GlobalSign Ready S/MIME feature enables users to secure email certificates

GlobalSign announced the latest version of the company’s Public Key Infrastructure (PKI) management platform, Auto Enrollment Gateway (AEG).

AEG 7.5 breaks down the barrier that prevents many organizations from protecting against dangerous cyber attacks such as spear phishing and CEO fraud.

With AEG 7.5, GlobalSign is introducing the Ready S/MIME feature, taking the silent installation of Secure/Multipurpose Internet Mail Extensions (S/MIME) certificates a step further, by automatically configuring certificates in Outlook for Windows. Ultimately, end users can be set up with ready-to-use secure email certificates behind the scenes and with minimal IT involvement, eliminating the current barrier and pain point of deploying email security certificates at scale.

The improved capability is made possible via GlobalSign’s cross-platform agent (XPA), which sets policies, automatically enrolls, provisions and installs certificates – providing identity for an organization’s plethora of devices.

According to analyst Mark Cortner in a January 5, 2022, Gartner report titled ‘How to Implement Exchange Online (Microsoft 365)’, “One of the challenges with S/MIME is the distribution and complexity of managing certificates and keys for each recipient. This is problematic for large-scale management and for integration with individuals outside the organization.” 

Email security attacks are increasing exponentially, with some of the most dangerous taking place when attackers impersonate executives and employees. S/MIME protects organizations from these kinds of email-based cyber-attacks. Historically, the lack of auto-configuration for S/MIME has been a very significant barrier to deploying email certificates at scale. Configuring them was tedious, forcing IT admins to go station to station, or relying on end-users to follow step-by-step instructions, which leaves room for error and inconsistent S/MIME configurations. The work is never-ending due to the need to continuously replace them at regular intervals as well as manage the process. With the auto-configuration capabilities of AEG 7.5, it all takes place seamlessly behind the scenes via its proprietary XPA.

Additionally, version 7.5 introduces Key Roaming, mitigating data-loss in encrypted emails if a key pair is lost. Users can also revoke batches of certificates based on filtered results, and individual selection among filtered results.

Key Roaming automatically and securely distributes the most recent valid certificate that the user enrolled for of its type. This prevents duplicate enrollments when a user logs into a new machine, prevents buildup of redundant certificates in global access lists (GAL), and makes user migration to new laptops, workstations, and BYODs easier by making their existing encryption keys available, providing retro-active access to their encrypted emails.

“Traditional deployments of SMIME Certificates require end-user or IT manual intervention to complete the final setup steps in Outlook. Ready S/MIME automates the entire provisioning process, so the certificate is fully ready for use in Outlook” said Devan Rice, Senior Product Manager. “With the dramatic increase of phishing attacks in the last several years – many of which have led to data breaches and ransomware attacks – email security is very much on the minds of CISOs, IT teams and admins. The upgrades we’re introducing today to AEG could not have come at a better time.”  

He added: “As an added benefit, our latest updates to AEG are going to free up time for IT administrators, and that is a huge win especially at a time when managing certificates in increasingly shorter lifecycles is a reality.”  

With certificate lifecycles constantly being reduced due to numerous industry forces, an automated tool is an absolute necessity to help businesses maintain their certificates with confidence. With AEG, GlobalSign is bringing 25 years’ worth of PKI expertise to your organization, so your IT team can focus on their core competencies, rather than digital certificates and keys. As your trusted partner, we manage the security, high availability, and CA operations, ensuring you meet SLAs and satisfy compliance audits, while limiting unnecessary risks involved with breaches and incidents, staff turnover, and costly compliance fines.