automated gateway email encryption for enterprise

Email Encryption for Businesses

GDPR compliant email encryption and signing
– easily at any time with anyone –
effective protection against economic and industrial espionage

Z1 SecureMail Gateway provides security and compliance for all your emails. It is highly automated, fail safe and encrypts emails faultlessly. Secure email is easily realized with business contacts or end customers. Z1 SecureMail Gateway works with any counterpart whether it is gateway to gatway encryption or secure email delivered from your gateway to a private webmail account. You get highest securtiy standards and easy compliance including the EU GDPR naturally.

gateway email encryption for enterprises
protect business emails with encryption

Industrial Espionage Defense

Z1 SecureMail Gateway provides you with military grade encryption, enabling effective protection against industrial espionage and foreign governmental spy programs. The gateway encrypts the actual email content not only the transport channel. Even if providers are obliged to pass your data to secret agencies all they can provide is illegible text: encrypted data.

EU GDPR complaince for your email traffic

Easy Mail Compliance (EU GDPR)

Don’t worry about personal liability in IT compliance issues. Centrally configurable security policies (Z1 Policies) make sure you don’t need to rely on the judgement of individual employees when dealing with highly sensitive information. You don’t even need to invest in any IT Security awareness training for confidential email exchange. With Z1 SecureMail Gateway policies there won’t be any EU GDPR compliance violations due to accidental misuse or forgotten encryption operations. Z1 policies ensure that all users that deal with personal data can only send encrypted messages. All security actions are traceable through always-on logging and monitoring in the graphical administration web interface.

Maximum Email Security – Made in Germany

Zertificon‘s software is developed exclusively in germany. Our software bears the TeleTrusT quality seal “IT Security made in Germany”: it claims among other definitions „no backdoors“. Z1 SecureMail Gateway utilizes open standards with the maximum possible key length, which are recognized and recommended by experts worldwide. You get maximum protection paired with efficiency and great usability, in a nutshell: State of the Art email encryption – made in Germany.

How does it work?

gateway email encryption with Z1 SecureMail Gateway SMIME Gateway, OpenPGP-Gateway

Each email is individually encrypted according to the recipient’s capabilities.

Centralized Email Encryption and Signature

Z1 SecureMail Gateway integrates seamlessly into the existing email infrastructure as an SMTP proxy and processes the complete company-wide email traffic. It operates as a virtual mail room – processing incoming and preparing outgoing mail. The Z1 Gateway encrypts and signs outgoing mail whilst decrypting and validating the signature of incoming items. Suspicious emails are automatically blocked and the internal recipient informed. The complete mail processing is performed according to highly flexible “Z1 Policies” which can be fully configured using the web-based administration interface. Z1 Gateway works silently and transparently in the background. Sending and receiving emails remains the same for employees.

Certificate and Key Management Challenge

Z1 SecureMail Gateway uses the popular worldwide PKI standards S/MIME and OpenPGP for email encryption and digital signing. Z1 SecureMail Gateway automatically and centrally encrypts and decrypts all in- & outbound emails whilst at the same time managing all the keys for internal and external users. This solves the main challenge in the efficient operation of PKI based email encryption.

For further information about keys and certificates download our White Paper: Secure email in times of rising mobile communication – Applied cryptography: Certificates, Gateways & End-to-End Encryption.

Internal Certificates and Keys
Managed PKI – obtain certificates automatically on demand

E-Mail Verschlüsselungszertifikate automatisiert beziehen und verwalten

Certificates for internal users and domains can be obtained at all officially recognized Certificate Authorities. With our optionally available CA-Connector you can automate the purchase process with a selection of Certificate Authorities such as SwissSign or Quo Vadis. This guarantees a professional and efficient certificate management. This one stop shop approach reduces your adminstration and accounting efforts. Keys for internal users can also be created and signed with the aid of the OnBoard CA. Existing keys can be simply imported and activated and used directly for encryption and/or digital signing. The Lifecycle management for keys and certificates is highly automated and efficient.

External Certificates and Keys

The integrated Z1 CertServer component independently performs the fetching, storing, validation and administration of certificates for all external communication partners. Z1 SecureMail Gateway is delivered with a predefined editable set of the most important Certificate Authorities and LDAP directories.

Find and validate email certificates of your communication partners

Z1 SecureMail Messenger

encrypt emails with customers keyless no key or certificate required

The Z1 SecureMail Gateway component encrypts without certificates

more info

Z1 SecureMail End2End

E2EE for enterprises

End-to-End-encryption&
internal encryption

more info

Digital Signatures for Emails

digital signatures verify unchanged content

Sign Emails centrally
& validate email signatures

more info

TLS 1.3, VPN and De-Mail

Encrypted Channels for the secure transfer of email have become well established. A German technical guide from the ministry for security in information technology sets the minimum standard for federal agencies TLS 1.3. Z1 SecureMail Gateway supports TLS according to the current standard. Other encryption methods for secure channels for email transfer are supported.

VPN Connections for continuous communication can be configured via the administration interface.

German De-Mail customers can use our special optional extension De-Mail-Connector. This enables the use of Z1 SecureMail Gateway as a De-Mail Gateway. Zertificon is not a De-Mail Service Provider. Further information about De-Mail (only in German language) can be found here.

Z1 MyCrypt Gateway Companion
MS Outlook Encryption Plugin: Z1 MyCrypt encryption trigger Z1 SecureMail Gateway security actions from your mail client

Z1 MyCrypt Gateway Companion

Optional MS Outlook client extension

The Z1 MyCrypt Gateway Companion reduces applying mail encryption and signature to a simple click. Depending on the mail content your staff decides about the security needs of an email. Existing Z1 security policies cannot be overruled. Only security enhancing actions can be applied.

Z1 MyCrypt Gateway Companion is available as Outlook add-in for Z1 SecureMail Gateway.

The use of the plugin is optional. It will not run without a Z1 SecureMail Gateway connection however.

Z1 SecureMail Gateway at a glance

Key Functions
  1. Central email encryption and digital signing with PKI (S/MIME, OpenPGP)
  2. Secure Delivery with keyless encryption using passwords
  3. Self-Service user password management with customizable user front-end
  4. Automatic key and certificate administration for users, group and domains
  5. Automatic certificate search and real-time validation
  6. Centrally configurable policies for compliance enforcement
  7. Optional user commands
  8. Gateway-to-Gateway encryption
  9. Secure Transport via TLS and VPN
Advantages
  1. Flexible integration into all environments, including MS Office 365
  2. Rapid installation within hours into standard infrastructures
  3. Centralization of company-wide security policies
  4. Transparent for internal users – no training required
  5. Optimized Z1 Appliance Platform with full service
  6. Minimum administration and maintenance.
  7. Flexible scalability
  8. High performance, load balancing and redundancy
  9. Cluster capable
  10. Multi-tenancy
Options
  1. Internal & End-to-End Encryption & digital signing
  2. Synchronization with ERP directories e.g. Active Directory, Lotus Notes
  3. Attachment processing including proprietary formats. e.g. EDI, CAD
  4. Managed PKI – direct connection to Certificate Authorities
  5. De-Mail and Governikus connection; further connections available on request
  6. Integration of Hardware Security Modules (HSM)