Find out about our Z1 products and check out your requirements for secure email exchange and data transfer.
- Z1 products
- Z1 products
- Email & data security
End-to-End Encryption for Organizations
Encrypted emails on all routes, mail servers and end devices
Efficient, compliance conform, highly practicable
End-to-end encryption with Organizational End2End
Z1 SecureMail End2End delivers a truly useable business focused E2EE solution for the first time. The increasing use of mobile devices for email exchange means that end-to-end encryption is more important than ever before. Emails sent from mobile phones are not protected at all and can simply be fished from the airwaves. Z1 SecureMail End2End protects your data in all networks all the time. Use Z1 SecureMail End2End with your standard email clients or upgrade to the new Z1 MyCrypt add-in or mobile app for extra features.
“End-to-end encryption” – What companies should know
Z1 SecureMail End2End has been developed as a security extension to central encryption of the Z1 SecureMail Gateway. In addition to encrypting emails on the Internet, it also protects emails on the company’s own intranet.
Our customers have proven successful in starting with the Z1 SecureMail Gateway: The technical requirements are very low, and the product can be put into direct operation in virtually any company. An end-to-end encryption project requires planned preparation for companies. And you would need your own public key infrastructure (PKI) for Z1 SecureMail End2End.
Find out more in our white paper on E2E encryption
To make it a little easier for you to get started with end-to-end email encryption, we have prepared the following white paper: “End-to-end encryption for enterprises.” You can learn how end-to-end encryption for email in enterprise environments is defined and how it can be easily implemented.
Z1 SecureMail End2End: successful end-to-end encryption of your email communications
For the first time, Z1 SecureMail End2End delivers the possibility to implement organization-wide, state-of-the-art end-to-end email encryption with two encryption modes: Employees encrypt using Organizational End2End, which guarantees data protection and sovereignty for the organization. While the board of directors encrypts using Personal End2End or combines both modes.
How does it work?
Encrypt emails with Organizational End2End
Flexible Delivery Method
S/MIME is used for encryption within the company network whilst at the same time, the field-proven Z1 SecureMail Gateway provides a wide range of communication options. From S/MIME & PGP to password protected PDFs & SecureChannels (TLS) – depending on the recipient’s technical environment everything is possible.
Secure and compliant sending …
End-to-end encryption with gateway re‑encryption enables end-to-end encryption at any time with any email recipient.
Emails are encrypted directly in the email client before being sent. Special internal encryption keys are used during process. The email is then re-encrypted by the Z1 SecureMail Gateway. There is an exchange from one secure environment to the other. This allows access for content filters such as virus scanners and data loss prevention tools which have to be used in order to be conform with compliance guidelines. End-to-end encryption usually needs client side solutions which require end user training and come with high administration costs. Z1 SecureMail End2End enables the use of economical central server based solutions and puts the organization in the driver’s seat. No need to worry if an employee applied encryption to an important email – the central policies take care of that. The re-encryption takes place on the appliance inside your company’s network and the connection to the content filters is of course also encrypted. Emails are always fully protected. On the internal routes, mail servers and end devices emails are encrypted and not even system administrators can read them.
… and receiving
Incoming emails are decrypted by the gateway and signatures are checked. They are then routed to the content filters such as virus scanners and eventually signed and re-encrypted for the internal routes and delivered in an encrypted state to the recipient.
End2End Encryption without re-encryption is designed for communication between individual users in a high security environment. The S/MIME based encryption uses the public certificates from the communication partners. Z1 SecureMail End2End provides the complete certificate management along with the fetching and validation of certificates. For the exclusive use of Personal End2End no Z1 Secure Gateway is required.
Gateway re-encryption or pure S/MIME
Organizational End2End and Personal End2End can be used by different user groups in parallel. See the differences at a glance in the table below:
Only encrypted mails are stored on the mailserver and in client-side mailboxes (inbox)
Spontaneous E2E encryption with any communication partner using re-encryption on the Gateway – efficient and economical
Unbroken encryption for increased security requirements
Compatible with S/MIME, OpenPGP, password based encryption & SecureChannels
Sender and recipient must both use S/MIME
Integration of content filters such as anti-spam, anti-virus, data loss protection (DLP), archiving etc.
Access to content filters such as AS/AV, DLP etc. only on the client
se coupling and tight integration with Z1 SecureMail Gateway
Consistent End-to-End encryption without any admin access to emails on the Gateway
Standard Mail Client Support
Z1 SecureMail End2End can be used with all standard email clients (Outlook, Notes, Webmailer, mobile Mail Apps, etc.). The LDAP- and ActiveSync proxies enable users to encrypt emails directly from their mobile and desktop clients.
The key advantage when using Z1 SecureMail End2End with standard tools is the fact that no software has to be installed on the clients thereby no extra administration is required. End users keep on using their usual software.
Without client software there will be no E2EE compliance enforcement. The user has to trigger the encryption process.
Z1 SecureMail End2End can alternatively be used with Z1 MyCrypt apps and add-ins on a wide range of platforms.
Z1 MyCrypt for Z1 SecureMail End2End
Z1 MyCrypt client delivers full End-to-End encryption directly into the hands of your users. The easy to use client performs all necessary certificate management and draws upon the full potential of your Z1 products to provide users with a wide range of features and maximize the value of your investment.
Z1 MyCrypt – Features:
- As soon as the recipient address is entered, details about available keys and policies is fetched from the Gateway and displayed to the user.
- The user can switch between Organizational End2End or Personal End2End directly from the client. Compliance-Enforcement is possible.
- Simple centralized certificate validation according to the company guidelines and according to the Rank of Trust and CA-Scope.
- Central Key/Certificate-Enrollment
- No contamination of local address books with proxy certificates
- Centralized Key Escrow and holiday coverage
- Synchronization of user profiles over clients on different platforms
- Integration of individual or industry-specific business processes and business applications at the client level possible.
Z1 MyCrypt for iOS