E-mail encryption solutions

By Pasq24 ·

I work for a medium size company in the healthcare industry and we are in the process of evaluating email encryption solutions for HIPAA compliance. We are currently using a hosted PGP solution that is only enabled on a single desktop. This has become a problem due to increased volume and the complexity of the PGP application for the sender. We are looking for a broader, more simple solution. We haven't decided on whether we would like an appliance vs a hosted solution so we have been looking at both. We would like to have about 100 users to have the capability to send encrypted email.

The three we have been looking at are Microsoft's hosted services encryption, Cisco's Ironport pxe appliance, and Sophos SPX encryption.

My question is what experience do you guys have with email encryption solutions? What does your company use and would you recommend the product?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by TobiF In reply to E-mail encryption solutio ...

What do you need to protect the data from? Eavesdropping on the line or local access at the PC?

What encryption is used on the other side? Not all solutions interwork happily.

PGP can be pretty well integrated into the work of some mail clients.

Collapse -


by Pasq24 In reply to Environment?

They would be sending personal health information (PHI) to other healthcare facilities, referring doctors offices and hospitals. As per HIPAA, this information needs to be encrypted as it falls under data in motion so it's mainly over the line.

Their facilities encryption system shouldn't matter as all of the solutions we are looking at manage keys, authenticate and decrypt using our appliance or our hosting service.

Collapse -

A lot depnds on the email solution you use

by robo_dev In reply to E-mail encryption solutio ...

For Microsoft Outlook, the PGP Desktop Email Encryption app seems to work well for several of my clients. (Or at least I don't hear them complaining about it). It's used so that a keyword in the subject header automatically encrypts the outbound mail.

Collapse -

Agree - PGP could do it

by TobiF In reply to A lot depnds on the email ...

A corporate setup with PGP could handle this. Their corporate solution can be setup to work almost seamlessly, automatically enrypting and decrypting mail.

However, if the most important thing is to just protect the connections, then you might force everyone to send their mails via one "secure" server, which will enforce SSL/TLS on both SMTP and POP. And Voil?! Everything travels encrypted!

Related Discussions

Related Forums