Based upon our requirements, we investigated a range of solutions from different suppliers and in the end, selected Z1 SecureMail Gateway from Zertificon. The software supported the key standards, is simple to administer and integrates easily into our architecture. With the help of the supplier, the installation and configuration process ran without any issues.”
Dr. Malte Borcherding, IT Security Manager, Landesbank Baden-Württemberg
LBBW Security Goals
LBBW Headquarters Stuttgart
The Landesbank Baden-Württemberg issued their security policy after researching the protection of email communication for their 10,000+ email users. The policy aimed to ensure confidentiality, authenticity and integrity. The bank aims to guard against material damage and damage to the company’s reputation as well as preventing unauthorized parties gaining access to or changing information about transactions, confidential agreements or personal data.
The goal: Standardized Security instead of PGP on Standalone PCs
Previously, standalone PC’s installed with PGP (Pretty Good Privacy) were used to secure email communication. Separate computers were used to de-/encrypt messages as well as to send and receive emails. With the increase in email traffic, changing the workplace simply to send an email became increasingly impractical and unproductive. In addition, it was not possible to guarantee a universal level of security with this distributed solution. Due to these limitations, LBBW started to look for a solution with which it would be easier to realize their security requirements. Email protection should be possible without any client-side installation or the need for end users to change computers. In order to achieve a high user acceptance the usability of the system should be as simple as possible for the end users.
Furthermore, LBBW required minimal impact on the current mail traffic, full integration into the LBBW heterogeneous IT environment and the seamless interaction with other security systems. Therefore, the integration of the solution into the existing mail system (SMTP based) with the possibility to retain content filtering and virus scanning was required. These requirements alone indicated the need for a server based solution.
Email Communication for Mission Critical Activities
Because the bank employees increasingly use email for mission critical activities the solution must provide high redundancy and availability – after all, every single email will eventually have to be processed by the solution. Rapid deployment and simple administration was required, which meant that a complex PKI (Public Key Infrastructure) had to be avoided.
Evaluation and Implementation
Based upon the above requirements, the team led by the IT Security Manager at LBBW Dr. Borcherding investigated the solutions on offer from a range of suppliers. Z1 SecureMail Gateway from Zertificon was selected because the solution supported the key standards, was simple to administer and integrated easily into the existing IT architecture. The Zertificon team supported the installation and configuration which ran without incident. The solution is deployed and in use since November 2003. After the successful completion of the pilot phase with a limited set of users, the system was rolled out to all internal users.
Certificate and Key Management
The administration of external certificates is performed by Z1 SecureMail Gateway, which automatically extracts and stores certificates from incoming emails. LBBW owns a company-wide certificate which removes the need to administer individual user certificates. LBBW’s private key is stored securely in a Hardware Security Module (Cryptobox) which protects it from manipulation and theft. The Gateway is deployed as a two-node cluster to provide high-availability and redundancy. Both nodes run in parallel and are load-balanced to share the work when necessary.
Feature Requests and Support
“During the project, the supplier accepted our proposals for functional improvements and new features and incorporated them into future product releases. Zertificon helped us throughout the project in all phases with quick and competent support. Our expectations of the solution were met and we could fulfill all of our requirements.” summarized Dr. Malte Borcherding.
LBBW is a universal bank and an international commercial bank with full freedom to conduct business. It permitted engage in all types of banking and financial service activities and establish and operate any kind of office or branch without regional restrictions. It is both a retail and a wholesale bank and the central banking institution of the savings banks in Baden-Württemberg.
LBBW is the largest bank in the southwest of Germany. It numbers among the ten largest German banks and among the 50 largest credit institutions worldwide.
Balance sheet total of EUR 379 billion (2016), 180 branches, over 11,300 employees (group of companies)
Implementation of the security policies concerning the confidentiality, authenticity and integrity of email communication.
Z1 SecureMail Gateway Solution at Landesbank Baden-Württemberg
- Automatic encryption, decryption, automatic signing and signature validation
- Initial deployment on Sun Solaris with later migration to Z1 Appliances
- Administration via web-based management console
- Deployed as SMTP proxy
- Processes the complete email traffic according to the central security policy and individual user instructions
- S/MIME and PGP
- Private key secured in a Hardware Security Module (Cryptobox)
- Redundant synchronized cluster for load-balancing, high availability and reliability