Secorio's industry first zero-touch S/MIME solution enables email certificates to be provided and managed efficiently without involving the end user. Secorio S/MIME email encryption is the ideal solution for SMEs and large companies looking for a centrally administrated solution.
Secorio Zero-Touch S/MIME solution: Email encryption with only little effort
Both public S/MIME certificates (from trusted CA) and private certificates can be issued via the management solution. The certificate manager enables registration of employees, servers and devices to be controlled. This makes identification, reporting and automatic renewal without involving the employees possible. furthermore certificates can be revoked if the employee leaves the company.
Thanks to the crypto-agility and the option to increase the cryptographic strength of the identity, the S/MIME Certificate Manager enables automatic renewal of the certificates. The console automatically adopts all previously issued certificates which significantly improves the issuance and renewal process.
With Zero-Touch S/MIME, email encryption has never been easier
With the first and unique Zero-Touch-S/MIME solution, e-mail certificates can be provided and managed without involving end users or actuated with just a mouse click. Secorio S/MIME email encryption is the ideal solution for a wide range of applications.
5 reasons to choose Zero-Touch Enterprise S/MIME
5 reasons to choose Zero-Touch Enterprise S/MIME
- End-to-end message encryption between you and your contacts. Signed and encrypted emails can not be intercepted and decrypted by man-in-the-middle attackers, packet sniffers, or https proxies.
- Validate email sources to counteract phishing attacks.
- Trusted by all major e-mail clients and Internet browsers.
- Sign Microsoft Office and OpenOffice documents digitally.
- Compatible with secure e-mail gateways.
Latest information from our Info Center for the Enterprise Certificate Manager for S/MIME
Ensure compliance with privacy laws with S/MIME
GDPR / DSGVO Compliance
Within the framework of the GDPR, penalties for the loss, modification or unauthorized disclosure of data may amount to up to four percent of the worldwide annual turnover or € 20 million, whichever is highest. Because unencrypted e-mail can be read by a number of parties, including the company's IT administrator, ISP, and cloud email server provider, sending unencrypted e-mail containing personal or confidential information on people protected by GDPR can be illegal. We therefore recommend that you at least sign all e-mails and, where possible, encrypt them.
HIPAA / HITECH compliance
As in every industry, e-mail is an important communication medium - especially for the exchange of health data between patient and doctor. Personal health information (PHI) emails transmitted without any protection are generally considered unsafe. E-mail with PHI must be protected with digital certificates so that institutions can successfully protect patient privacy and comply with HIPAA and HITECH regulations.
In particular, all health-related emails that are sent through a firewall requires end-to-end encryption. This means that emails on the sending mail server, on all recipient mail servers and during the transmission are encrypted. The encryption prevents unauthorized third parties from having access to the content of the email, ans to the operator of the email server. This approach also works with mail servers running in third-party cloud services.
Encrypting emails is a cost-effective way to meet HIPAA's email requirements without compromising security. Because e-mail content is encrypted before archiving, it is protected from disclosure, regardless of the way in which it is stored. The mail header information can also be searched for on encrypted emails in the mail application, so recalling emails based on specific criteria is possible. As a result, your processes do not have to be adjusted or changed, even if you are using e-mail encryption.
Compliance with Federal Secure Email Requirements (DFARS)
For many years, the U.S. government has been in constant cyber fights to protect intellectual property, particularly in the military. As government agencies improve cyber defense, attackers have increasingly shifted their focus to US defense companies to gain access to information of strategic national importance. These attacks includes access to weak employee credentials for remote access to contractor systems. This means that intellectual property stored in emails can be stolen when sending or from the email server.
To remedy this situation, the government added section 252.204-7012 to the Defense Federal Acquisition Regulation. This regulation requires compatibility with NIST SP800-171 protection of controlled unclassified information in non-federal systems and organizations. The regulation requires encryption of all data during transmission and throughout the filing process.
Certificate-protected e-mails remain encrypted on leaving the sender and until they are opened in the inbox of the recipient. and encrypts the data that is transmitted on the Internet and is stored on the mail servers of the sending and receiving organizations. In addition, e-mail messages and attachments stored on mail servers are also encrypted.
Introduction of Zero-Touch SMIME e-mail certificates
Secorio's technology partner is the leading provider of strong digital identities with public key technology. These identities are useful for a variety of corporate applications, from authenticating mobile devices to wireless networks, to encrypting and digitally signing email. To secure effective compliance, email encryption must be easy to provide for the administrator and easy for the employee to use. Unfortunately, previous S/MIME solutions were quite difficult, resulting in employees not being able to encrypt their emails as intended, or the entire installation process being too time-consuming. To solve the problem of complicated implementation, the industry's first zero-touch X.509 certificate management system was developed.
This system automatically provides digital identities for all applications. Many popular email applications supports S/MIME, so you don't have to adjust your systems or your work processes. Employees can use the convenience of their tablets and mobile devices with the usual email applications they already use today.
Trusted S/MIME certificates as well as private certificates can be provided from a single administrator dashboard. Processes such as registration of employees, servers and devices can be automated via the dashboard. It offers easy certificate detection, easy-to-use reporting, automatic renewal without involving employees, and the option to revoke certificates when an employee leaves the company.
For companies, the console automatically adopts all previously issued certificates to significantly simplify the deployment. The administrator can automatically replace the certificates with trusted SMIME certificates. With Public S/MIME, any S/MIME-enabled email application can verify the identity of the sender. And also that the email and its attachments were not changed during the transfer. In addition, the email certificate enables encryption of the email including its attachments, without affecting the email experience of the end user.
To ensure that all emails can be encrypted, the solution offers the following important functions that were not available in previous S/MIME management and administration solutions:
- Install the Zero-Touch Email Certificate across the enterprise for multiple devices for each single user
- Transfer digital certificates to new users without additional costs
- Sending the entire encryption key history (all S/MIME certificates issued for example to email@example.com) to all e-mail applications to ensure that older e-mails can also be decrypted
- Hosting an LDAP directory to support compliance
- Archiving encryption keys to allow employees to recover accidentally broken keys
- Working with secure email gateways so that the company can continue to use email scanners to perform its functions also for encrypted and signed emails