email encryption

[jlh1]

I’m looking for information on what option there are for email encryption.
I have Exchange 2010 and Outlook 2010 install on the client systems.
I need to encrypt emails internally either by the user manually choosing to encrypt them or by policy that the automatically get encrypted. If I understand correctly Exchange 2010 and Outlook 2010 encrypt server /client communication, but I need the emails encrypted in the user’s inbox.
And I also need to encrypt emails going to clients this also can be done manually by the user or by policy.
I would like to not have to get certificates for all users individually. If I need to I would like to be able to centrally manage them.
I have read some articles on email encryption but need help sorting it out.
Do I need to get a third party appliance that would do the encryption to outside users, what would I need to use to encrypt emails to local users.
Any help would be great.
Jlh1

 

[58sniper]

You'd need an internal PKI infrastructure to do S/MIME. This would work INTERNALLY.

You don't mention WHY you need it encrypted in the Inbox, so I can't offer different strategies, including bitlocker on Exchange, etc.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.exchangeblogs.com/

 

[jlh1]

Thanks for the quick response.

Sorry for the confusion, I’m just starting to research email encryption for my company.

Management would like the ability to encrypt sensitive emails that are sent to internal users. Not every email will need to be encrypted. The user would choose to encrypt the email either by a key word with a transport rule to trigger the encryption, or by selecting a button on the email to encrypt it.

They would like the email to remain encrypted in the user’s in-box till that user manually decrypts and reads the email.

I would like to avoid having to install certificates for all internal users, and have these certificates stored and managed centrally.

Then the next step would be to encrypt external emails with the same criteria.

Please correct me if I going down the wrong path and there is another way to implement the email encryption or if there is another way to achieve the same results.
Jlh1

 

[58sniper]

Encryption of mail items requires keys. Public and private. Accept that.

Messages encrypted at the transport server are already 1/2 way there (to the mailbox). That doesn't make sense. You'll need to do it at the client. S/Mime certificates on the client. You can manage them in an internal PKI. But they're going to work internally only. And decryption is automatic when the user opens the message.

If you want to send encrypted mail to external recipients, you have to deal with keys there as well. And that's problematic at best.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.exchangeblogs.com/

 

[jlh1]

Thank you.

With your information I now have a better understanding of what I need to do.

jlh1