End-to-End Encryption for Organizations
Encrypted E-Mails on all routes, mail servers and end devices
Efficient, compliance conform, highly practicable
End-to-end encryption with Organizational End2End
How does it work?
Z1 SecureMail End2End delivers state of the art end-to-end email encryption for organizations with two encryption modes. Employees encrypt using Organizational End2End which guarantees data protection and ownership for the organization. The board of directors encrypts using Personal End2End or they combine both modes.
End-to-end encryption with gateway re‑encryption enables end-to-end encryption at any time with any email recipient.
Secure and compliant sending …
Emails are encrypted directly in the email client before being sent. Special internal encryption keys are used during process. The email is then re-encrypted by the Z1 SecureMail Gateway. There is an exchange from one secure environment to the other. This allows access for content filters such as virus scanners and data loss prevention tools which have to be used in order to be conform with compliance guidelines. End-to-end encryption usually needs client side solutions which require end user training and come with high administration costs. Z1 SecureMail End2End enables the use of economical central server based solutions and puts the organization in the driver’s seat. No need to worry if an employee applied encryption to an important email – the central policies take care of that. The re-encryption takes place on the appliance inside your company’s network and the connection to the content filters is of course also encrypted. Emails are always fully protected. On the internal routes, mail servers and end devices emails are encrypted and not even system administrators can read them.
… and receiving
Incoming emails are decrypted by the gateway and signatures are checked. They are then routed to the content filters such as virus scanners and eventually signed and re-encrypted for the internal routes and delivered in an encrypted state to the recipient.
Flexible Delivery Method
S/MIME is used for encryption within the company network whilst at the same time, the field-proven Z1 SecureMail Gateway provides a wide range of communication options. From S/MIME & PGP to password protected PDFs & SecureChannels (TLS, De-Mail) – depending on the recipient’s technical environment everything is possible.
Gateway re-encryption or pure S/MIME
|Organizational End2End||Personal End2End|
Only encrypted mails are stored on the mailserver and in client-side mailboxes (inbox)
Spontaneous E2E encryption with any communication partner using re-encryption on the Gateway – efficient and economical
Unbroken encryption for increased security requirements
Compatible with S/MIME, OpenPGP, password based encryption & SecureChannels
Sender and recipient must both use S/MIME
Integration of content filters such as anti-spam, anti-virus, data loss protection (DLP), archiving etc.
Access to content filters such as AS/AV, DLP etc. only on the client
Close coupling and tight integration with Z1 SecureMail Gateway
Consistent End-to-End encryption without any admin access to emails on the Gateway
Standard Mail Client Support
Z1 SecureMail End2End can be used with all standard email clients (Outlook, Notes, Webmailer, mobile Mail Apps, etc.). The LDAP- and ActiveSync proxies enable users to encrypt emails directly from their mobile and desktop clients.
The key advantage when using Z1 SecureMail End2End with standard tools is the fact that no software has to be installed on the clients thereby no extra administration is required. End users keep on using their usual software.
Without client software there will be no E2EE compliance enforcement. The user has to trigger the encryption process.
Z1 SecureMail End2End can alternatively be used with Z1 MyCrypt apps and add-ins on a wide range of platforms.
for Z1 SecureMail End2End
Z1 MyCrypt client delivers full End-to-End encryption directly into the hands of your users. The easy to use client performs all necessary certificate management and draws upon the full potential of your Z1 products to provide users with a wide range of features and maximize the value of your investment.
- As soon as the recipient address is entered, details about available keys and policies is fetched from the Gateway and displayed to the user.
- The user can switch between Organizational End2End or Personal End2End directly from the client. Compliance-Enforcement is possible.
- Simple centralized certificate validation according to the company guidelines and according to the Rank of Trust and CA-Scope.
- Central Key/Certificate-Enrollment
- No contamination of local address books with proxy certificates
- Centralized Key Escrow and holiday coverage
- Synchronization of user profiles over clients on different platforms
- Integration of individual or industry-specific business processes and business applications at the client level possible.