech Newsletters

SUBSCRIBE TODAY TO NORTEL NETWORKS
ENTERPRISE NEWSLETTER UPDATE. Click Here

How Secure is Your E-mail?
November 3, 2003
By Brian Livingston

Brian Livingston Headlines are flying with stories of incriminating e-mail messages — and the many court cases that have been launched by "discovered" e-mails. That makes this a very good time for you to be securing your corporate communications with new tools.

Perhaps your idea of protecting your e-mail is to exhort your employees not to say anything in a message that would reveal your company's deepest secrets. Or perhaps you're already using more sophisticated practices than this. In either case, there is innovative technology to encrypt and manage your employees' e-mail in ways your employees otherwise couldn't or wouldn't.

Securing and Encrypting Are Two Different Things

It's not necessary to encrypt every message in order to secure your e-mail communications. But it is necessary to encrypt certain messages to certain people in order for you to be sure those messages are secure:

It's Not a 'Get Out of Jail Free' Card. Encrypting your company's messages won't protect you from legal entanglements, such as the e-mails that were introduced as evidence at Microsoft's antitrust trial or in investment banker Frank P. Quattrone's recent "time to clean up those files" trial. Someone will always have saved some readable copy of any e-mail you send. And, in any event, your company may be required by law or custom to preserve readable copies of all e-mails that were sent or received in the course of your business.

It's a Good Measure of Protection Nonetheless. Encrypting can be very important, whether or not you have anything to hide. The purpose of encrypting your messages is not to cover up illegal activity or foil a governmental investigation, but to secure your communications from anyone who might be eavesdropping (including unauthorized in-house staff). E-mails are ordinarily formatted and sent across the wire as plain text, and you might be surprised at how often your co-workers reveal sensitive corporate plans and even network passwords.

While encryption isn't a perfect barrier against e-mails ever being read by the "wrong" people, it's definitely called for in situations where your communications are intended for a small, trusted circle.

The Competition Heats Up

Fortunately, there are innovative developments that are making it a lot easier to secure your e-mail. Starting with the oldest:

PGP Corporate Desktop, from PGP Corp., is the long-time standard in e-mail encryption. After this software has been installed, end users decide which of their outgoing e-mails should be encrypted. The sender's software encrypts each message using the recipient's "public key," a code for which only the recipient has a corresponding decryption key.

FileAssurity OpenPGP 2.0 is a PGP competitor that's due for release within the next two weeks from the upstart company ArticSoft (whose name is a play on "articulated software"). The original 1.0 version was launched only last August. In addition to encrypting e-mails, the new release will have the ability to create compressed ZIP files as well as a secure .pgp file format that can be opened by anyone with a free reader (and the right code), company executives say.

PGP Universal, also from PGP Corp., has broader capabilities than either of the other two alternatives. It automatically encrypts and decrypts e-mails — at the server level, not the user level — between any set of senders and receivers. The list of who shall send and who shall receive secure e-mails is determined by an IT administrator. End users never have to remember to click a button to secure these e-mails before transmitting them. It's done for them in the background. PGP Universal has been commercially available only since mid-September.

Each Product Has Its Boosters and Its Detractors

Steve Mathews, CEO of ArticSoft, said in an interview that FileAssurity is easier for end users to understand and use than PGP Corporate Desktop. The principle of FileAssurity, he said, is "users being able to use security as easily as they might use a courier service [for physical documents]."

FileAssurity has been implemented by a variety of companies from the Union State Bank of New York to the Michigan Public Health Institute, he said.

Stephan Somogyi, the director of products for PGP Corp., said of his company's Corporate Desktop programs that, "They are about as easy to use as current technology permits." End users still need training, he said, adding, "we certainly believe that the ease-of-use can still be improved."

That's one reason Somogyi's enthusiastic about his company's new PGP Universal product. The new software, operating at the server level, allows end users to do their primary jobs, he said. The messages that should and should not be encrypted become "a choice of the IT administrator or whoever is the person making the policy for e-mail."

Somogyi also noted that many companies in the U.S. and abroad want to ensure (or are required by law to ensure) that IT staff can't access and read internal e-mails that are sent from, say, the legal department to the personnel department. PGP Universal is designed to protect e-mails even at this intra-company level, he said.

In response to the need for secure communications without any end user action, ArticSoft officials say they will soon release a new product called Central Administrator. This server-level program will enable admins to set encryption policy without installing any software on client machines, they said.

Conclusion

You may be a novice or a pro at securing information by encryption. In either case, I recommend that you continue learning about the subject by reading an excellent 17-page paper by Ewa Zurawska that's posted at the SANS Institute's GIAC.org site.

If your business communicates any confidential information across the public Internet or your intranet, e-mail encryption is a solution you should implement sooner rather than later.

Small companies may find that products such as Corporate Desktop and FileAssurity are all they need to protect the few, highly sensitive documents they may occasionally transmit. But large enterprises should seriously consider the automatic and corporate-policy–based security provided by the technology of PGP Universal.

Brian Livingston is the editor of Brian's Buzz on Windows and the co-author of "Windows Me Secrets" and nine other books. Send story ideas to him via his contact page.


Executive Tech Archives

Jupitermedia is publisher of the EarthWeb.com networks.
Copyright 2003 Jupitermedia Corporation All Rights Reserved.

Privacy Policy.
Advertise on EarthWeb
http://www.earthweb.com/
http://www.internet.com/