Securing Incoming and Outgoing Emails

This paper describes the functionality and security improvements a company or legal authority gains implementing the new SafeGuard PushMail server to its e-mail infrastructure.

The integration of a PushMail-Service into the existing e-mail infrastructure of a company or a legal authority involves different changes. Probably the most vital of these steps is the deployment of the server that gets the e-mails from the internal e-mail server and pushes these e-mails to the handhelds. Pushing in this case means that the e-mails are send to a central server on the providers side via the internet (regarding BlackBerry technology in Europe this server is located in London) and delivered to the handhelds using mobile phone technology afterwards. The server on the customers side (in this case the BlackBerry Enterprise Server) needs to have access to the e-mail server on a very high level which is something that many companies don't want to allow somebody (or some device) that is not completely "in their own hands". Industrial espionage or just the possibility that someone from outside of the company might be able to have a look at an internal e-mail ? by false routing for instance ? does not sound really like a scenario that fits to regular commercial behavior. Figure 1 gives a brief description of how the pushmail-server has to be integrated in the customers e-mail infrastructure.


With SafeGuard PushMail Utimaco Safeware AG offers its customers a new product that solves the problem described above. All e-mails travel the companies internal LAN encrypted and the communication server of the pushmail-service provider will never get just one single unencrypted e-mail. SafeGuard PushMail is easy to integrate and administrate and manages securing all incoming and outgoing e-mails transparently for the companies employees. That means that their will also be no need for the customer to train its employees for this new technology.

The number of customers using pushmail-services is growing fast. One of the leading suppliers (namely Research In Motion) of such a service recently announced that the number of sold handhelds already exceeds 3.5 million devices.

Customer's employees that travel a lot need to have their e-mails always at hand. They are now able to read and answer their own e-mails, synchronize their appointments and to-do lists where ever they are. The e-mails these are also delivered to their office PC as usual where their secretary can still answer some less important e-mails. Even the personal calendar is up to date: additional, changed or canceled meetings and appointments can not be missed anymore. So, the chance of missing some important information decreases by far.

All information delivered to the handheld device is transported via the Internet and the network of the company's service carrier for mobile telephones.

The fear of industrial espionage is one of the main reasons that encourages more and more companies or legal authorities to think about securing their e-mail traffic. Sending an e-mail via the Internet is similar to sending a postcard by traditional mail. Would you ever send a copy your research results or other company-critical information in an open envelope?

Everyone that has a certain know-how about the e-mail protocol in general and gets access to one of the servers that transmit the e-mail on its way to the recipient can easily get a copy of your e-mail.

The first way to set up e-mail security in any environment was client-based. A piece of software had to be rolled-out to every employees desktop PC that should be able to send secured e-mails. The trouble with this approach is that the administrators do really have much work with it. They need to install new software versions on every desktop PC when it's released and they have to distribute the certificates of all external communication partners to all of these PCs. But there is even more to do. In addition to that all employees have to be trained on the new software. So, all in all the integration of a client-based solution for securing e-mail communication is very expensive.

Smart server-based solutions proved to be easier to use, handle and deploy. One of these solutions is the SecurE-Mail Gateway of Utimaco Safeware. The integration of this server-based solution is done easily and quickly.