What are the email security options? Part 4
1 Dec 2022 | Jindřich Zechmeister
In the final part of the email security mini-series, we'll look at how you can easily secure not only your mail in transit, but also the message content itself as well. And it won't take you or the administrators hours of work to set up.
Let us introduce the KeyTalk Secure Email Service
You already know from our articles that if you want to send email messages enabling authentication, you need an S/MIME certificate to prove your identity. In addition to your identity, the electronic signature you create with the certificate proves the message’s immutability (the fact that no one has changed it along the way). These are obvious benefits, but a personal S/MIME certificate needs to be made available to the user in order to use it. And this is where the problem begins.
Previously, deploying S/MIME certificates meant lots of hard work, during which the administrator had to go around all the company's employees and set up their personal certificate on each of their computers. Before this demanding distribution and mail client setup, someone had to provide the users with an S/MIME certificate, which was another significant extra job.
However, those days are over and with KeyTalk you can obtain and deploy all S/MIME certificates in your organization fully automatically. This is ensured by the central KeyTalk CKMS server, which you don't even have to manage if you use the the KeyTalk Secure Email Service (SaaS) cloud version.
How it works
KeyTalk Secure Email Service will provide you with S/MIME certificates for all your users (employees) and can install them on all their devices. From the administrator's point of view, all you have to do is purchase the service, configure it and start using it. Time and financial savings increase with each issued S/MIME certificate!
Whether we consider KeyTalk as a cloud service or an on-premise server, its heart is the CKMS server, which is used for safe key storage, communicates with other external systems, and controls agents that deploy the certificate on the user's device (so-called endpoints).
The KeyTalk server has sophisticated logic and really saves work. For example, it obtains user identities and information about them from the organization's Active Directory or LDAP server, but it can also have an internal user database. To obtain certificates, KeyTalk then connects to the API CA, in our case DigiCert. After the certificate is issued, KeyTalk downloads it and if needed, stores it in the Active Directory. It will do all the time-consuming work for you.
Thus, the administrator only needs to ensure that the KeyTalk agent is running on the employee's computer; it can run in the background and its startup can also be automated. The agent is a small program that ensures communication with a central server and, after obtaining a certificate, can set it up on the system and in Outlook. Of course, the certificate will also be extended before the end of its validity. The computer user can concentrate on work with no distractions because the agent does everything silently in the background. Centralized computer management makes it easy for administrators to secure the entire organization and obtain S/MIME certificates for all employees.
Secure your company mail completely and perfectly
The aim is global S/MIME certificate use throughout the organization and the widespread signing and encryption of emails. Since S/MIME certificates from DigiCert are fully trusted, there is no problem communicating reliably, even with entities outside the organization.
Emails secured in this way cannot be read or falsified (content or sender) by anyone along the way, but they will not be read even if they reach the mail server where the messages are stored.
Don't hesitate to try KeyTalk in your company
Are you interested in trying KeyTalk Secure Email Service and securing your company mail? Do not hesitate to contact us for a non-binding offer or trial.
In addition to the aforementioned service, KeyTalk is also available for on-premise deployment. You can download a virtual server image from the manufacturer's official website and run it on your preferred platform. You will have the KeyTalk CKMS server’s management in your hands, but I recommend leaving it to the manufacturer and using KeyTalk HSES as a pure SaaS product. Then you don't have to worry about anything at all.