We evaluated three enterprise solutions and bid them out. I believe that once e-mail leaves your network using exchange it is automatically sent clear text, hence the need for encryption. I am not an exchange administrator so... And if you are sending PHI or GLBA I would send in no less then 128-bit anyway.
There are a number of issues you need to think of when evaluating encryption including, logging/reporting, forensics & investigations, ease of use for users, ease of administration, key exchanges, can I force my business partners to buy the same product/hardware/service, send to anyone capability, what constitutes due diligence, cost, etc. I am not endorsing any one vendor and these are not necessarily the opinions of my employer and should not be construed as such. Sonja Robinson, CISA Network Security Analyst HIP Health Plans Office: 212-806-4125 Pager: 8884238615 -----Original Message----- From: Al Cooper [mailto:[EMAIL PROTECTED] Sent: Monday, March 31, 2003 12:44 PM To: Subject: Email Encryption Between Servers We are attempting to set up secure e-mail with our partner companies to comply with the upcoming HIPAA requirements. I would like to find a way to encrypt all e-mail going between our mail server and our partners. We are using Exchange. Some of our partners are also using Exchange and some are using other SMTP servers. Is there a way to automatically force all e-mail between our two e-mail servers (either Exchange to Exchange or Exchange to SMTP) to be encrypted then decrypted on arrival with no end user intervention? If there are, what affect, if any will these encryption methods have on our overall network security. Thanks for your help, ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics ********************************************************************** This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender of the error immediately, do not read or use the communication in any manner, destroy all copies, and delete it from your system if the communication was sent via email. ********************************************************************** ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics