Managed Email Services for Business
Managed Email Services for Business
| Key Features | IBE | PKI | Webmail | Symmetric |
| Examples | Safeserve | Entrust PGP Desktop |
Tumbleweed Entrust WebMail Center PGP Universal |
PostX Sigaba |
| Usabiltiy | No certificates, web mail, messages received in inbox | Complex certificate management by end users | Messages received in parallel web inbox | Always need to be online |
| Disaster Recovery | One-time backup; server can be restored in minutes | Requires continuous backup of every new key | Requires continuous backup of every new msg | Requires continuous backup of every new per-msg key |
| Scalability | Millions of users inside and outside the firewall; servers can be replicated on-the-fly | Generally limited to inside the firewall; difficult to manage certs for outside users | Extremely difficult; requires huge SAN to store messages and make them available | Extremely difficult; key-per-message means that all keys must be stored forever, |
| Message Retention | Easy through on-the-fly key recovery; messages can never be lost | Requires special archival key | Requires separate cold storage; system crash can result in loss of mail | Requires backup of every key in system; system crash can result in loss of mail |
| Ad-Hoc Messaging | Inherent in IBE: email address used directly as key | No true ad-hoc support: requires pre-enrollment of all recipients | Ad-hoc support requires messages to be stored on server | Requires end users to be online for every transaction |
| Message Viewing Options | Through integrated client agents or clientless in browser | Requires client install | Must be read in separate webmail inbox in browser | Through client or browser; “secure envelope” systems susceptible to dict. attacks |
| Authentication Options | Unlimited; options for pre-enrollment, portal integration, directories, and two-factor auth | Limited; year-long cert lifetime requires complex authentication | Limited options; often just username/password | Limited options; often just username/password |
| BlackBerry Support | Seamless integration with BES server; no device-level software | Requires new device-level software, certs pushed to device | Not available | Not available |
| Integration with Anti-Virus, Anti-Spam, Archiving | Supports complete end-to-end security with message hygiene at edge | Extremely difficult; requires special ADKs that must be distributed | N/A: Doesn’t support end-to-end encryption | Extremely difficult; requires all keys to be continuously available, distributed |