A review of Voltage Security's Voltage SecureMail Desktop

This review of the Voltage SecureMail Desktop email encryption solution, courtesy of Information Security, will help security consultants and value-added resellers (VARs) learn the basics of a simple, secure, Identity Based Encryption (IBE) messaging system.

Voltage SecureMail Desktop
Voltage Security
Price: Zero Download Messenger is $12,000; individual clients are $25

For all the effort businesses put into password-protecting data resources and computing infrastructures, maintaining the integrity or verifying the authenticity of incoming and outgoing email is often neglected because of cost and complexity.

The Voltage SecureMail platform is an email encryption solution that aims to make secure ad hoc business communication as easy as traditional, nonencrypted messaging. It eschews the complexities of key and certificate management in favor of a far simpler, user-transparent scheme called Identity Based Encryption (IBE).

IBE cryptography enables users to choose an identity -- usually their own email address -- as the basis for secured business communications. This method supports message encryption without requiring the distribution of keys between sender and receiver. IBE is easy to implement and manage, without the administrative overhead imposed by certificates and revocation lists.

We tested the latest version of SecureMail Desktop with client software and Zero Download Messenger components. (Voltage also offers SecureMail Gateway, with policy-based encryption/decryption and integration with antivirus/antispam products and Active Directory.)

Installation/Usage A

The SecureMail Desktop agent integrates directly with a sender's email client, such as Microsoft Outlook or Lotus Notes. The ...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Email Security Product Reviews A review of Proofpoint's Messaging Security Gateway Application Security Web application firewalls: How they can help protect customers Web application firewall market is hot for resellers, service providers Outlook Web Access security: Helping channel customers stay safe Application firewalls create opportunities for VARs and integrators Why you need Web application security expertise Email filtering: Choosing a content filtering tool for your customer Use hosted email filtering for virus protection Content filtering: An integrated approach How to use an ISA Server as an SMTP filter Antivirus trends and strategies Instant messaging and collaboration application security Social media security policies: Helping customers understand the threats Compliance, Web threats change email security market, opportunities Sophos integrates encryption into endpoint, email security Email security vendor Sendio unveils new partner program Netgear primes VARs for SMB email and Web security appliance sales Outlook Web Access security: Helping channel customers stay safe Channel Explained: Email security What security settings best apply to the client? Can we offer managed security services to the client for this server? Should we offer periodic security audits of the email server?

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Zero Download Messenger system allows recipients of encrypted email to receive and reply without needing to download any software.

Installation required no user configuration and took just a few minutes. In Outlook, a Voltage signature-information icon was added to the main toolbar, and a "send secure" button was added to the "compose new email" screen. The regular send button remains fully active, allowing the message originator to choose whether to encrypt.

The Voltage Identity Manager client registers with a Voltage server the email addresses chosen by the user that will transact encrypted messages. Adding an identity couldn't be simpler. After entering the target email address into a dialog box, VIM connects to a Voltage server, launching a browser window into which the user types his name and password. Upon submission, a single-use link is emailed back to the user. Clicking on it completes enrollment.

Clicking "send secure" is the only action needed to encrypt an outgoing message.

Effectiveness B

When someone who does not have the Voltage client installed receives a secured email, opening it displays the HTML Zero Download Messenger (ZDM) screen. ZDM prompts the recipient to open an attachment, select his email address and register it on the Voltage server, a one-time process, before the actual message is displayed.

The process works as intended, allowing messages to be opened only by recipients authenticated by Voltage. Nevertheless, first-time recipients, unless forewarned by the sender, may regard the ZDM screen as merely another piece of spam, quickly dispatching it to the recycle bin. ZDM's generic notice that "You have been sent a secure message" is inadequate.

A continuing email thread can be made secure at any time by clicking "send secure" instead of "send," and continues secure as responses are added.

Voltage key management capabilities directly map to the PCI standard, among the most granular. Its standards-based 128-, 256-, and 512-bit encryption algorithms are FIPS certified.

Verdict

Encryption often requires a budget-busting investment and IT expertise that medium-sized businesses may not have. The Voltage SecureMail Desktop is an elegant cryptographic solution, easily installed and transparent in use.

Testing methodology: Our test environment emulated a small, serverless business that employs a peer network, uses Outlook and relies on a third-party provider for POP3 email services. Email messages were sent to outside business associates with no prior notification.

This review originally appeared in Information Security.