Recommendations on encryption suites?

I have been asked to provide an encryption solution for 2 small
companies. I don't yet have a complete set of requirements, but here
are the requirements I've thought of so far:


Must conform to existing public-key encryption standards


Must be exceptionally easy for users to use (i.e., nearly
transparent)


Must integrate with Outlook (would be nice to integrate with Outlook

Web Access as well)


Must support file-based encryption / decryption


Must support some method for sending secure messages to people who
do not have any encrypt / decrypt software


----


I'm currently looking at PGP Universal 200 series software. It looks
good so far. Does anyone have any other suggestions, either for
requirements I should includ or for software I should review?


TIA


Tony

Re: Recommendations on encryption suites?

twhite68@gmail.com wrote:

>I'm currently looking at PGP Universal 200 series software. It looks
>good so far. Does anyone have any other suggestions, either for
>requirements I should includ or for software I should review?

Although I haven't used the latest versions, previous version of PGP have been
fine, although they require a certain amount of understanding of PK encryption
to use. I assume that the "Universal" version is one that includes a decoder
with whatever attachment you are sending.

Outlook has PK encryption built right in - all you need is a certificate
(similar to PGP public/private key pair) to use it, and it does attachments
automatically as well as signatures. When activated, there are a couple of
little buttons inthe Outlook message toolbar: one for signing and one for
encrypting.

Verisign charges for certs, but there is at least one company that will issue
email only certs for free (sorry - can't recall who). You could also get the
code to generate your own if you really wanted.

Re: Recommendations on encryption suites?

Thanks for the reply Clark. I've found out a little more since I
posted, so perhaps I can share what I've found out so far.

First, let me enlighten you on PGP Universal -- it's a server- and/or
gateway-based solution which centralizes administrative, policy, and
key management. The most obvious way in which it can be used is best
characterized by this example: User A send email to User B; the
message is at some point scanned by the PGP policy module which
determines that there is an encryption policy for the sender and
recipient(s); the PGP gateway then automatically encrypts the message
with the recipient's public key (and optionally signs it before and/or
after the message is encrypted with the sender's private key).

As for Outlook's built-in PK support, well... it doesn't support my
requirements. I also want file encryption and I want support for
Backberries.

In may recent research, I've found _many_ email encryption
applications, including: BlackSpider's Mail Control products,
Borderware's MXtreme, PostX, Entrust Entelligence, PGP Corp products,
and Voltage Security.

Of the above, only Voltage Security and PGP Corporation offer products
that fit my requirements. I have experience with PGP Desktop and have
been very satisfied, but I'm still researching the Universal series of
products. Voltage Security looks _very_ interesting and I'll be
reading up on their products very soon.

Tony