Email encryption at LVM Insurance

“For our email encryption we looked for a solution which, alongside S/MIME and OpenPGP offered alternative ways to communicate confidentially. Z1 SecureMail Gateway in combination with the Z1 SecureMail Messenger component for password based email encryption provides us with the widest possible range of secure communication methods which we can offer our external communication partners.”

Daniel Timmerhindrick, Department for IT-Infrastructure / Application Security

Limited Communication

According to Germany’s data protection laws all personal data has to be protected when it is transmitted. This is particularly relevant for insurance companies which work daily with sensitive personal data. Emails which required protection were originally encrypted using a PKI solution on the end-users’ computers. This method however required staff training and intensive administration. As the need for encrypted email encryption rose, this method no longer became practical. At the same time, the current solution did not offer the possibility to send encrypted emails to communication partners who did not own an S/MIME certificate or PGP key.

Email encryption without PKI

LVM set itself the goal of deploying a solution which would allow encrypted communication with every communication partner regardless of whether they owned an S/MIME certificate or PGP key. During the market evaluation, LVM discovered Zertificon and the Z1 family of products. “After the product presentation we were convinced that the Z1 products would meet all our requirements” Daniel Timmerhindrick remembers.

Central One-Stop Solution Found

LVM selected Z1 SecureMail Gateway – a central one-stop solution which removes the need to install any specialized software on end user clients. The Z1 product enables secure PKI based email encryption and signing according to the S/MIME and OpenPGP international standards. Z1 SecureMail Messenger makes it possible for communication partners who do not own an encryption certificate to securely communicate using password encrypted emails. The delivery of the secure mail is achieved either via an HTTPS secured web mailer (Z1 WebSafe), an encrypted HTML email attachment (Z1 KickMail HTML) or an encrypted PDF attachment (Z1 KickMail PDF). Depending upon the chosen delivery method, the recipient only requires a web browser or a PDF reader to access the encrypted message. With this combination of products, LVM is easily able to adapt to the diverse range of encryption methods which their communication partners use.

Through the use of central policies, LVM employees were freed up and no longer had to worry about whether an email needed to be encrypted and/or signed. Additionally, the acquisition and validation of certificates no longer had to be performed by the end users, but is centrally, automatically and efficiently performed by Z1 CertServer. The complete solution runs on a Z1 Appliance which delivers trouble free operation.

Implementation and Support

The deployment was completed approximately three months after contract award. LVM installed and configured the Z1 Appliance themselves. The integration of the solution into the existing IT infrastructure ran as expected and without any incidents. Straight after the installation, the solution went live. Zertificon’s support was on hand to answer any questions and to help LVM. All feature requests were answered promptly.

Tailored Email Encryption Solution

Our needs have been completely fulfilled with the Z1 products from Zertificon. Of particular note from our point of view are Z1 KickMail HTML and Z1 KickMail PDF which are extremely useful when communicating with partners who do not have the experience or technical know-how regarding encryption. But also our employees find the Z1 solution very easy to use compared with the old solution. Thanks to the central policies the users don’t have to do anything when sending encrypted emails. All PGP keys and S/MIME certificates are stored centrally and are regularly backed up. Finally the support savings we have made have to be mentioned as we don’t have to manage any more local installations.
– Daniel Timmerhindrick