Solved: Ironport Solution Required

Raviraj Velankar · ‎08-22-2013

Dear Experts,

I am looking for email security solution for environment wherein ,mail servers are hosted in Service provider Data Center and we dont have access to it. Looking for client based encryption solution with PKI infrastructure. Please suggest the right solution. Thanks.

David Miller · ‎08-23-2013

If you can route the mail from Exchange to a gateway you could use a gateway based PKI encryption solution like totemomail. That will use existing or create proxy certificates for internal users if necessary and harvest external user certificates for you through enrolment or other processes. If some recipients can't or won't use PKI it can also encrypt in other ways for those users. There are other gateway encryption products, but this is one I am familiar with and it is endorsed by Cisco as a replacement for the Cisco IronPort Encryption Appliance, which could also provide this function but is end of sale. You can find more info here http://www.totemo.com/en/products/mail/encryption-gateway/overview/

If you can't route the mail to a gateway then you can encrypt at the desktop, using S/MIME (built in to Outlook and OWA) or PGP (client available for Outlook) but desktop encryption has many issues, primarily not being able to scan outbound email for virus, acceptable use or DLP at the gateway.

Hope this helps.

View solution in original post

David Miller · ‎08-22-2013

I would like to help but I need more clarity. Are you looking for a hosted mail server or is that what you already have? When you say mail server do you mean groupware like Exchange or MTA like ESA? And when you say don't have access to it you mean you can't get admin access to change the configuration for example? If you can be more explicit I/we can offer some suggestions.

Thanks, Dave

Raviraj Velankar · ‎08-22-2013

Hi Dave,

Thanks for the reply. Please find answer to your queries.

Mail servers are Microsoft Exchange Servers. That we already have. Mail Servers are hosted in Service Provider DC and we dont have admin rights to it, it is managed by them. Looking for client based encryption solution using PKI infrastructure.Hope this answer your queries.

David Miller · ‎08-23-2013

If you can route the mail from Exchange to a gateway you could use a gateway based PKI encryption solution like totemomail. That will use existing or create proxy certificates for internal users if necessary and harvest external user certificates for you through enrolment or other processes. If some recipients can't or won't use PKI it can also encrypt in other ways for those users. There are other gateway encryption products, but this is one I am familiar with and it is endorsed by Cisco as a replacement for the Cisco IronPort Encryption Appliance, which could also provide this function but is end of sale. You can find more info here http://www.totemo.com/en/products/mail/encryption-gateway/overview/

If you can't route the mail to a gateway then you can encrypt at the desktop, using S/MIME (built in to Outlook and OWA) or PGP (client available for Outlook) but desktop encryption has many issues, primarily not being able to scan outbound email for virus, acceptable use or DLP at the gateway.

Hope this helps.

Raviraj Velankar · ‎08-25-2013

Hi

Thanks a lot for your reply.