Re: Email Security Policies/Practices for Staff

[Curt Wilson <curtw () SIU EDU>]

We have made selective use of Mozilla Thunderbird + Enigmail plugin for
GPG with good success. However, for a larger rollout such procedures
have been deemed too complex by some portions of our university
community. The users want something to be simple and easily managed, and
of course it needs to be enterprise ready, scalable and inexpensive too!

Is anyone leveraging PKI for email encryption? The state of Illinois
offers PKI resources that our campus is intending to leverage, first for
electronic signature verification and then later for other security
purposes. Even with the actual technical infrastructure being provided
by an entity such as this, it's my basic understanding that managing a
campus PKI is generally a full-time position, if not more. I'm curious
to hear your experiences with PKI on or off-list.

Thanks.
Curt Wilson
SIUC IT


Mike Wiseman wrote:
> Hello,
>
> I'm interested to find out if institutions are implementing
> policies/practices/services on using email with sensitive or
> confidential content. I'm thinking of staff working in HR,
> administration, financial, admissions, network operations, etc. who want
> to (or do) use email and need end-to-end security services to
> reduce exposure to forgery and information compromise. Services such
> as email authentication (digital signing via S/MIME or PGP) and/or
> encryption (S/MIME, encrypted archives, key storage).
>
> The issue comes up occasionally and people like me give the usual 'don't
> do it - it's not secure' line. I'd like to look at recommending products
> and/or providing the services required.
>
> Mike
>
>
> Mike Wiseman
> Manager - Computer Security Administration
> Computing and Networking Services
> University of Toronto


--
Curt Wilson
IT Network Security Officer
Southern Illinois University Carbondale
618-453-6237

GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc