Review: Proofpoint Makes Encryption Easier

If you have multiple email applications in use in your enterprise and are looking to consolidate them with a single vendor, while adding the ability to provide email encryption, it makes sense to try out Proofpoint’s On Demand Protection Server v 6.0.2.105. It operates either as a web service with nothing to install on the client end or as a hardware appliance that can be installed on an enterprise’s premises. The software features are the same for either product.

The Protection Server starts at $4,000 ($2,600) for up to 250 users and comes with a dizzying array of modules. If you opt for all of them, the price quickly rises to more than three times that amount.

I tested Version 6.0 of the Proofpoint Messaging Security Gateway Model P340 appliance on a test network the vendor set up for me. The encryption feature, which adds at least another $2,000 to the base price, is interesting because of the way the product works: Proofpoint encrypts each message using a separate symmetric key pair, and the keys are maintained in the cloud as part of the service offering. Most of the other encryption vendors use a single key to encrypt all messages.

The pair approach requires more work on Proofpoint’s end to keep each message straight. However, since everything is stored on the Proofpoint server, an administrator has more flexibility when searching for a particular message.

Intuitive encryption and effortless management

This encryption strategy is a change for Proofpoint. Prior to developing its own encryption module, the company licensed software from Voltage Security and offered it at higher cost to its customers. The Voltage SecureMail 3.3 server is still part of the product offering for supporting existing customers, but it was turned off for my review.

Like Hushmail, Proofpoint offers several options for sending a message: in the clear, encrypted or digitally signed. When the recipient receives the encrypted message, there will be an embedded web link leading to a registration system if this is the first time that individual has corresponded with one of your employees.

Key management is effortless. If a user forgets the password needed to decrypt the message, he or she can easily reset it. Compare this with the old days when you had to register each user’s key with a specific server. With this system, everything happens under the covers, and you don’t have to worry about what software your recipients are using to exchange encrypted messages.

You can also set up policies to automatically encrypt any outbound message that contains certain keywords or credit card numbers, for example.

Proofpoint encryption is hard-coded to limit the size of attachments, which are encrypted up to 20MB for secure outbound messages. Administrators can get this changed if they contact the vendor, but they can’t do it themselves.