Modernizing Authentication — What It Takes to Transform Secure Access
Our communication began with grunts and evolved into language that supported thought and abstract ideas. Skip a couple of stops on the timeline and we find ourselves in an era when the Internet introduced us to even more forms of communication, from Web pages to e-mail to instant messaging.
One of the issues that remains today, however, is to make certain that people understand not only what it is that we're saying, but that only the intended recipients come to that understanding.
Pretty good but not good enoughhttps://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i The main mode of corporate communication these days is e-mail. It has evolved somewhat over time and the idea to secure it isn't a new one. The most common method of securing e-mail is the old stand-by: PGP. Anyone could use this to ensure that their messages were secure and only being read by those who needed access to the info therein. In addition, we could ensure that the message hadn't been altered when it left us to its final destination. It is to many the perfect method of securely sending e-mail.
There are some disadvantages; the most obvious is ease of use, especially for large environments. This isn't necessarily a user-friendly option and is an add-on that users have to install onto existing e-mail programs. And because of its decentralized nature, there is still the inherent risk of imposters claiming to be someone else.
An additional disadvantage becomes apparent when messages need to be sent to multiple people. Because of the nature of PGP and using public keys to encrypt, again we run into another snag. For individuals working with more than a handful of recipients, it is a time-consuming and user-unfriendly option.
Lastly, what if I'm on the road and don't have my laptop with me? I have to have some method of transporting my private key around and I need to be able to have a machine with PGP installed along with all the public keys of those I communicate with along with me. This isn't always viable, even in this day and age of mobile computing.
Where are my keys?
So, the idea of secure e-mail went through another variation. What if we agreed on a password and that password would be what encrypted the e-mail? Nice concept. Very easy. But, how do we get the password agreed upon and send it? Well, that's what PKI is for and thus begins the road down to public certificates and such. And I might have multiple recipients. Again, not user friendly.
What about using a web-based solution? Everyone has a browser, right? And we could use SSL to ensure that the messages are sent securely. That's the answer. Isn't it? Well, we do run into the issue of space. The reality is the message is still stored, somewhere. And that might cause problems.
In addition, we now have a central point of failure. If the server goes, so does all my important data. Of course there are backups but that might take time to recover from and it may not have my important file.
Our biggest stumbling block with secure e-mail is the transmission of the key. What if there was a way to securely provide a key that would allow someone to read an encrypted message? Well, that's where Sigaba comes in.
Named after the encryption machine from World War II, Sigaba brought securing messaging to a user-friendly yet safe environment. Their primary product is the Sigaba Secure E-mail environment.
Rather than replacing existing e-mail options, this server (or rather gateway) sits in front of the e-mail server and provides mechanism by which the e-mail is encrypted. A keyserver issues out keys to recipients and/or senders to encrypt/decrypt e-mail with. An authentication server rounds out the environment by allowing for authentication through a variety of methods.