BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
The DataMotion SecureMail line of products provides enterprise email encryption capabilities. Used together, they enforce policy-based encryption on outbound email containing sensitive information and also allow individual users to encrypt particular email.
DataMotion SecureMail comprises two products:
- SecureMail Gateway. The SecureMail Gateway product is an email encryption gateway that implements policy-based encryption, which means the gateway automatically encrypts the contents of email that match certain enterprise policies. An example of such a policy is the presence of credit card numbers or social security numbers. The SecureMail Gateway is intended to encrypt outbound email only -- that is to say, email destined for recipients external to the organization. There is no provision for automatically enforcing email encryption for email between an internal sender and an internal recipient.
- SecureMail Desktop. The SecureMail Desktop product allows individual users to select which of their email should be encrypted. In most environments, the SecureMail Desktop product is used in combination with the SecureMail Gateway product. That way, users are only obligated to encrypt email that the SecureMail Gateway will not already be encrypting. This could be useful, for example, if a user is discussing a proprietary idea that doesn't necessarily match any of the enterprise encryption policies. SecureMail Desktop also gives the ability to encrypt email sent from an internal sender to an internal recipient, which SecureMail Gateway does not support.
The DataMotion SecureMail Gateway is placed after an enterprise email server, not on the email server itself, so it is compatible with any email server. The SecureMail Gateway can be deployed within the enterprise as a standalone gateway, or it can be deployed as a cloud-based service.
The DataMotion SecureMail Desktop product only supports Microsoft Outlook. This is common for this product class, where the majority of products support Outlook only. If an organization wants individual users to be able to select email to encrypt, its users must either be on Outlook or migrated to Outlook, the latter of which could be significantly disruptive to those users.
The DataMotion SecureMail products support use of either the Advanced Encryption Standard (AES) encryption algorithm or the Triple Data Encryption Standard algorithm. AES is considered state of the art, so organizations should normally choose the AES option. However, the website and literature for DataMotion SecureMail don't state what the AES key length is. It must be at least 128 bits minimum, but 128 bits is increasingly being considered too weak an option to protect against future threats. The preferred key length for AES is 256 bits, so evaluators should check with DataMotion to see what AES key lengths are available, and then select the longest key length available.
The Federal Information Processing Standard (FIPS) for encryption is a set of basic requirements which products are tested against to verify compliance with those requirements. The DataMotion SecureMail products are FIPS-compliant, meaning they have passed these tests. However, because encryption modules frequently change, necessitating new compliance testing, evaluators should check with DataMotion to ensure their FIPS compliance certification addresses the current versions of the SecureMail products.
File encryption support
By default, the DataMotion SecureMail products can support encrypted file attachments of up to 100 megabytes, which is considerably larger than most email servers can support. DataMotion also makes available a Secure File Transfer add-on, which supports large file transfers of up to two gigabytes through email encryption, even when intermediate email servers don't support files of that size. The Secure File Transfer add-on provides a convenient way of securely transferring large files without having to use alternative secure file transfer methods, which may not be as secure or as usable.
Limited licensing information is publicly available for the DataMotion SecureMail products, but a variety of licensing options are available. For example, cloud-based services can be acquired for individual email users or for groups of users, with administrative options available for managing groups of users. Premises-based licensing is also available.
A free trial of DataMotion SecureMail Desktop is available. However, no free trial of DataMotion SecureMail Gateway is listed on the DataMotion site.
The DataMotion SecureMail Gateway product provides policy-based encryption for outbound email only (i.e., external recipients), while the SecureMail Desktop product allows users to individually select email for encryption, regardless of whether the recipients are external or internal. The SecureMail Gateway is compatible with any email server; the Desktop product, if desired to enable user-directed email encryption, is only supported on Microsoft Outlook.
DataMotion also offers a Secure File Transfer add-on for large file encryption and transfer. This may take the place of other secure file transfer options in many environments.
DataMotion SecureMail products support the AES algorithm and are FIPS-compliant, but their AES key length is not disclosed. It is important for products to support 256-bit keys for strength against future threats, and most other products in this class do support 256-bit AES keys. Be sure to check with DataMotion about their key length, as well as licensing information, which is largely not disclosed publicly. An organization cannot make an informed email encryption purchasing decision about the appropriateness of the DataMotion SecureMail products for their environment without this key and licensing information.
In part one of this series, learn about the basics of email encryption software in the enterprise
In part two of this series, take a look at email encryption software from a business perspective
In part three of this series, learn about the procurement process for email encryption software
Check out our buyer's guide on email security gateways
Read more about securing enterprise email from potential threats