Zix wins 5-vendor email encryption shootout

Previous 1 2 3 Page 3

The idea is that Zix will encrypt a message whenever possible, as long as there’s a secure pathway between the sender’s and recipient’s mail systems. You can configure your policies to do this, or to use one of its various secure protocols that are supported. Zix calls this “best method of delivery” and it is an important advantage and why you would want to choose it for your email provider. This means if you are sending email to another Zix customer, you don’t have to do anything special to encrypt your message traffic. If recipients aren’t Zix customers, their messages will be delivered using TLS protocols, or sending an encrypted HTML attachment (this last method is similar to how the other products work).

David Strom

At the heart of the Zix encryption ecosystem is an innovative email DLP. This is included at no extra charge and perhaps one of the more important motivations for making use of their product. You set up content rules like in other DLP systems, but the rules are very easy to assemble, and you get a dozen or so pre-built ones to get you started that make things even easier.

All content is scanned including subject lines, message text and attached files. If the DLP engine finds a match with a policy rule, the mail is encrypted. If you use Outlook, you can also set the “confidential” flag in your message and that will trigger an encryption process.

The email DLP policies also show the power of the product. With some DLP solutions, you have to worry about syntax, encryption certificates, or other plumbing issues. Zix takes care of all of that for you automatically. These rules are all click and set in a series of web screens that are very simple to navigate and the Zix support staff will help you assemble them if you can’t figure them out. So for example you can create a rule that automatically encrypts any email that has a Social Security number or other personally-identifying information in it, or automatically encrypt a message with a particular recipient/sending combination.

You’ll notice that there are no client pieces: you make use of your standard email clients. There is no additional software needed if you choose the gateway approach, since they handle the entire encryption and certificate processes. This also means no plug-ins, which is a nice touch.

One of the nice features is two separate training-based intranet sites (called User Awareness Programs). One is for customers, the other is for employees. Both walk you through the numerous features of the product. It is customized with your own landing pages and screen shots, and is well organized so a new staffer in your organization (or customer) can understand what Zix is doing in about 15 minutes.

Some other advantages: Zix maintains multiple data centers, including one in Europe if that is an issue for customers located there. Also, file attachment limits are set by the support staff from 1M to 50MB.

There are two big drawbacks to Zix. First it doesn’t support sending messages from a smartphone. Like Symantec, there is no specific app that needs to be used, and all email needs to happen in the phone’s browser. You either use a webmail client or respond to a message that you have sent from the Zix web portal. When you access the portal you can see its responsive design that takes into account the smaller browser real estate. The other use cases are all covered: end-to-end encryption with Outlook plug-in, gateway-to-gateway or gateway-to-supported email server.

The second issue is the various web portals that are needed to manage the product. There are many different parts to the product: the gateway code itself, which either runs in the cloud or can be installed as a physical appliance or a VM instance. There is a separate component, which handles quarantines, and a separate Web-based portal for messages that are sent to non-Zix users.

The gateway has a series of different web-based management screens: one for general operations, one for DLP management, one for reports about message traffic and one for handling quarantined messages. Each has its own URL, which means that is a lot of screens to visit, and to train your staff on. Obviously, they are working on consolidating and updating these into a more coherent package.

I had an issue with time-outs on my login screen to the overall web portal. Zix would lock me out during some but not all times when I returned to this screen. I couldn’t recreate this and the company couldn’t track this issue down. There is another issue, its reports lack any real flair and are fairly basic.

Pricing is one of the other advantages of Zix: everything is bundled in one simple all-inclusive price, depending on the number of individual senders that are licensed. This includes whatever server instance (cloud, VM, or appliance), whatever support is needed to get up and running, and minor ongoing support once your system is configured properly to your particular set of circumstances. Sample pricing is $3,500 per year for up to 25 senders, or $53,250 for up to 1,500 senders, based on a three-year commitment. This works out to about $3 a user a month for volume agreements. The one extra-cost option is the quarantine manager, which adds another $115 per year for up to 25 senders or $17,250 for up to 1,500.

How we tested email encryption

We used a combination of Mac and Windows 7 desktop clients, an iPhone and an Android tablet to run the various programs, using Safari and Chrome browsers. We set up several internet-based mail domains, and added plug-ins to Windows 7 machines running Outlook 2013 and any browsers to support the various email products’ encryption features. In setting up this entire infrastructure, we looked at the following evaluation criteria:

1) Enterprise management and control features

These include how a product can recover from error conditions and how useful it is in troubleshooting email problems. We looked at how easy it was to set up new mailboxes or terminate existing ones. We also noted in the summary chart what the attachment size limits, if any, are specified by each vendor, how encryption keys are handled, and if any residue remains on endpoint devices.

2) Documentation

We looked at the user interfaces (Web, mobile and desktop clients) and how they differ and how they are documented or supported with online tutorials and help files.

3) Ease of encryption

Ease of use when it comes to applying encryption is now an important feature. This includes how to recover a lost password, how various endpoints encrypt and decrypt messages, and what DLP-like features are included.

This story, "Zix wins 5-vendor email encryption shootout" was originally published by Network World.