We also use ProofPoint both on-premise and in the cloud as a service. This is where the encryption is done for one of our smaller business units. It is easy to set up the rule for getting a message encrypted. I also enforce TLS for quite a few companies we do business with. This is a good solution for encryption needs but we also use them for AV/AS and are looking into the DLP module now as well..
Jay Reische Sr. Enterprise Exchange Administrator Messaging, AD and DNS Phone: 309-748-9422 reische...@johndeere.com From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Tuesday, February 01, 2011 2:17 PM To: MS-Exchange Admin Issues Subject: Re: Question around forcing mail encryption We use ProofPoint for filtering and encryption. Same capabilities as the other solutions already mentioned. Pretty much unlimited rule capabilities to control what content escapes your gateway and whether or not it is encrypted. Can also perform AntiVirus/AntiSpam and there is a digital assets module. We don't use the digital assets module, but from what I can tell, you can point it to certain file shares containing confidential business information and it can learn what to block based on your rule sets. We also have Barracuda's for AntiVirus/AntiSpam and they recently added e-mail encryption, but I have no idea how well it works but I can tell it's not nearly as feature rich as our ProofPoint solution. I don't think ProofPoint would fall into the "cheap" category. - Sean On Tue, Feb 1, 2011 at 10:09 AM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: I've deployed both a Zix appliance and the PGP Universal Gateway. Both work quite well. I do believe that Zix was quite a bit less expensive. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com<http://theessentialexchange.com/> -----Original Message----- From: Scott Pease [mailto:spe...@sapient.com<mailto:spe...@sapient.com>] Sent: Tuesday, February 01, 2011 1:14 PM To: MS-Exchange Admin Issues Subject: Question around forcing mail encryption Hi there! Long time lurker, been a while since I've posted however... We're being asked to look at how to force encryption for outbound mail traffic more so than we do today. Current environment is Exchange 2007 SP1, moving to SP3 "soon". Client mix covers everything from OL2003 up through OL2010, as well as all the usual suspects on the Mac side (Entourage / Entourage Web Services / Outlook 2011 "early adopters"). A handful of our folks do use PGP desktop client to encrypt individual messages, and we do leverage opportunistic TLS, and force mutual TLS with certain domains as well, server side. There is growing concern about messages being forwarded outside of our environment (and control) that are not encrypted. The desire is to have a capability to encrypt some (or all) of the outbound email. While client side solutions for PGP or S/MIME do work, given what we're being asked to do my preference would be to leverage a gateway product if possible, where we could enforce encryption based on configured policy settings, keyword hits, etc. Thought process being that if we leave this in the hands of the "end user", encryption of messages is still a behavioral issue that we'll likely not solve; if we can isolate things and handle the encryption based on a set of policies and such at the gateway level, we have much less risk of a "lazy user" who habitually neglects to encrypt "sensitive" messages (for example). I've come across both the PGP Universal Gateway and the SecurExchange offering in the past, but don't have a preference (or a favorite, or experience with either). In the next several months we will also be doing a fairly aggressive global upgrade to our UC infrastructure to Exchange 2010 and Lync 2010 server. Again, the preference would be that IF we have to invest in something now, it is something we can leverage in that future state in some manner (at a minimum should be compatible or support upgrade to Ex2010 versions!). I'm hoping that all of you can offer any insight or thoughts around this; I'm sure we're not the only enterprise that's decided to tackle this particular issue, so I'm hoping to leverage the collective hive mind and see if there are any other amazing products we're missing, or any tips, ideas, thoughts, challenges, gotchas, or anything else to keep in mind that y'all can share. I'm particularly interested in any product recommendations that we could add to our short list of potential vendors, or thoughts either way if one is clearly much better than others (or clearly much worse, natch!). Thanks in advance! Scott --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist