Expert contributor Karen Scarfone examines Proofpoint Email Encryption products, which come with data loss prevention capability and a Secure Share add-on for secure file sharing.
The Proofpoint Email Encryption product provides enterprise-level email encryption functionality. This includes automatically encrypting sensitive outbound email through a policy-based gateway and enabling the secure transfer of large files via email messages through the Secure Share add-on.
Product editions
The Proofpoint Email Encryption product only comes in a single edition. It is part of a larger solution, the Proofpoint Enterprise Privacy product. The main feature of this product, besides the Email Encryption component, is a Data Loss Prevention (DLP) capability. It is commonplace for DLP and email encryption technologies to work hand-in-hand because the DLP can detect potential policy violations involving email-transmitted data, and the email encryption technology can encrypt or block affected email, thus safeguarding their data from interception.
There is an additional add-on for Proofpoint Enterprise Privacy known as Proofpoint Secure Share. The purpose of Secure Share is to enable the secure sharing of large files containing sensitive information via email encryption. So Secure Share works hand-in-hand with the Email Encryption product.
The Proofpoint Secure Share add-on is available as a cloud-based offering only.
Proofpoint Enterprise Privacy's encryption algorithm is the Advanced Encryption Standard (AES) algorithm, with encryption key length of 256 bits. Use of the AES algorithm and 256-bit AES keys is widely considered a sound practice and should provide strong security against both current and future threats.
Proofpoint has several Federal Information Processing Standard (FIPS) compliance certificates for its cryptographic libraries. This means Proofpoint has had an accredited third party do validation testing on its products' cryptographic capabilities to ensure they meet minimum standards. However, because these compliance certificates do not specify the exact products they correspond to, prospective customers should check with Proofpoint to ensure the products they are evaluating are covered by one of the FIPS compliance certificates.
File encryption support
As mentioned above, the Proofpoint Secure Share add-on can support the ability to transfer large files via email. This can take the place of File Transfer Protocol (FTP) usage and other alternative file transfer mechanisms, potentially providing a more usable and secure file transfer capability.
Licensing
There is limited licensing information publicly available for Proofpoint Enterprise Privacy. However, as already mentioned, it is available both in a local instantiation, or virtual appliance, and a cloud-based service. The Email Encryption product and the Secure Share product are both separately available through their own licensing arrangements.
Free trials of many Proofpoint products are available. The Email Encryption and Secure Share products are available as part of the Proofpoint Enterprise Privacy product trial.
Conclusion
Proofpoint Email Encryption is an add-on to the Proofpoint Enterprise Privacy product that provides email encryption for the enterprise. The Proofpoint Secure Share add-on enables the secure transfer of large files via email encryption. Together, these solutions are a great way to implement email encryption capabilities for organizations already running the Proofpoint Enterprise Privacy product or organizations that would benefit from acquiring it and leveraging its DLP capabilities.
The Proofpoint products do not require a particular email server or client type because they run separately as a virtual appliance or a cloud-based service.
Proofpoint Enterprise Privacy's encryption is state of the art, using AES with 256-bit keys. The status of FIPS compliance is not 100% clear, so make sure to check with Proofpoint on its products' FIPS compliance status during product evaluation. Licensing is a bit complex because the product is available as both an on-premises and cloud-based offering; again, check with Proofpoint for the latest information on how its products are licensed, depending on which solution is appropriate for your organization.
To my mind, while I'm glad that efforts have been made lately to create end-to-end email encryption, no one seems to be addressing the question of how to give both parties in the email transaction an easy way to share public keys, and to make those keys trusted, without the user having to take manual steps toward that end. Does Proofpoint offer a solution in this regard?
Join the conversation
2 comments