Secure Messaging?

Secure messaging consists of a set of policies and applications that allows a company to safely and securely control the flow of information coming in and going out via e-mail and the Web.

Security Policy

A security policy has two elements: a written policy and the tools, or applications, which enable the policy to be enforced and monitored. The written policy outlines a company's stance on e-mail and web usage for its employees. It needs to be detailed and it could include the following areas:

	Acceptable use of company e-mail
	Personal use of the Internet with company computers
	Communicating company trade secrets
	Receipt of inappropriate material
	Handling of Confidential materials

Of course, these are only some examples. But the message is clear: in order to protect company assets and notify employees of what is and isn't acceptable, a written policy must be in place. (We have available some examples of successful security policies. To receive copies, please submit our Feedback Form and put "security policies" in the comments section.)

Transparent Enforcement

The written policy must be enforced with a software security application.  This security application should be transparent to the end user. For example, you cannot require encryption of e-mail messages if you are not using OpenPGP or S/MIME, but this encryption should take place automatically at the server level without involving the end user at all. Conversely, while this application should be transparent to the end user, the fact that this enforcement mechanism exists should not be kept a secret, if employee compliance is expected.

Firewalls

Many companies have firewalls in place and mistakenly believe that these firewalls provide protection for incoming and outgoing e-mail. In fact, while a firewall does protect a network from unauthorized access, it does not protect e-mail. When a company installs a product such as TFS Secure Messaging Server, they now have the tools to effectively enforce e-mail and Web security.