Email Encryption: Proofpoint Encryption

Download Datasheet

Proofpoint Encryption™ adds SaaS-powered, policy-based email encryption to your Proofpoint deployment. Proofpoint’s next-generation email security platform delivers integrated data loss prevention and email encryption features powered by Proofpoint Encryption and the Proofpoint Hosted Key Service™. Proofpoint’s email encryption features help mitigate the risks associated with regulatory violations, data loss and corporate policy violations by applying encryption automatically based on customizable policies.

Benefits of Proofpoint Encryption

  • Makes ad hoc, secure communication just as easy as traditional, non-encrypted messaging.
  • Automatically and dynamically applies encryption based on your organization’s policies, right at the gateway. Your compliance, data loss prevention and content security policies are consistently and accurately applied on an as-needed basis.
  • Recipients can easily view their encrypted email through an easy-to-use web-based interface.
  • Eliminates key management, backup and administration burdens through the Proofpoint Hosted Key Service, which uses the Proofpoint on Demand™ SaaS infrastructure to provide secure, cost-efficient, highly-available and fully redundant key storage facilities.
 
“As an outsourced provider of human resources services, we need to be able to exchange private information via email with our clients and a variety of business partners and end-users. We were searching for a cost-efficient solution to enable our administrators and staff to conduct business securely over email, without placing an undue burden on users. Proofpoint Encryption fit our requirements perfectly, was easy to install and makes it simple for users to send email in a secure and compliant way. And our email administrators are thrilled that the system requires very little ongoing maintenance.”
- Jeff Caracci, Vice President of Information Technology, MERIT Resources
 

Email encryption is commonly used to transmit sensitive or confidential information-including operational data, trade secrets, legal documents, financial information, and personal healthcare and identity information-both inside and outside the enterprise.

The need to secure this confidential information—and comply with a growing body of regulations that govern the transmission of private data—have made policy-based, encrypted email a “must have” feature of a comprehensive email security solution. Proofpoint Encryption meets these requirements with the industry's most powerful and flexible solution for policy-driven email encryption.

Policy-driven email encryption

Training end-users in the proper use of encryption systems can be a significant barrier to successful deployment of traditional secure messaging solutions. But Proofpoint Encryption is much easier to use and manage. Proofpoint's secure messaging solution automatically and dynamically applies encryption or decryption based on your organization's policies, right at the gateway. As a result, end-users don't need to take any special actions to take advantage of encryption features and your compliance, data loss prevention and content security policies are consistently and accurately applied on an as-needed basis.

Easy to administer

Unlike alternative approaches to encryption, Proofpoint’s email encryption solution provides effective protection for sensitive information without the administrative burdens and infrastructure costs typically associated with secure messaging.

  • Easy policy management: All encryption policies—whether they are driven by regulatory compliance, data security or internal corporate concerns—are centrally managed and enforced at the gateway. The Proofpoint Messaging Security Console provides a convenient graphical interface for defining encryption policies, which can be triggered based on message content identified by Proofpoint Regulatory Compliance, Proofpoint Content Compliance or Proofpoint Digital Asset Security.
  • Simplified key and certificate management: Proofpoint Encryption eliminates the administrative overhead associated with traditional encryption systems. Using Proofpoint Encryption technology, keys are generated locally by each unique customer instance of Proofpoint, whether deployed on-premises or in the Proofpoint on Demand datacenters.
  • Minimal data storage and archive requirements: Proofpoint Encryption simplifies the storage and backup overhead that is typically associated with message encryption. The Proofpoint Hosted Key Service™ handles all key management functions, using the Proofpoint on Demand SaaS infrastructure.

Easy to use

Proofpoint Secure Messaging operates transparently to end-users without requiring software downloads or the installation and maintenance of desktop encryption clients. Proofpoint's email encryption solution automatically encrypts and decrypts sensitive content as required, without end-users having to use and manage complicated digital certificates or encryption keys.

Low total cost-of-ownership

Proofpoint Encryption seamlessly interfaces with other Proofpoint modules including Proofpoint Regulatory Compliance and Proofpoint Digital Asset Security. Easy deployment and minimal ongoing management requirements greatly reduce the ongoing costs associated with managing your secure messaging solution. And Proofpoint's unparalleled ease-of-use for end-users minimizes support, training and helpdesk costs.

Extremely granular control of encryption policies

As in Proofpoint's anti-spam, anti-virus and content security modules, secure messaging policies are managed and enforced on an enterprise level from a single location, using the Proofpoint Messaging Security Console. Once defined, enterprise encryption policies are applied automatically at the gateway, eliminating the risk of user error.

The combination of Proofpoint Encryption and the Proofpoint Hosted Key Service enables extremely granular, per-message control over encrypted messages. For example, an individual message to a specific recipient can be revoked without affecting other users or other messages to the same recipient.

Message encryption policies can be extremely granular—encryption can be triggered by any combination of:

  • Structured data matches: Such as the presence of protected healthcare or financial information such as HIPAA codes, ABA routing numbers, domestic and international credit card numbers, US social security numbers, UK National Identity Card numbers and other “smart identifiers” as detected by Proofpoint Regulatory Compliance.
  • Unstructured data matches: Such as the presence of confidential information as detected by Proofpoint Digital Asset Security.
  • Keywords and regular expressions found in the subject line or content of messages as defined in the Proofpoint’s email firewall.
  • Message origin or destination: Encrypt messages based on destination (e.g., a specific business partner or supplier) or sender. Messages can also be encrypted based on other message attributes such as attachment type.

Apply inbound policies to encrypted messages

Email can also be decrypted at the gateway, allowing Proofpoint's anti-spam, anti-virus and content compliance policies to be applied to encrypted email before it is delivered to end-users, ensuring that encrypted spam, malware and non-compliant messages are properly handled.

Download the Proofpoint white paper Protecting Enterprise Data with Proofpoint Encryption to learn about the advantages of Proofpoint’s SaaS-powered email encryption solution.

Email Encryption Powered by Proofpoint’s Next-generation SaaS Architecture

Proofpoint Encryption eliminates the administrative overhead of key management by including the Proofpoint Hosted Key Service. As unique keys generated by Proofpoint Encryption, they are stored, backed up and made highly available via Proofpoint’s cloud computing infrastructure. The Proofpoint Hosted Key Service eliminates the need for customers to manage their own encryption keys and certificates.

How does the Proofpoint Hosted Key Service work?

For each email encrypted, the customer’s unique instance of Proofpoint Encryption generates an encryption key that is used to encrypt the message. The encrypted message is then sent to the recipient. Simultaneously, the encryption key itself is sent to the Proofpoint Hosted Key Service.

When the recipient is ready to decrypt the message, a secure https request is made to the unique customer instance of Proofpoint Encryption for authentication. Once the recipient is authenticated, the customer instance requests the appropriate key from the Proofpoint Hosted Key Service, allowing the recipient to decrypt their message.

This architecture allows for comprehensive, ad-hoc secure messaging while eliminating the need for customers to manage their own encryption and decryption keys.

Summary Comparison of Email Encryption Solutions

Key Features Proofpoint Encryption Traditional PKI-based Solutions Webmail-based Solutions Traditional Symmetric Solutions
Usability
Scalability
Authentication Options
Ad-hoc Messaging
Disaster Recovery
Integration with Inbound Anti-virus, Anti-spam, Content Filtering

The table above summarizes the key differences between Proofpoint Encryption and other email encryption solutions. These solutions can be differentiated along six important criteria.

Usability

Proofpoint Encryption eliminates the administrative overhead of key management by including the Proofpoint Hosted Key Service, which handles all key management functions, using the Proofpoint on Demand SaaS infrastructure. Proofpoint Encryption eliminates the need to manage, backup and administer encryption keys and eliminates the need to deploy costly and complex infrastructure traditionally associated with PKI systems. As a result, it is much easier to use and deploy and offers much lower total cost-of-ownership.

Scalability

Each type of solution scales differently because each approach requires different sorts of information to be stored. Proofpoint Encryption and the Proofpoint Hosted Key Service eliminate the disaster recovery, retention and backup problems associated with other approaches to email encryption:

  • With traditional PKI solutions, you need to create keys as well as store and distribute certificates and revocation lists, which become onerous to manage over time. The Proofpoint Hosted Key Service eliminates all of these issues.
  • In webmail-based systems, all messages are sent to a separate inbox that resides in a parallel messaging architecture. This parallel email infrastructure needs to store all messages and archive them. With Proofpoint Encryption, the encrypted contents of the sent message, including its attachments, actually reside on the recipient’s machine—the encrypted content (ciphertext) is sent to the recipient, rather than held in a separate webmail system.
  • With traditional symmetric solutions, keys are issued for every user and every message and those keys must be kept secure and available at all times. The Proofpoint Hosted Key Service uses the Proofpoint on Demand™ SaaS infrastructure to provide secure, cost-efficient, highly-available and fully redundant key storage facilities, eliminating the need to deploy costly infrastructure.

Authentication

Authentication is central to any encryption system. Proofpoint provides the widest array of options for authentication, including RSA SecureID, question and answer, PIN/password, Active Directory, LDAP and custom adaptors. Most other solutions provide very limited integration capabilities for authentication.

Ad-hoc Messaging

Proofpoint Encryption makes it easy to send encrypted messages to any recipient, even ones that you've never corresponded with before. Proofpoint Encryption's Registration Server and the Proofpoint Secure Reader™ make it easy for recipients to receive their messages. If the user is new to the Registration Server, he or she fills out a simple form to create an account, which allows them to view their decrypted message, which is displayed in the secure, web-based Proofpoint Secure Reader.

Disaster Recovery

Like other Proofpoint on Demand offerings, the Proofpoint Hosted Key Service is managed by Proofpoint in highly available, geographically distributed, secure data centers. All Proofpoint data centers are audited and certified for SAS-70 compliances. Proofpoint manages all routine data center operations, such as back-ups and upgrades, so Proofpoint customers never need to take extra steps to ensure that data is backed up and software up-to-date.

Integration with Inbound Message Scanning Services

Proofpoint is one of the only solutions to provide complete, end-to-end, policy-based encryption with the ability to scan messages for viruses, spam or content compliance and to archive messages in the clear (i.e., in their unencrypted form).

MERIT Resources

Outsourced human resources provide MERIT Resources selected Proofpoint Encryption to communicate private information via email clients, business partners and end users, making it easy to send email in a secure and regulatory-compliant way.

Proofpoint Solutions

SaaS Email Security Solutions:

Proofpoint ENTERPRISE & PROTECT

Hybrid Protection for any Appliance:

Proofpoint SHIELD

SaaS Email Archiving Solution:

Proofpoint ARCHIVE

Appliance:

Proofpoint Messaging Security Gateway

Virtual Appliance:

Messaging Security Gateway — Virtual Edition

Software:

Proofpoint Protection Server

Modular Defenses

Defend against inbound threats:

Spam Detection
- View Live Spam Stats
- Dynamic Reputation and netMLX

Virus Protection
- Zero-Hour Anti-Virus

Prevent leaks of confidential information:

Content Compliance

Regulatory Compliance

Digital Asset Security

Network Content Sentry

Optimize your email infrastructure:

Smart Search

Secure File Transfer

Encrypt sensitive information:

Encryption

Product Index

Try Proofpoint

Get Started

Register for a live email security demoRegister for a live email archiving demo

| More

Email Security & Data Loss Prevention

Spam Detection
Virus Protection
Zero-Hour Anti-Virus
Regulatory Compliance
Email Content Compliance
Data Security
Anti-Spam Appliance
Spam Email Stats

On-Demand Solutions

Spam Filtering Services
Email Archiving
Spam Filtering Effectiveness

Email Archiving Solution

Email Archiving Service
Email Archiving Demonstration
Email Archiving Risks Whitepaper

Email Protection Software

Email Encryption Software
Zero-Hour Anti-Virus
Network Email Scan
Smart Search
Secure File Transfer

Email Security Technology

MLX™ Machine Learning Technology
Dynamic Reputation
Email Security Virtual Appliance

Email Security Whitepapers

HIPAA Email ROI
HIPAA Compliance for Email
Best Practices in Email Security
Outbound Email & Data Loss Prevention Statistics
Outbound Email Security

Intro To Inbound & Outbound Email Security

Email Security Blog
Email Security Video Demo
Email Archiving Video Demo
Secure File Transfer Video Demo
45-Day Free Trial: Proofpoint Virtual Appliance
30-Day Free Trial: Proofpoint on Demand
How to Buy

Email Security By Industry

Healthcare
Financial Services
Government
Education
Retail

Featured Resources

Gartner Magic Quadrant for Email Security Gateways, 2010
Using SaaS to Reduce the Costs of Email Security
Anti-Spam Appliance Review
Spam and Virus Trends Report
Hybrid Email Security Whitepaper
Secure File Transfer Whitepaper
Email Security Newsletter Subscription