„We needed a solution to send confidential emails to recipients with both S/MIME and PGP clients. However, it is difficult to set up an in-house client based solution. Z1 SecureMail Gateway is great software. It automatically manages all security tasks including encryption and digital signing. The administration interface simplifies certificate management and setting up policies. The end users on the other hand don’t have to worry about security at all”.
Kevin Kuntz, System Administrator at Main-Kinzig county council.
Initial Situation at Main-Kinzig County Council
Prior to the contract award, documents at Main-Kinzig county council (MKK) which contained personal data were printed out, put in an envelope and sent by post.
Aims: Efficient and economical routine tasks
MKK started looking for a solution to speed up routine administrative tasks. Through the use of email, the process of approving or turning applications down can be improved. In addition, it should be possible to detect fraudulent or illegal benefit requests electronically. The secure email solution must meet legal requirements (e.g. federal data protection laws BDSG) and should be transparent to the roughly 1000 email users. The use of a client based solution was rejected due to the high number of email users and the difficulty in implementing standard security policies.
Simple Email Encryption with Z1 SecureMail Gateway
Based upon the above requirements, Kevin Kuntz, system administrator at MKK, investigated a number of solutions from different suppliers. The Z1 SecureMail Gateway from Zertificon Solutions GmbH was selected as the preferred solution. The software supports key standards, is simple to administer and integrates seamlessly into the IT infrastructure. With the support of the supplier, the installation and configuration was performed without any issues. The training for the administrations was quickly completed within two days. The only extra equipment which was required was a server and a workstation.
Central security policies
District Office Hanau
The solution is used throughout the whole Main-Kinzig county for electronic communication with external partners as well as with other authorities and services. The users mainly have contact with the public or are looking after social security recipients in local offices. Z1 SecureMail Gateway is deployed as an SMTP proxy which automatically de-/encrypts, signs and validates email signatures. It processes the complete email traffic according to central security policies. The policies can be completely configured by the Security Office via the web-based management console. The security mechanisms can be defined as optional or mandatory according to the sender and recipient addresses or their domains. Additionally, end users can control certain security features by adding short commands to the email subject.
Secure electronic mail
“We haven’t seen a solution on the market which is better than Z1 SecureMail Gateway. Right from the start, the Gateway ran without any problems and through the use of secure email, saves time, money and helps the environment because we no longer have to print out documents.” Kevin Kuntz, System Administrator Main-Kinzig county council
The Main-Kinzig county extends from the outskirts of Frankfurt to the Bavarian Spessart forest. Covering a total area of approximately 1,400 square kilometers, it is home to the Main-Kinzig county with over 400,000 inhabitants, making it the most populous county in the state of Hesse. The IT department has 18 employees spread over the multiple sites. The IT infrastructure is state of the art. The Main-Kinzig county (MKK) has a leading IT and IT security role at local and national level. The email infrastructure is based on Microsoft Outlook and Microsoft Exchange.
Implementation of the security polices defined by Mainz-Kinzig county council regarding the confidentiality, authenticity and integrity of personal data.
Client based encryption proved to be impractical of the roughly 1000 email users at MKK.
Z1 SecureMail Gateway features:
- Central de-/encryption as well as centralised signing and electronic signature validation.
- Automatic certificate management
- Compliant with S/MIME and PGP international standards and follows the ISIS-MTT and S/MIME v3 standards
- Web-based administration
- Process all email traffic according to central security polices and individual user commands.
- Private key secure storage in a Hardware-Security-Module (Cryptobox) e.g. from Eracom, Chrysalis/SafeNet etc.
Z1 SecureMail Gateway advantages:
- Quicker standard procedures through the use of email
- Universal Security policies
- Reduces cost through the use of Organization/Domain certificates
- Secure private key storage in Cryptobox protects against manipulation and theft