I'm looking for an encryption system for our organisations sensitive emails. Unfortunately I work with a large number of people who are very ignorant of security issues so it needs to be VERY simple to use and implement.
I am looking at something cheap to implement as well (open source / free would be good) as I have little to no budget for this, and it must be as secure as I can make it - 128 bit encryption or better.
I have looked at PGP but I'm hesitant as I'm expecting public/private key management to be difficult.
If there's something that can incorporate hardware and software (eg: the necessary presence of a usb key plus password to open emails) that would be good.
All recommendations and advice would be welcome. Thank you people.
Another factor to consider is the fact that is is simply a big fat pain in the ass for people to strictly follow proper security procedures. If this is simply one more in an ever growing pile of security procedures, you can expect your users to ignore it with the same indifference that they show existing procedures. Find a way to make this new scheme make your procedures simpler overall and you have a greater chance of success.
Okay, maybe idiot-proof is a poor choice of words.
I have forgotten about enterprise-wide solutions and am now aiming at senior management only IE: guys who need to send secret emails to a select number of contacts but only have average-user tech skills.
I would like something with a two part security option: Security key on a USB plus access password.
Client-to-client would be nice but Server-side is acceptable if there's no other option.
Again - all comments welcome. Thanks to everyone who has commented so far.
You may be able to accomplish a lot of this with truecrypt. Otherwise PGP is probably next best on the list. Although a lot of this depends on what email clients you are using and what type of mail server you are using, PGP and Truecrypt likely have plugins for outlook that greatly ease the process.
Also if you are already using an exchange server it is probably moot to begin with.
Krom wrote:You may be able to accomplish a lot of this with truecrypt. Otherwise PGP is probably next best on the list. Although a lot of this depends on what email clients you are using and what type of mail server you are using, PGP and Truecrypt likely have plugins for outlook that greatly ease the process.
Also if you are already using an exchange server it is probably moot to begin with.
but, unless you create individual containers for each, truecrypt doesn't encrypt emails, does it? Unless they've added something new? Creating a new truecrypt container for every email would certainly be secure, but not convenient.
Truecrypt is WONDERFUL, and would certainly make it easy to encrypt the users drives. I just didn't think it could conveniently solve the problem of sending unencrypted emails across the network.
