End-to-End Encryption for Organizations

Z1 SecureMail End2End end-to-end encryption for enterprises

Encrypted E-Mails on all routes, mail servers and end devices

Efficient, compliance conform, highly practicable

End-to-end encryption with Organizational End2End

Z1 SecureMail End2End delivers a truly useable business focused E2EE solution for the first time. The increasing use of mobile devices for email exchange means that end-to-end encryption is more important than ever before. Emails sent from mobile phones are not protected at all and can simply be fished from the airwaves. Z1 SecureMail End2End protects your data in all networks all the time. Use Z1 SecureMail End2End with your standard email clients or upgrade to the new Z1 MyCrypt add-in or mobile app for extra features.

How does it work?

Z1 SecureMail End2End delivers state of the art end-to-end email encryption for organizations with two encryption modes. Employees encrypt using Organizational End2End which guarantees data protection and ownership for the organization. The board of directors encrypts using Personal End2End or they combine both modes.

end-to-end email encryption with secured access point for content filter such as virus scanners inside the company infrastructure

Organizational End2End

End-to-end encryption with gateway re‑encryption enables end-to-end encryption at any time with any email recipient.

Secure and compliant sending …

Emails are encrypted directly in the email client before being sent. Special internal encryption keys are used during process. The email is then re-encrypted by the Z1 SecureMail Gateway. There is an exchange from one secure environment to the other. This allows access for content filters such as virus scanners and data loss prevention tools which have to be used in order to be conform with compliance guidelines. End-to-end encryption usually needs client side solutions which require end user training and come with high administration costs. Z1 SecureMail End2End enables the use of economical central server based solutions and puts the organization in the driver’s seat. No need to worry if an employee applied encryption to an important email – the central policies take care of that. The re-encryption takes place on the appliance inside your company’s network and the connection to the content filters is of course also encrypted. Emails are always fully protected. On the internal routes, mail servers and end devices emails are encrypted and not even system administrators can read them.

… and receiving

Incoming emails are decrypted by the gateway and signatures are checked. They are then routed to the content filters such as virus scanners and eventually signed and re-encrypted for the internal routes and delivered in an encrypted state to the recipient.

Flexible Delivery Method

S/MIME is used for encryption within the company network whilst at the same time, the field-proven Z1 SecureMail Gateway provides a wide range of communication options. From S/MIME & PGP to password protected PDFs & SecureChannels (TLS, De-Mail) – depending on the recipient’s technical environment everything is possible.

Personal End2End

End2End Encryption without re-encryption is designed for communication between individual users in a high security environment. The S/MIME based encryption uses the public certificates from the communication partners. Z1 SecureMail End2End provides the complete certificate management along with the fetching and validation of certificates. For the exclusive use of Personal End2End no Z1 Secure Gateway is required.

End-to-end encyption without re-encryption

Gateway re-encryption or pure S/MIME

Organizational End2End and Personal End2End can be used by different user groups in parallel. See the differences at a glance in the table below:

Organizational End2End Personal End2End

Only encrypted mails are stored on the mailserver and in client-side mailboxes (inbox)

Spontaneous E2E encryption with any communication partner using re-encryption on the Gateway – efficient and economical

Unbroken encryption for increased security requirements

Compatible with S/MIME, OpenPGP, password based encryption & SecureChannels

Sender and recipient must both use S/MIME

Integration of content filters such as anti-spam, anti-virus, data loss protection (DLP), archiving etc.

Access to content filters such as AS/AV, DLP etc. only on the client

Close coupling and tight integration with Z1 SecureMail Gateway

Consistent End-to-End encryption without any admin access to emails on the Gateway

Request a quote, a Z1 SecureMail End2End demo version, etc.

Standard Mail Client Support

Z1 SecureMail End2End can be used with all standard email clients (Outlook, Notes, Webmailer, mobile Mail Apps, etc.). The LDAP- and ActiveSync proxies enable users to encrypt emails directly from their mobile and desktop clients.

The key advantage when using Z1 SecureMail End2End with standard tools is the fact that no software has to be installed on the clients thereby no extra administration is required. End users keep on using their usual software.

Without client software there will be no E2EE compliance enforcement. The user has to trigger the encryption process.

Z1 SecureMail End2End can alternatively be used with Z1 MyCrypt apps and add-ins on a wide range of platforms.

Z1 MyCrypt - optional client extension for all enduser mail clients and as App for mobile devices

for Z1 SecureMail End2End

Z1 MyCrypt client delivers full End-to-End encryption directly into the hands of your users. The easy to use client performs all necessary certificate management and draws upon the full potential of your Z1 products to provide users with a wide range of features and maximize the value of your investment.

Z1 MyCrypt – Features:
  • As soon as the recipient address is entered, details about available keys and policies is fetched from the Gateway and displayed to the user.
  • The user can switch between Organizational End2End or Personal End2End directly from the client. Compliance-Enforcement is possible.
  • Simple centralized certificate validation according to the company guidelines and according to the Rank of Trust and CA-Scope.
  • Central Key/Certificate-Enrollment
  • No contamination of local address books with proxy certificates
  • Centralized Key Escrow and holiday coverage
  • Synchronization of user profiles over clients on different platforms
  • Integration of individual or industry-specific business processes and business applications at the client level possible.
iPhone with Z1 MyCrypt MailZ1 MyCrypt for iOS