File Share Encryption

 View Only

  • 1.  Can I use SKM for End-to-End Encryption

    Posted Sep 16, 2014 06:30 PM

    Currently, I'm assisting a customer to deploy their Encryption Platform:

    • Encryption Management Server
    • Gateway Email
    • Desktop Encryption
    • Mobile Encryption (iOS & Android devices).

     

    Talking just around Messaging Encryption. Customer wants to build a rule for automatic encryption from the email desktop client (Outlook) to all messages that she send to a named internal users group (all users in this group are provisioned in Encryption Management Server).

    In detail, customer wants:

    • When she send an email to another internal user that belongs to a specific group: Always encrypt
    • When she send an email to another internal user that doesn't belongs to that group: Send in clear text
    • When she send an email to an external user: Send in clear text
    • When she send an email to an external user but with a keyword in subject: Encrypt and deliver using PDF Messenger

    All users have keys in SKM mode . So, I would like to know if this is the best mode for this scenario.

    Administrative premises are:

    • All users need to be able to check encrypted messages on their mobile devices (Android & iOS)
    • Keys (Public and private) must be able to be backed up centrally
    • All users must be able to encrypt automatically (based on rules) or on-demand (using the Encryption Outlook addin), from their desktop computers.

    Customer has Exchange Server 2010. All users use Windows+Outlook computers.

     

    It's Ok to continue using SKM mode keys?

    Thanks

     

    Goltrek

     



  • 2.  RE: Can I use SKM for End-to-End Encryption
    Best Answer

    Posted Sep 17, 2014 03:15 PM

    SKM keys are the preferred choice for having encryption across multiple platforms.  It also will reduce the headaches for the end users having to remember passphrases for keys.

    There is an option in the mail rules to set a rule to include everyone that falls into a specific consumer policy.  That should be a good way to match users from a specific group.  If that rule were moved to the top of the list, the next rule would be the implicit internal 'send clear' rule (No Encryption for Regular Internal Users), which would then send clear for anyone not using the specified consumer policy.

    I think you are on the right track, and SKM would be an appropriate choice.  Let me know if you have any other questions or need further assistance.

     



  • 3.  RE: Can I use SKM for End-to-End Encryption

    Posted Sep 17, 2014 04:35 PM

    Thank you Mike, you're very clear and explicit in your answer.

    Your opinion is very important for me.

     

    Goltrek.