ENTERPRISE S/MIME

IMPROVE EMAIL SECURITY WITH END-TO-END ENCRYPTION AND -IDENTITY THROUGH SEAMLESS END-USER DEPLOYMENT

Secorio Zero-Touch S/MIME Solution: Email Encryption With Only Little Effort

Secorio's industry-first zero-touch S/MIME solution enables email certificates to be efficiently deployed and managed without end-user involvement. Secorio S/MIME email encryption is the ideal solution for SMBs and large enterprises looking for a centralized management solution.

The management solution can be used to provide both public SMIME certificates (from trusted CAs) and private certificates. The certificate manager allows you to control the registration of employees, servers and devices. This makes it possible to determine, report and automatically renew certificates without the involvement of employees. It can also be used to revoke certificates if the employee leaves the company.

The S/MIME Certificate Manager enables automatic renewal of certificates thanks to its crypto-agility and the option to increase the cryptographic strength of the identity. The console automatically takes over all previously issued certificates to significantly improve deployment.

*End To End Encryption

End-to-end encryption of messages between you and your contacts cannot be decrypted, and therefore remains confidential. This protects your messages from man-in-the-middle attackers, hackers or https proxies, and the content arrives safely at the recipient.

*Keystore / Certificate Store For S/MIME

Eliminate the risk of lost certificate keys. All the S/MIME keys are automatically stored securely in your key store/key management. This makes it unnecessary to create backups. In case of a lost key, the certificate can be restored without additional costs and with only little effort.

*Compatibility

Protect your users from SPAM and MALWARE. Even encrypted emails can be checked by your gateway/SPAM filter using preconfigured interfaces. Compatible with e-mail gateways (e.g. CITRIX Secure Gateway) thanks to simple configuration with third-party applications and native mobile e-mail applications.

*Privacy Regulations

You want to comply with regulations such as GDPR, HIPAA, DSGVO or EDIFACT? Enterprise S/MIME fulfills the DSGVO thanks to globally recognized certificates, and helps you increase compliance in your company.

Both public S/MIME certificates (from trusted CA) and private certificates can be issued via the management solution. The certificate manager enables registration of employees, servers and devices to be controlled. This makes identification, reporting and automatic renewal without involving the employees possible. furthermore certificates can be revoked if the employee leaves the company.

Thanks to the crypto-agility and the option to increase the cryptographic strength of the identity, the S/MIME Certificate Manager enables automatic renewal of the certificates. The console automatically adopts all previously issued certificates which significantly improves the issuance and renewal process.

USER CASES

With Zero-Touch S/MIME, Email Encryption Has Never Been Easier

With the first and unique Zero-Touch-S/MIME solution, e-mail certificates can be provided and managed without involving end users or actuated with just a mouse click. Secorio S/MIME email encryption is the ideal solution for a wide range of applications.

E-Mail Signature

S/MIME offers you the certainty that the emails actually come from the intended sender and protects against fraud attempts such as phishing and business email compromises (BEC). S/MIME guarantees that the email or attachments have not been changed after signing.

Email Encryption

S/MIME protects your property or trusted data during transmission or while it is being stored on the mail server.

Mobile E-Mail Encryption

Do you use your mobile devices to send encrypted emails? SCM enables a smooth delivery of your email encryption certificates via preconfigured MDM interfaces.

The GDPR Is Recognized Across The EU As The Rules On How To Process And Store Digital Data. In 2016, The European Union Adopted The General Data Protection Regulation (GDPR) To Replace Its 1995 Processes As Standard For All Business Processes (IT) That Affect Personal Data. In Most European Countries, The Encryption Of Emails With Confidential Personal Data Is Generally Seen As A Measure To Comply With The Guidelines Of The GDPR. Since January 1, 2019, Companies In Denmark Have Also Had To Encrypt All Emails That Contains Confidential Personal Information. When Determining The Severity Of The Punishment For Violations Of The GDPR, The Authorities Take Into Account The Extent To Which The Companies Affeced Have Taken Measures To Ensure The Protection Of Personal Data. Measures Such As Encrypting Email Not Only Reduces The Risk Of Data Breaches, But Can Also Reduce Penalties In The Event Of A Breach By Demonstrating That They Have Taken Appropriate Security Measures To Prevent Data Theft.   Within The Framework Of The GDPR, Penalties For The Loss, Modification Or Unauthorized Disclosure Of Data May Amount To Up To Four Percent Of The Worldwide Annual Turnover Or € 20 Million, Whichever Is Highest. Because Unencrypted E-Mail Can Be Read By A Number Of Parties, Including The Company's IT Administrator, ISP, And Cloud Email Server Provider, Sending Unencrypted E-Mail Containing Personal Or Confidential Information On People Protected By GDPR Can Be Illegal. We Therefore Recommend That You At Least Sign All E-Mails And, Where Possible, Encrypt Them.

Health-Related Emails Require End-To-End Encryption. As In Every Industry, E-Mail Is An Important Communication Medium - Especially For The Exchange Of Health Data Between Patient And Doctor. Personal Health Information (PHI) Emails Transmitted Without Any Protection Are Generally Considered Unsafe. E-Mail With PHI Must Be Protected With Digital Certificates So That Institutions Can Successfully Protect Patient Privacy And Comply With HIPAA And HITECH Regulations. In Particular, All Health-Related Emails That Are Sent Through A Firewall Requires End-To-End Encryption. This Means That Emails On The Sending Mail Server, On All Recipient Mail Servers And During The Transmission Are Encrypted. The Encryption Prevents Unauthorized Third Parties From Having Access To The Content Of The Email, Ans To The Operator Of The Email Server. This Approach Also Works With Mail Servers Running In Third-Party Cloud Services. Encrypting Emails Is A Cost-Effective Way To Meet HIPAA's Email Requirements Without Compromising Security. Because E-Mail Content Is Encrypted Before Archiving, It Is Protected From Disclosure, Regardless Of The Way In Which It Is Stored. The Mail Header Information Can Also Be Searched For On Encrypted Emails In The Mail Application, So Recalling Emails Based On Specific Criteria Is Possible. As A Result, Your Processes Do Not Have To Be Adjusted Or Changed, Even If You Are Using E-Mail Encryption.

S/MIME Email Certificates Are An Essential Part Of Compliance With DFARS (Defense Federal Acquisition Regulation Supplement) - Protection Of Controlled, Unclassified Information In Non-Federal Systems And Organizations. For Many Years, The U.S. Government Has Been In Constant Cyber Fights To Protect Intellectual Property, Particularly In The Military. As Government Agencies Improve Cyber Defense, Attackers Have Increasingly Shifted Their Focus To US Defense Companies To Gain Access To Information Of Strategic National Importance. These Attacks Includes Access To Weak Employee Credentials For Remote Access To Contractor Systems. This Means That Intellectual Property Stored In Emails Can Be Stolen When Sending Or From The Email Server. To Remedy This Situation, The Government Added Section 252.204-7012 To The Defense Federal Acquisition Regulation. This Regulation Requires Compatibility With NIST SP800-171 Protection Of Controlled Unclassified Information In Non-Federal Systems And Organizations. The Regulation Requires Encryption Of All Data During Transmission And Throughout The Filing Process. Certificate-Protected E-Mails Remain Encrypted On Leaving The Sender And Until They Are Opened In The Inbox Of The Recipient. And Encrypts The Data That Is Transmitted On The Internet And Is Stored On The Mail Servers Of The Sending And Receiving Organizations. In Addition, E-Mail Messages And Attachments Stored On Mail Servers Are Also Encrypted.

SSL

Introduction Of Zero-Touch SMIME E-Mail Certificates

Secorio's technology partner is the leading provider of strong digital identities with public key technology. These identities are useful for a variety of corporate applications, from authenticating mobile devices to wireless networks, to encrypting and digitally signing email. To secure effective compliance, email encryption must be easy to provide for the administrator and easy for the employee to use. Unfortunately, previous S/MIME solutions were quite difficult, resulting in employees not being able to encrypt their emails as intended, or the entire installation process being too time-consuming. To solve the problem of complicated implementation, the industry's first zero-touch X.509 certificate management system was developed.

This system automatically provides digital identities for all applications. Many popular email applications supports S/MIME, so you don't have to adjust your systems or your work processes. Employees can use the convenience of their tablets and mobile devices with the usual email applications they already use today.
Trusted S/MIME certificates as well as private certificates can be provided from a single administrator dashboard. Processes such as registration of employees, servers and devices can be automated via the dashboard. It offers easy certificate detection, easy-to-use reporting, automatic renewal without involving employees, and the option to revoke certificates when an employee leaves the company.

For companies, the console automatically adopts all previously issued certificates to significantly simplify the deployment. The administrator can automatically replace the certificates with trusted SMIME certificates. With Public S/MIME, any S/MIME-enabled email application can verify the identity of the sender. And also that the email and its attachments were not changed during the transfer. In addition, the email certificate enables encryption of the email including its attachments, without affecting the email experience of the end user.

To ensure that all emails can be encrypted, the solution offers the following important functions that were not available in previous S/MIME management and administration solutions:

  • Install the Zero-Touch Email Certificate across the enterprise for multiple devices for each single user
  • Transfer digital certificates to new users without additional costs
  • Sending the entire encryption key history (all S/MIME certificates issued for example to info@secorio.com) to all e-mail applications to ensure that older e-mails can also be decrypted
  • Hosting an LDAP directory to support compliance
  • Archiving encryption keys to allow employees to recover accidentally broken keys
  • Working with secure email gateways so that the company can continue to use email scanners to perform its functions also for encrypted and signed emails