Sign on the dotted line

With fraudster’s bogus emails continuing to bombard our inboxes, we get the inside track on the use of email signature and encryption from Dr Artur Heil.

“Although you would think that today every user is well informed on how to recognise fraudulent emails, there are still a large number of cases of fraud using phishing emails”
-Artur Heil

Why should a company implement email signature and encryption?
Artur Heil. Within the hyper-competitive marketplace of the global economy companies are challenged to keep pace with the market and strengthen the trust of their customers. Nowadays remote or mobile workforces are forced to use email communication for business-critical transactions like short-term submissions of proposals or approval processes. Only digital email signatures provide the necessary non-repudiation and tamper protection for those transactions. And no business wants to see details of a new product published prior to the product launch or sensitive customer data stolen by fraudsters. Therefore, the encryption of confidential content is also mandated by best business practices or just common sense.

Are there any legal requirements to implement email signature and encryption?
AH. An increasing number of new guidelines and laws define the legal framework for secure processing, storing and archiving of business emails. An example is the EU Directive 95/46/EC on the protection of individuals with regard to the processing and free movement of personal data. So far only a few of them dictate the signing or encryption of emails, however some industries, such as utilities or pharmaceuticals, have already defined such requirements.

What have been the drivers for your customers to sign and encrypt their emails?
AH. Most of our customers are driven by explicit demands of their customers. Although you would think that today every user is well informed on how to recognise fraudulent emails, there are still a large number of cases of fraud using phishing emails. The resulting damage for the companies concerned due to the loss of image or the loss of trust by their customers can hardly be expressed in numbers. The best reassurance for customers is a high-quality digital signature on emails. It confirms without a doubt that the email in fact comes from his bank, Internet service provider or online service provider.

What are the critical success factors of an email security project?
AH. A high degree of user friendliness and low administrative and support overhead. These are at the top of the list of the criteria most often named by customers. It is a must that established business processes should not be hindered, for example with regard to rules for employee substitution during leave or when connecting mobile employees by using web mail.

Also the option to centrally implement a corporate-wide policy to ensure base-line protection for regular communication and to individually protect critical departments like research or development is of essential importance when selecting email security solutions.

What is the benefit of globally accepted certificates to an email-security solution?
AH. The benefit is increased user comfort and reliability. Email signatures and encryption can be achieved with any valid certificate. But with a self-issued certificate a recipient will be alienated by an alert telling him that the certificate used is not trusted. With a preconfigured root certificate in the email client the validation of a globally trusted certificate is done transparently for the recipient and the certificate can be trusted without double-checking as it is issued following strict rules during the vetting process. So, if binding communication with external business partners is a priority, the use of externally recognised certificates is mandatory.

What is the differentiator of TC TrustCenter's approach to eMail signature and encryption?
AH. The TC Gateway solution provides the maximum level of automation and transparency for the user. The secure email gateway manages a company's entire email communication process centrally and automatically executes all necessary cryptographic processes in accordance with corporate policies. The certificate rollout is carried out via an automatic interface already integrated as standard in many email gateways. Globally trusted certificates are issued on demand within minutes when a new user is registered. Our unique On-Demand PKI platform ensures rapid implementations and scalable pricing models whilst maintaining the highest security standards.

Dr Artur Heil is Director Marketing & Sales (EMEA) for TC TrustCenter GmbH. Heil has many years of management experiences in sales and marketing at leading software companies, among them Symantec, AXENT Technologies, PassGo Technologies and Cybertrust. He has occupied his current role since 2007.