CertifiedMail.com is a newly formed firm looking to grab a piece of the secure messaging pie.
Bob Janacek, co-founder of the Springfield, N.J.-based firm, said message security providers now need to offer improved services. He said the new U.S. digital signature law provides cybercriminals with cues on just what to look for.
"[Hackers} don't want that Viagra junk mail, hackers want the stuff that's [digitally] signed," Janacek said. "The e-sign bill addresses that [an e-mail] is yours, but it doesn't address how to make it secure.
"[Lotus] Notes has a very secure infrastructure if it's sent to another Notes user on the same server. Once it goes outside over the Internet, security drops to zero," he said.
Janacek's company offers a software service called Send Certified. The application integrates with the Lotus Notes or Microsoft Outlook environment, allowing the user to easily send secure messages from within those programs.
"If you install our Notes template that has the Certified Mail button, the button will appear on your toolbar," Janacek said.
A user can then compose a mail message and choose to either send the message normally, or encrypt the message with a digital signature by clicking the Send Certified button.
"The CertifiedMail server then takes that encrypted message and puts it in an inbox it has created for the recipient," Janacek said. "In your [Notes] inbox you get a short greeting card, saying that this e-mail is waiting for you.
"Then you click a link to get a secure path from your browser to a Web interface... You'll then see your [secure] inbox on the server in your browser, just like you would in Hotmail," he said.
As an added benefit, recipients can reply to CertifiedMail messages without having to install special software.
"Say I send you a document file. You can come to my site, you pull down the document file, you edit it, and now you want to send it back to me. You can go back to that secure link and attach your version of the document. You can securely reply back to me through that link, so you have secure two-way communication," said Janacek.
Your place or mine?
Enterprises that consider implementing Send Certified have a very intriguing choice to make. They can outsource to CertifiedMail.com's own secure messaging servers, or they can purchase an internal server.
"Say you're a small shop," said Janacek. "You're probably not going to have your own IT guy. You're not going to want another server in house, so you can use our ASP model, where you use our site for the recipients to pick up the message.
"If you're [a larger company] and have more capability, you can install an NT system," he said. "You can have a server that ships pre-configured. We'll make it look like your Web site before we ship it to you. We use [Microsoft] SQL Server 7, which installs out of the box."
Despite the $10,000 price tag, Janacek said many companies choose to have their own server because maintaining it behind a organization's own firewall eliminates potential outsourcing security risks while still utilizing CertifiedMail.com's technology.
"Basically the company that has [its own] server is pulling all its recipients back to the server to retrieve the messages, as if they were all within the firm," said Janacek.
Datamex Technologies Inc. is an Ontario, Canada-based technology development company that uses Send Certified for its enterprise message security solutions. Spokesperson Allan Cowen said the benefits are twofold.
"Using CertifiedMail's online Web service gives our staff the flexibility of always being in a position of maintaining our e-mail security policy," Cowen said.
"Our roaming field sales and technical staff can log into their respective CertifiedMail accounts using any Web browser from any Internet access point, or simply trigger a secure e-mail directly from within their MS Outlook or Lotus Notes e-mail client.
"Having our own CertifiedMail Server (CMS) will also allow us to take advantage of the potential Web-based marketing opportunities presented as our clients and e-mail recipients are linked back to our site for message and document retrieval," Cowen said.
"We have concerns with respect to where our documents are being stored, and having them outside our control is certainly an area of concern on our part. Having our own server, we can monitor, administer and tailor the services to our requirements," he said.
Enterprise customers looking for security and the ability to monitor internal e-mails will find CertifiedMail.com's services do favor the employee, but there are loopholes a company can use to maintain control of employee e-mail.
"The data is encrypted on the server, so the company would not be able to monitor a user's mail. The company can have the option of being able to decrypt messages... but by default the company can't access the messages."
Also, Janacek said that the Send Certified software can be adapted to support thumbprint identification technology, such as the combination mouse and thumbprint scanner currently being developed by input device-maker Kensington Technology Group.
Janacek said with a thumbprint scanner right on the side of a mouse "when you hit the Send Certified button, we scan your thumbprint, and we can say, 'This fingerprint matches your fingerprint when you enrolled in our system.'"
It remains to be seen whether high-tech secure messaging services will make overnight mail companies obsolete, but Cowen suspects overall confidence in technology will only grow.
"There's a place for both," Cowen said. "But the electronic world will eventually surpass what the physical world will offer, and it's good for all because it reduces costs, and saves time."