This white paper reviews the five most common current approaches to messaging security. While the five approaches discussed here are not the comprehensive list of available solutions, they are the basis for most variations of messaging security solutions available today.
The Five Approaches
to Messaging Security:
A Technical Overview
of the TradeoffsTechnical White Paper
1875 S. Grant Street, 10th Fl. | San Mateo, CA 94402 | (800) 475-8226 | www.sigaba.comSIGABA | WHITE PAPER | THE FIVE APPROACHES TO MESSAGING SECURITY: A TECHNICAL OVERVIEW OF THE TRADEOFFS | TABLE OF CONTENTS
The Five Approaches to Messaging Security:
Introduction 3 Criteria 3 Password-Based approach 4Public Key-Based Approach 4PGP-Based Approach 5Web-Based Approach 5Key Server Approach 6Conclusion 7 All information in this document is subject to change without notice. This document is provided for informational purposes only and Sigaba® makes no warranties, either express or implied, in this document.SIGABA | WHITE PAPER | THE FIVE APPROACHES TO MESSAGING SECURITY: A TECHNICAL OVERVIEW OF THE TRADEOFFS | PAGE 3
INTRODUCTION organizations must be able to audit the successful As businesses continue to rely more on digital delivery and authorized access of the data. Many communication channels, especially via the Internet, it regulations require that an organization have a record becomes increasingly important to protect the privacy of access to its con?dential data.of communicators. Cryptography, used in securing Ease-of-Usedata, is certainly not a new concept and neither is Ease-of-use up to this point has been the biggest obstacle its application in digital communication. What is a to successful messaging security system deployment. A recent phenomenon, however, is the sophisticated requirement criteria imposed on messaging security successful solution must be easy to use by all affected
solutions. This white paper reviews the ?ve most parties: easy to use by end users, easy to maintain by IT
common current approaches to messaging security. administrators, and easy to implement and deploy by IT
While the ?ve approaches discussed here are not the developers and system integrators.
comprehensive list of available solutions, they are the Ef?ciencybasis for most variations of messaging security solutions A successful messaging security solution must be available today. ef?cient enough to scale as the needs for the usage Throughout this document, the term "sender" speci?es grows. This means two things: predictable scalability the entity that initiates the transmission of secure data and economy of scale. The usage statistic must be an and it refers to a human user, an application, or both. accurate proxy to reliably predict the required system Similarly, the term "recipient" speci?es the entity that is sizing. As the number of users grows, the average cost on the other end of the transmission of secure data and per user should decrease to achieve economy of scale.it also refers to a human user, an application, or both. ExtensibilityCRITERIA A successful messaging security solution must be able The main purpose of messaging security is privacy of to extend the security resource to multiple applications. data. Achieving this objective on a practical enterprise Con?dential data reside and travel through many scale requires strong security, ease-of-use, and wide different applications, including email, instant reach. The following is a list of seven criteria that are messaging, and ?le transfers. The organization must be essential to realize these three requirements. able to leverage its investment in the messaging security solution for usage for multiple applications. Data EncryptionEncryption of data provides protection from unwanted Expandabilitythird-party access to the data. This is achieved through Much of business communication of sensitive data proper implementation of an encryption algorithm, such takes place between an organization and its partners, as AES, with strong authentication and access control. vendors, and key customers. Because daily business requires dynamic changes in business relationships Sender Control and each organization has its own information security Enterprises are sending internal data to external policies, secure communication channels must be easily destinations. The data is owned by the sending expandable to other organizations and also be easily organizations. As the owners of the data, the sending modi?able to accommodate changes. This ability to let organizations reserve the right to determine who, when, different authentication syste... [download for more]
