Home>MeSign Zero Trust Email Security Solution

MeSign Zero Trust Email Security SolutionNo signature, No trust; No encryption, No trust; for all emails.

Email security is already a permanent topic, and it is also a chronic disease. There are nearly 300 exhibitors at the 2019 Europe InfoSecurity, of which 134 companies provide products and services related to email security, accounting for as much as 45%. This shows that email security is indeed a big problem. According to statistics from Microsoft website (May 2021), during the current epidemic, email usage in the business and education industries increased by 28% year-on-year, and more than 90% of phishing attacks were carried out via email, Office 365 detects and blocks nearly 40 million phishing emails every month. Why do so many email security vendors have launched so many products and solutions, but email security incidents still occur so frequently?

The Internet Crime Complaint Center (IC3) of the US Federal Bureau of Investigation recorded nearly 20,000 complaints about corporate email security incidents in 2020 alone, with an estimated loss of more than $1.8 billion. These can only illustrate one problem: the current email security solutions still have a lot of room for improvement, and different innovative solutions are needed.

Zero Trust, a hot security concept and security strategy, can completely solve the problem of email security! MeSign Technology has found a perfect solution through years of hard work. A Zero Trust email security solution based on PKI technology can solve the problem of email security. According to the concept of Zero Trust, email security can be ensured if the following four points can be achieved:

  1. (1) Do not trust emails without digital signatures, because the sender of the email can be forged. Only a digital signature can ensure that the sender's email address is true and cannot be forged.
  2. (2) Do not trust unencrypted emails, because whether the cleartext email comes from a self-built mail server or a cloud mail server, there is no guarantee that the email content has not been illegally tampered with, and the authenticity of the email content cannot be guaranteed.
  3. (3) Do not trust the “very secure” that the email service provider advertises, because even if TLS encrypted transmission is used, it can only guarantee the security of the email transfer process, and if the recipient’s mail server does not deploy an SSL certificate, it will be unable to realize the entire TLS encrypted transmission. According to the second point above, emails that do not implement end-to-end encryption are still stored in cleartext in the mail server, and there is no guarantee that the content of the email will not be illegally used or illegally leaked.
  4. (4) Do not use username/password authentication to Web login and view your email, it is indeed convenient for you, and it is also very convenient for hackers. You should disable insecure username/password login schemes, use other strong authentication methods, or disable Web login directly.

MeSign Zero Trust Email Security Solution can completely solve the problem of email security. Every email is encrypted with the recipient's public key when it is generated, which not only guarantees the security of the email during transmission, but also stores it in cipher text in the mail server. After the recipient receives the encrypted email, he can decrypt it with his private key to obtain the confidential information in the email. Other users (including cloud email service providers) are unable to decrypt this email, thereby ensuring the security of the confidential information of email. In other words, according to the Zero Trust principle, we cannot trust the email service provider, and emails must be encrypted before they can be securely stored on the mail server in the cloud.

The best solution for email encryption is to use S/MIME technology to implement email encryption and digital signature. Commonly used email clients such as Outlook, Thunderbird and Apple Mail all support S/MIME email encryption and digital signatures. Why doesn’t everyone use digital signature and encryption to protect email security? This is because S/MIME encryption is too complicated. The three hurdles of applying for certificate, exchanging public keys, and managing keys keep users out of the door that can really solve the problem of email security. Only MeSign Technology really adopts PKI technology and Zero Trust security concept completely solves the problem of email security.

MeSign Technology has built the MeSign Cryptographic Infrastructure, and at the same time has developed the email client software-MeSign App. The "cloud" and "client" work together to realize the automatic configuration of email certificates for users, automatically send encrypted emails and automatically decrypt the encrypted emails. The core reason why MeSign App can achieve automatic email encryption and decryption is to completely solve the cumbersome key management problem, so that users can use any device to obtain the encrypting key for decrypting the encrypted email anytime, anywhere. For no need to exchange public keys in advance manually and send encrypted emails directly, this is because we have built a public key exchange system. MeSign App can automatically connect to the cloud public key exchange system to obtain the recipient's public key for sending encrypted emails.

And, to meet the high security level requirements of the government agencies, financial agencies and large enterprises on managing their encrypting key independently, MeSign Technology provide a solution for these users to deploy an enterprise key management system. Users only need to purchase the MeSign Enterprise Key Management System (EKMS) and connect the Enterprise KM to the Intranet. All the computers and mobile devices must connect to the Enterprise KM, which facilitates the devices to retrieve the private key of the encrypting certificate. After obtaining the encrypting key successfully, users can start to use the email encryption function provided by MeSign APP normally. The enterprise KM system cannot access the Internet, and it is limited to employee computers and mobile devices to access within the intranet to ensure the security of the key management system. For users who cannot connect to the Internet, they only need to purchase the MeSign Enterprise CA System and deploy it on the Intranet to provide users with email certificates and public key exchange service.

MeSign Technology adopts the concept of Zero Trust, does not trust cleartext emails, and uses PKI technology and cloud cryptographic service to completely solve the ease of use of S/MIME email encryption, allowing users to easily send encrypted emails and digitally signed emails using MeSign App. MeSign Technology let every email to have a digital signature and a trusted identity, completely eliminating email fraud! And let every email be encrypted into a ciphertext with a certificate to completely prevent email leaks!