Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Encryption and DLP

Created: 08 Dec 2013 | 6 comments
Atif Mehmood Malik's picture

I am a newbie in the area of Symantec encryption and DLP.

My client needs an email encryption solution that is integrated with active directory domain. Let's say that a user encrypts an email attachment such that only another user "name@domain.com" can decrypt it. Is it possible with Symantec Encryption?

Operating Systems:

Comments 6 CommentsJump to latest comment

Atif Mehmood Malik's picture

Thank you pete.

I have already seen this link. You mean that Symantec Gateway email encryption includes the feature of active directory user authentication?

One more question:

If we deploy Symantec gateway email encryption at our end, our business partners and clients (to whom we send emails) also need this solution for decryption or not ?

I am sorry if my questions are odd.

dcats's picture

Hi Atif,

Yes, if the LDAP (Active Directory) is one of the supported versions. Others *may* work but haven't been tested.
You can find this same information under System Requirements:
--- snip ---
Supported External Authentication Products
Symantec Encryption Management Server is compatible with the following LDAP directory products:
    Microsoft Active Directory 2010
    Microsoft Active Directory 2008
    Microsoft Active Directory 2003
    Lotus Notes/Domino Directory 7.0
    OpenLDAP 2.3.x

For directory synchronization, Symantec Encryption Management Server supports:
    LDAPv2
    LDAPv3
    LDAPS
--- snip ---

The business partners don't have to use the same solution. However, both solutions must be able to work with the same encryption standard that you use to exchange encrypted emails. In the top of that same page:

--- snip ---
Messaging Security Standards
    PGP/MIME (RFC 3156)
    OpenPGP (RFC 4880)
    S/MIME v3 (RFC 2633)
--- snip ---

Regards,
dcats

Alex_CST's picture

What's DLP to do in this scenario?  You can integrate DLP with PGP/SEMS to chek on data leakage through encrypted emails, but from your scenario you dont need DLP at all.

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

Atif Mehmood Malik's picture

I believe my requirement can be fulfilled using Identity based encryption. Does Symantec supports identity based encryption?

dcats's picture

Hi Atif,

Unless there is some strict regulatory compliance requirement, I believe you meant Public-key cryptography. If so, yes.
That's the usual way to secure email communication ("a user encrypts an email attachment such that only another user "name@domain.com" can decrypt it").

The Symantec Encryption Management Server can work with S/MIME, in case you need to have a Certification Authority (CA) verifying the certificate. That's an example of PKI (Public-Key Infrastructure).
If the trust can be established between both communication partners, then you can use PGP keys. This would be called WOT (Web of Trust).

Rgs,
dcats