E2EE for enterprises

End-to-End Encryption for Organizations

Encrypted emails on all routes, mail servers and end devices
Efficient, compliance conform, highly practicable
End-to-end encryption with Organizational End2End

Z1 SecureMail End2End delivers a valuable and first-of-its-kind business focused E2EE solution. The increasing use of mobile devices for email exchange means that end-to-end encryption is more important than ever before. Emails sent from mobile phones are not protected at all and can simply be fished from the airwaves. Z1 SecureMail End2End protects your data in all networks all the time. Use Z1 SecureMail End2End with your standard email clients or upgrade to the new Z1 MyCrypt add-in or mobile app for extra features.

E2EE for enterprises

Z1 SecureMail End2End delivers state of the art end-to-end email encryption for organizations with two encryption modes. Employees encrypt using Organizational End2End which guarantees data protection and ownership for the organization. The board of directors encrypts using Personal End2End or combines both modes.

How does it work?

E2EE central processing with access for content filters for virus checks

Encrypt emails with Organizational End2End

Flexible Delivery Method

S/MIME is used for encryption within the company network while the field-proven Z1 SecureMail Gateway provides a wide range of communication options. From S/MIME & PGP to password-protected PDFs & SecureChannels (TLS)depending on the recipient’s technical environmenteverything is possible.

Organizational End2End

Secure and compliant sending …

End-to-end encryption with gateway re‑encryption enables end-to-end encryption at any time and with any email recipient.

Emails are encrypted directly in the email client before being sent. Special internal encryption keys are used for this process. The email is then re-encrypted by the Z1 SecureMail Gateway. There is an exchange from one secure environment to the other. This allows access for content filters such as virus scanners and data loss prevention tools which have to be integrated in order to conform with compliance guidelines. End-to-end encryption usually needs client side solutions that require end user training and come with high administration costs. Z1 SecureMail End2End enables the use of economical central server-based solutions and puts the organization in the driver’s seat. There is no need to worry about whether an employee applied encryption to an important emailthe central policies take care of that. The re-encryption takes place on the appliance inside your company’s network and the connection to the content filters is, of course, also encrypted. Emails are always fully protected. On the internal routes, mail servers and end devices emails are encrypted, and not even system administrators can read them.

… and receiving

Incoming emails are decrypted by the gateway as signatures are checked. They are then routed to the content filters such as virus scanners, eventually signed and re-encrypted for the internal routes, and finally delivered in an encrypted state to the recipient.

Personal End2End

End2End Encryption without re-encryption is designed for communication between individual users in a high security environment. The S/MIME based encryption uses the public certificates from the communication partners. Z1 SecureMail End2End provides the complete certificate management along with the fetching and validation of certificates. For the exclusive use of Personal End2End, no Z1 SecureMail Gateway is required.

comfortable certificate management with E2EE in enterprises

Personal End2End

Gateway re-encryption or pure S/MIME

Organizational End2End and Personal End2End can be used by different user groups in parallel. See the differences at a glance in the table below:

Organizational End2End

Personal End2End

Only encrypted mails are stored on the mailserver and in client-side mailboxes (inbox)

Efficient and economical spontaneous E2E encryption with any communication partner using re-encryption on the Gateway

Uninterrupted encryption for increased security requirements

Compatibility with S/MIME, OpenPGP, password based encryption & SecureChannels

Sender and recipient must both use S/MIME

Integration of content filters such as anti-spam, anti-virus, data loss protection (DLP), archiving etc.

Content filters such as AS/AV, DLP, etc. can only be accessed on the client

Close coupling and tight integration with Z1 SecureMail Gateway

Consistent End-to-End encryption without any admin access to emails on the Gateway

Standard Mail Client Support

Z1 SecureMail End2End can be used with all standard email clients (Outlook, Notes, Webmailer, mobile Mail Apps, etc.). The LDAP- and ActiveSync proxies enable users to encrypt emails directly from their mobile and desktop clients.

The key advantage when using Z1 SecureMail End2End with standard tools is the fact that no software has to be installed on the clients therefore, no extra administration is required. End users can keep on using their usual software.

Without client software there is no E2EE compliance enforcement. The user has to trigger the encryption process.

Z1 SecureMail End2End can alternatively be used with Z1 MyCrypt apps and add-ins on a wide range of platforms.

Z1 MyCrypt for Z1 SecureMail End2End

Z1 MyCrypt client delivers full End-to-End encryption directly into the hands of your users. The easy-to-use client performs the necessary certificate management and draws upon the full potential of your Z1 products to provide users with a wide range of features and maximize the value of your investment.

Z1 MyCrypt – Features:

  • As soon as the recipient address is entered, details about available keys and policies are fetched from the Gateway and displayed to the user.
  • The user can switch between Organizational End2End or Personal End2End directly from the client. Compliance-Enforcement is possible.
  • Simple centralized certificate validation according to the company guidelines and according to the Rank of Trust and CA-Scope.
  • Central Key/Certificate-Enrollment
  • No contamination of local address books with proxy certificates
  • Centralized Key Escrow and holiday coverage
  • Synchronization of user profiles over clients on different platforms
  • Integration of individual or industry-specific business processes and business applications at the client level is possible.

Z1 MyCrypt for iOS

Z1 MyCrypt: E2EE emails directly from your smartphone