When Wells Fargo & Company looked for a new way to exchange confidential information with its business customers, it made security a priority. But ease of use was also a concern, says Bipin Sahni, a vice president in the bank's wholesale banking group.
"The user experience was very important to us," he said.
Secure email systems traditionally have been too cumbersome for the end user, he said: "In the past, certificates were used everywhere and not all customers are tech savvy. … It's not feasible for the customer to go through the hassle."
San Francisco-based Wells Fargo looked at three email encryption products and chose Voltage Security's SecureMail, which Sahni said is easy for both customers and employees to use. The bank began rolling out SecureMail a couple years ago in a phased deployment; currently 20,000 employees and customers in the wholesale banking group use it, sending about 60,000 secure emails a month.
Aside from providing security benefits, SecureMail has saved time and money in mailing confidential customer documents via an express mail service, said Sahni, who manages Well Fargo's Wholesale Architecture & CEO-Mobile application development team. The product also easily integrated with Wells Fargo's existing Microsoft Exchange messaging system.
Palo Alto, Calif.-based Voltage uses Identity-Based Encryption (IBE), which some call an easy alternative to PKI, said Randall Gamby, an independent information security analyst based in New York.
"The reason is, instead of having to exchange certificates, certificates are generated on Voltage's key server on the Internet for IBE," he said. "The good thing is you have a third party who is managing the certificates." IBE commonly uses the end user's email address as the public key, he said.
While users don't need to download anything to use SecureMail, the process isn't automatic, Gamby added. A user is prompted to click on an encrypted email, and the click sends the user to another server, which prompts him or her for some identifying information like an email address that unlocks the message, he said.
An organization that restricts employees from accessing the Internet would need to change their policy in order to use SecureMail, he added.
In a Burton Group report last year, Gamby wrote that the market for secure messaging is fragmented with no one vendor commanding a substantial share. He wrote that the market is hampered by too many standards and that a lack of a universal framework impedes interoperability.
Other email encryption companies include pure-play vendors such as PGP Corp., ZixCorp, Entrust Inc. and DataMotion Inc. Trend Micro Inc. entered the market last year when it bought U.K.-based Identum Ltd, and in November announced its Email Encryption Gateway. IronPort,, which is part of Cisco Systems, added encryption with its acquisition of PostX.
Wells Fargo will likely broaden its Voltage deployment, Sahni said. The bank has a license that could expand the deployment to approximately 175,000 users.