Button Up
RU ENG
Product Wizard
Home  >  Articles  >  E-mail message and attachment security

News

09.01.2013

The review of tools to secure email messages and attachments

e-mail securityWhen you use electronic mail as a means of transferring important confidential information, several problems arise that concern the reliability of protection of such information against unauthorized viewing. Information security experts all around the world face the problem of secure transfer of data and documents attached to electronic messages.

What solution does the market offer? What is suitable for big and middle-sized companies, and what is good for small companies and individuals?

There are a number of companies around the world that offer various solutions for security of email messages and attachments against unauthorized access and use.

This paper describes some of the solutions and evaluates them according to several parameters.

What the market offers

For convenience, we divide all market offers into corporate systems (Type 1) and web services (Type 2).

 

Functionality

Type 1
(corporate systems)

Type 2
(web services)

1

Protects against viewing by unauthorized persons

yes

usually available

Binds the secured message to user account/hardware

usually available

rarely

2

Sends secured messages to external email (that is not a part of the corporate email system)

yes

usually available

3

Sends secured reply

rarely

no

4

Uses corporate mail server

usually available

no

Uses external mail server of the service provider

usually available

yes

5

Reports on how the secured message is used

yes

usually available

6

The sender can manage the messages after they are delivered (delete a message, modify the rights)

usually available

rarely

Specifies the number of views of the secured message

yes

rarely

Determines the time of the message/attachment viewing and the period of its existence

yes

rarely

7

Installation of a third-party viewer is required

rarely

no

8

Supports mobile platforms

usually available

rarely

9

Integration with Outlook

yes

rarely

Integration with с Lotus Notes

usually available

rarely

10

Secured attachments separately from the message body

usually available

Yes, but at the server level. There is no protection against access by unauthorized persons

11

Supports different attachment formats (pdf, txt, jpeg, rtf, xls)

rarely

no

12

Manages print rights

usually available

rarely

Protects against grabbers

rarely

no

13

Protects against remote access

rarely

no

14

Pricing policy

Commercial use

There are free offers with limited functionality, for individual persons

Review of the offers

  • The first-priority task is to secure email messages and attachments against unauthorized viewing. To do so, information encryption and binding to a certain object are applied. It is assumed that it is impossible to read the information without the binding object. All corporate systems implement such functionality. As for the web services, some of them send messages to the recipients in plain text form. The recipient authentication is performed by the login and password that give permission to download the secured message to the recipient’s mail client.
  • It is highly important to be able to send messages to third-party organizations and unknown senders. In such a case, it is impossible to use standard corporate DLP systems. Protection should be embedded into the message. All corporate systems of email security and almost all web services implement it.
  • Almost none of the systems available on the market can send protected replies.
  • If a company does not want to use third-party mail servers but wishes to deploy the system on the company’s hardware, this can only be implemented by some of the corporate systems, but not by the web services. Meanwhile, individuals and small companies are more likely to use an external mail protection server and not to spend time and money for deployment of such a server.
  • Tracking the statistics on how the secured message is being used can be of use for marketing or when the recipient is not entirely trustworthy. In this case, the sender can see who, when and where has got access to the secured message and can use the information to protect her/his interests.
  • Imposing certain restrictions on the secured message and attachment usage is connected with the previous subject. For example, the sender wants the message to be available only during one hour after it has been opened for the first time, or wishes to distribute it only in a single country.
  • Secured information cannot be viewed by standard tools until special modules that decrypt messages and attachments are installed. The developers of the protection services have provided for the use of third-party viewers. Such tools can be delivered as an attachment to the secured messages or as a download link in the message body. It may seem inconvenient at first, but a closer look shows that such functionality is very useful:
  • When information is stored by the recipient in plain text form, it will be fully available to the third parties if they get access to it. If you want to store information in a secured format and not be concerned that somebody views it if it is stolen, it should not be decrypted when the recipient opens the message. The information can only be viewed by a special viewer in this case.
  • Special viewer can restrict such features as printing, screen capture, etc.

In most cases, the viewer should only be installed once when the recipient opens the message for the first time.

  • Support of mobile devices is an important part of the email message and attachment security system. Modern business tends to use mobile devices to remotely access corporate and confidential information. Both system types offer special applications compatible with mobile OS to view the secured emails on a tablet or a smartphone.
  • All systems of the first type support Microsoft Outlook. Some, but not all, systems support Lotus Notes. As for the web services, each and all of them allow viewing secured messages only in a browser.
  • A sender often sends an attachment along with the message. It is the attachment that contains confidential information. Therefore, the message body does not require protection, but the attachment does. Such an option is available with most, but not all, corporate systems. As for the web services, they operate in the same way as with the message body protection, i.e. the attachment is stored in a secured format by the provider, but becomes unprotected and can be viewed by anybody after it is downloaded to the client.
  • Files of different formats can be attached to the message. However, the protection does not support all of the formats. The most popular format is pdf, because it is a general-purpose format and can contain text and graphics, as well as multimedia content. Therefore, pdf is a default format for the attachments in all systems. Few corporate systems support other formats, while web services do not support other formats at all.
  • Protection against printing and grabbers (screen capture) is only available with the systems that have their own viewers. Web services do not provide for the feature. Corporate systems seldom have such a feature.
  • Security of messages or attachments against being viewed when the user’s computer is accessed remotely is also rarely used, though it is necessary in some cases. Web services do not provide for the feature. Corporate systems seldom have such a feature.
  • All corporate systems imply commercial usage. As for the web services, some of them provide free usage, but with limited functionality and for individual persons only.

The opinion of an expert

Madina Yunusova, Marketing director for StarForce Technologies:

We have analyzed the market during the development of our custom solution and have decided what methods would allow a client to achieve maximum effect:

  • Fast and simple integration of the solution into the existing information system of an organization.
  • Embedded DRM functionality to remotely control and secure messages and attachments.
  • High cracking resistance level.
  • Applying print control, disabling screen capture and securing email attachments are obligatory.
  • To effectively manage the email correspondence, it is necessary to define its usage policy and obtain statistics on how the documents are viewed.

Our company uses all the above-mentioned methods in its solutions.

Conclusion

All the offers have very different features; however, corporate systems are more suitable for big and middle-sized organizations, while web services are more for individual persons and small companies. The number of the available options can satisfy the most demanding clients. In the present-day world, however, demanding much of the information protection is a guarantee of future security and peace of mind, rather than a drawback.

About StarForce Technologies

StarForce Technologies (www.star-force.com) is a leading vendor of information protection, copy protection and code obfuscation solutions for software, electronic content and audio/video files. Since 2000, StarForce has been successfully developing and implementing its state-of-the-art security solutions, providing copyright and intellectual property protection worldwide. Two of these solutions were transformed into StarForce cloud services: sfcontent.com protects e-Documents against illegal copying and distribution and sfletter.com secures emails.

StarForce is a reliable and responsible Technological Partner for enterprises potentially incurring losses due to cyber-gangs, hackers, software piracy, unauthorized data access and information leaks. StarForce’s customers are Russian Railways, Corel, 1C, Mail.ru, Aeroflot, SUN InBev Russia, AMD Labs, ATC International, MediaHouse, Russobit M, New Disc, Buka, Snowball, 2Play, GFI, CENEGA, Akella, etc.

Press contacts:
pr@star-force.com

Back to the list

Ask a question

News

16.02.2023
New StarForce Reader released for Android
We have released a new version of StarForce Reader for Android
19.01.2023
New StarForce Reader released for iOS
We have released a new version of StarForce Reader for iOS
13.01.2023
New StarForce Reader released for macOS
We have released a new version of StarForce Reader for macOS
26.12.2022
New StarForce Reader released for Windows
We have released a new version of StarForce Reader for Windows
Copy protection of audios and videos for Apple macOS
Data protection on USB

Solutions Community Work with us Support About
Business information security News Become a partner For customers Profile
Electronic documents protection Blog Our partners For end users StarForce Legends
Protection of books, educational software and e-learning materials Partner replication plants FAQ Clients
Software and games protection SF Helper utility Contacts
Source code protection and obfuscation
Video and audio files protection
Data protection on USB flash drives
CD/DVD optical discs protection
Copy protection with binding
DRM protection for software and files
Software licensing
ATM security
Custom software development
Protection Technology, LLC +7 (495) 967-14-50 sales@star-force.com    
© 2000-2024. All rights are reserved. Privacy Policy. Sitemap support@star-force.com