Email Encryption for Businesses

Z1 SecureMail Gateway centrally applied email encryption for enterprises

GDPR compliant email encryption and signing 

– easily at any time with anyone –

effective protection against economic and industrial espionage

Encrypt emails

Z1 SecureMail Gateway provides security and compliance for all your emails. It is highly automated, fail safe and encrypts emails faultlessly. Secure email is easily realized with business contacts or end customers. Z1 SecureMail Gateway works with any coutnerpart whether it is gateway to gatway encryption or secure email delivered from your gateway to a private webmail account. You get highest securtiy standards and easy compliance including the EU GDPR naturally.

Industrial Espionage Defense

Z1 SecureMail Gateway provides you with military grade encryption, enabling effective protection against industrial espionage and foreign governmental spy programs. The gateway encrypts the actual email content not only the transport channel. Even if providers are obliged to pass your data to secret agencies all they can provide is illegible text: encrypted data.

Easy Mail Compliance

Don’t worry about personal liability in IT compliance issues. Centrally configurable security policies (Z1 Policies) make sure you don’t need to rely on the judgement of individual employees when dealing with highly sensitive information. You don’t even need to invest in any IT Security awareness training for confidential email exchange. With Z1 SecureMail Gateway policies there won’t be any EU GDPR compliance violations due to accidental misuse or forgotten encryption operations. Z1 policies ensure that all users that deal with personal data can only send encrypted messages. All security actions are traceable through always-on logging and monitoring in the graphical administration web interface.

Maximum Email Security – Made in Germany

Zertificon‘s software is developed exclusively in germany. Our software bears the TeleTrusT quality seal “IT Security made in Germany”: it claims among other definitions „no backdoors“. Z1 SecureMail Gateway utilizes open standards with the maximum possible key length, which are recognized and recommended by experts worldwide. You get maximum protection paired with efficiency and great usability, in a nutshell: State of the Art email encryption – made in Germany.

IT-Security Made in Germany encryption according to german data security standards

How does it work?

Centralized Email Encryption and Signature

Email encryption with Z1 SecureMail GatewayEach email is individually encrypted according to the recipient’s capabilities.

Z1 SecureMail Gateway integrates seamlessly into the existing email infrastructure as an SMTP proxy and processes the complete company-wide email traffic. It operates as a virtual mail room – processing incoming and preparing outgoing mail. The Z1 Gateway encrypts and signs outgoing mail whilst decrypting and validating the signature of incoming items. Suspicious emails are automatically blocked and the internal recipient informed. The complete mail processing is performed according to highly flexible “Z1 Policies” which can be fully configured using the web-based administration interface. Z1 Gateway works silently and transparently in the background. Sending and receiving emails remains the same for employees.

PKI and password based encryption

The Z1 Gateway is fully S/MIME and PGP compliant. For communication partners who don’t have a PKI, messages are delivered automatically using keyless password based encryption. When coupled with Z1 SecureMail End2End the Gateway solution delivers full state of the art End2End Encryption directly to employees and communication partners. Z1 Gateway is highly scalable and simple to integrate into existing email infrastructures with anti-spam and anti-virus solutions. The high-speed real-time processing and fail-over capabilities support mission critical environments & dovetail with business continuity planning.

Certificate and Key Management Challenge

automated Public key infrastructure management

Z1 SecureMail Gateway uses the popular worldwide PKI standards S/MIME and OpenPGP for email encryption and digital signing.

Z1 SecureMail Gateway automatically and centrally encrypts and decrypts all in- & outbound emails whilst at the same time managing all the keys for internal and external users. This solves the main challenge in the efficient operation of PKI based email encryption. For further information about keys and certificates download our White Paper: Secure email in times of rising mobile communication – Applied cryptography: Certificates, Gateways & End-to-End Encryption.

Internal Certificates and Keys

Managed PKI – obtain certificates automatically on demand

Certificates for internal users and domains can be obtained at all officially recognized Certificate Authorities. With our optionally available CA-Connector you can automate the purchase process with a selection of Certificate Authorities such as SwissSign or Quo Vadis. This guarantees a professional and efficient certificate management. This one stop shop approach reduces your adminstration and accounting efforts. Keys for internal users can also be created and signed with the aid of the OnBoard CA. Existing keys can be simply imported and activated and used directly for encryption and/or digital signing. The Lifecycle management for keys and certificates is highly automated and efficient. Automated Key Management

External Certificates and Keys

The integrated Z1 CertServer component independently performs the fetching, storing, validation and administration of certificates for all external communication partners. Z1 SecureMail Gateway is delivered with a predefined editable set of the most important Certificate Authorities and LDAP directories.

Z1 MyCrypt Gateway Companion

Optional MS Outlook client extension

The Z1 MyCrypt Gateway Companion reduces applying mail encryption and signature to a simple click. Depending on the mail content your staff decides about the security needs of an email. Existing Z1 security policies cannot be overruled. Only security enhancing actions can be applied.

Z1 MyCrypt Gateway Companion is available as Outlook add-in for Z1 SecureMail Gateway.

The use of the plugin is optional. It will not run without a Z1 SecureMail Gateway connection however.

Z1 MyCrypt - optional client extension forMicrosoft OutlookZ1 MyCrypt Gateway Companion for MS Outlook

TLS 1.3, VPN and De-Mail

Encrypted Channels for the secure transfer of email have become well established. A German technical guide from the ministry for security in information technology sets the minimum standard for federal agencies TLS 1.3. Z1 SecureMail Gateway supports TLS according to the current standard. Other encryption methods for secure channels for email transfer are supported.

VPN Connections for continuous communication can be configured via the administration interface.

German De-Mail customers can use our special optional extension De-Mail-Connector. This enables the use of Z1 SecureMail Gateway as a De-Mail Gateway. Zertificon is not a De-Mail Service Provider. Further information about De-Mail (only in German language) can be found here.

Z1 SecureMail Gateway at a glance:

Key functions:
  • Central email encryption and digital signing with PKI (S/MIME, OpenPGP )
  • Secure Delivery with keyless encryption using passwords
  • Self-Service user password management with customizable user front-end
  • Automatic key and certificate administration for users, group and domains
  • Automatic certificate search and real-time validation
  • Centrally configurable poilicies for compliance enforcement
  • Optional user commands
  • Gateway-to-Gateway encryption
  • Secure Transport via TLS and VPN
  • Flexible integration into all environments, including MS Office 365
  • Rapid installation within hours into standard infrastructures
  • Centralization of company-wide security policies
  • Transparent for internal users – no training required
  • Optimized Z1 Appliance Platform with full service
  • Minimum administration and maintenance.
  • Flexible scalability
  • High performance, load balancing and redundancy
  • Cluster capable
  • Multi-tenancy
  • Internal & End-to-End Encryption & digital signing
  • Synchronization with ERP directories e.g. Active Directory, Lotus Notes
  • Attachment processing including proprietary formats. e.g. EDI, CAD
  • Managed PKI – direct connection to Certificate Authorities
  • De-Mail and Governikus connection; further connections available on request
  • Integration of Hardware Security Modules (HSM)

Print Z1 SecureMail Gateway Overview:    Print Overview