Find out about our Z1 products and check out your requirements for secure email exchange and data transfer.
- Z1 products
- Industry solutions
- Email & data security
End-to-End Encryption for Organizations
Encrypted E-Mails on all routes, mail servers and end devices
Efficient, compliance conform, highly practicable
End-to-end encryption with Organizational End2End
Z1 SecureMail End2End delivers a truly useable business focused E2EE solution for the first time. The increasing use of mobile devices for email exchange means that end-to-end encryption is more important than ever before. Emails sent from mobile phones are not protected at all and can simply be fished from the airwaves. Z1 SecureMail End2End protects your data in all networks all the time. Use Z1 SecureMail End2End with your standard email clients or upgrade to the new Z1 MyCrypt add-in or mobile app for extra features.
Z1 SecureMail End2End delivers state of the art end-to-end email encryption for organizations with two encryption modes. Employees encrypt using Organizational End2End which guarantees data protection and ownership for the organization. The board of directors encrypts using Personal End2End or they combine both modes.
How does it work?
Encrypt emails with Organizational End2End
Flexible Delivery Method
S/MIME is used for encryption within the company network whilst at the same time, the field-proven Z1 SecureMail Gateway provides a wide range of communication options. From S/MIME & PGP to password protected PDFs & SecureChannels (TLS) – depending on the recipient’s technical environment everything is possible.
Secure and compliant sending …
End-to-end encryption with gateway re‑encryption enables end-to-end encryption at any time with any email recipient.
Emails are encrypted directly in the email client before being sent. Special internal encryption keys are used for this process. The email is then re-encrypted by the Z1 SecureMail Gateway. There is an exchange from one secure environment to the other. This allows access for content filters such as virus scanners and data loss prevention tools which have to be used in order to be conform with compliance guidelines. End-to-end encryption usually needs client side solutions which require end user training and come with high administration costs. Z1 SecureMail End2End enables the use of economical central server based solutions and puts the organization in the driver’s seat. No need to worry if an employee applied encryption to an important email – the central policies take care of that. The re-encryption takes place on the appliance inside your company’s network and the connection to the content filters is of course also encrypted. Emails are always fully protected. On the internal routes, mail servers and end devices emails are encrypted and not even system administrators can read them.
… and receiving
Incoming emails are decrypted by the gateway and signatures are checked. They are then routed to the content filters such as virus scanners and eventually signed and re-encrypted for the internal routes and delivered in an encrypted state to the recipient.
End2End Encryption without re-encryption is designed for communication between individual users in a high security environment. The S/MIME based encryption uses the public certificates from the communication partners. Z1 SecureMail End2End provides the complete certificate management along with the fetching and validation of certificates. For the exclusive use of Personal End2End no Z1 SecureMail Gateway is required.
Gateway re-encryption or pure S/MIME
Organizational End2End and Personal End2End can be used by different user groups in parallel. See the differences at a glance in the table below:
Only encrypted mails are stored on the mailserver and in client-side mailboxes (inbox)
Spontaneous E2E encryption with any communication partner using re-encryption on the Gateway – efficient and economical
Unbroken encryption for increased security requirements
Compatible with S/MIME, OpenPGP, password based encryption & SecureChannels
Sender and recipient must both use S/MIME
Integration of content filters such as anti-spam, anti-virus, data loss protection (DLP), archiving etc.
Access to content filters such as AS/AV, DLP etc. only on the client
Close coupling and tight integration with Z1 SecureMail Gateway
Consistent End-to-End encryption without any admin access to emails on the Gateway
Standard Mail Client Support
Z1 SecureMail End2End can be used with all standard email clients (Outlook, Notes, Webmailer, mobile Mail Apps, etc.). The LDAP- and ActiveSync proxies enable users to encrypt emails directly from their mobile and desktop clients.
The key advantage when using Z1 SecureMail End2End with standard tools is the fact that no software has to be installed on the clients thereby no extra administration is required. End users keep on using their usual software.
Without client software there will be no E2EE compliance enforcement. The user has to trigger the encryption process.
Z1 SecureMail End2End can alternatively be used with Z1 MyCrypt apps and add-ins on a wide range of platforms.
Z1 MyCrypt for Z1 SecureMail End2End
Z1 MyCrypt client delivers full End-to-End encryption directly into the hands of your users. The easy to use client performs all necessary certificate management and draws upon the full potential of your Z1 products to provide users with a wide range of features and maximize the value of your investment.
Z1 MyCrypt – Features:
- As soon as the recipient address is entered, details about available keys and policies is fetched from the Gateway and displayed to the user.
- The user can switch between Organizational End2End or Personal End2End directly from the client. Compliance-Enforcement is possible.
- Simple centralized certificate validation according to the company guidelines and according to the Rank of Trust and CA-Scope.
- Central Key/Certificate-Enrollment
- No contamination of local address books with proxy certificates
- Centralized Key Escrow and holiday coverage
- Synchronization of user profiles over clients on different platforms
- Integration of individual or industry-specific business processes and business applications at the client level possible.
Z1 MyCrypt for iOS