Buyer's Guide

Browse Sections

Symantec Desktop Email Encryption: Product overview

Expert contributor Karen Scarfone examines Symantec Desktop Email Encryption, a tool for encrypting email messages for individuals within the enterprise.

The Symantec Desktop Email Encryption product enables email encryption capabilities for individual users within an enterprise. It provides end-to-end encryption from sender to receiver. A first-generation email encryption product, Symantec Desktop Email Encryption is based on the Open Pretty Good Privacy (OpenPGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME) protocols.

Product editions

Symantec Desktop Email Encryption has a single edition. This product provides email encryption that is manually triggered by a sender choosing to encrypt an individual email message. This is in contrast to most second-generation email encryption solutions, which provide automatic policy-based encryption to enforce organizational security and privacy policies. The Symantec Desktop Email Encryption product only works on common desktop and laptop operating systems (e.g., Windows and Mac OS X).

Symantec Desktop Email Encryption is based on the OpenPGP and S/MIME protocols.

For mobile device support, Symantec offers add-ons for iOS and Android devices. The iOS version is called Symantec Mobile Encryption for iOS, and it enables sending and receiving encrypted emails. The Android version, known as the PGP Viewer for Android, only allows viewing encrypted emails. It is not possible to send encrypted emails using this add-on.

For centralized product management, the Symantec Encryption Management Server is required. This product must be installed and running on a dedicated server.

Platform support

In terms of operating system support, Symantec Desktop Email Encryption is available for several versions of Microsoft Windows -- ranging from Windows XP to Windows 8 -- and Mac OS X. On these operating systems, Symantec Desktop Email Encryption supports the following email clients: Microsoft Outlook, Mozilla Thunderbird, Lotus Notes and Apple Mail. For email servers, Symantec Desktop Email Encryption supports Microsoft Exchange and Lotus Domino servers only.

Encryption support

Because Symantec Desktop Email Encryption is based on the OpenPGP and S/MIME protocol standards, its encryption support is quite different from second-generation email encryption products. The Symantec product supports a variety of public key and cryptographic hash algorithms and key lengths. Generally, an organization should select the strongest algorithms and use the longest keys possible; this not only thwarts current attacks, but also provides protection against future threats, particularly those that take brute-force approaches to circumventing encryption.

Licensing

Symantec Desktop Email Encryption is licensed per client device. A license can include one, two, or three years of technical support. A free trial of Symantec Desktop Email Encryption is available for download.

Conclusion

Symantec Desktop Email Encryption is a first-generation email encryption solution, which means that it requires manual exchange of keys between sender and recipient before encrypted email can be sent and read. The product is client-based, so it provides protection for email messages along the entire path from sender to recipient. Note that Symantec does provide a second-generation email encryption solution, Gateway Email Encryption, which offers automatic policy-based encryption of emails throughout the enterprise, but this product is unrelated to the Desktop Email Encryption product.

The encryption support provided by Symantec Desktop Email Encryption is quite rich, with several algorithms and key sizes to choose from. Although it’s generally advisable to select the strongest algorithms and longest key sizes, organizations have flexibility to choose the best options for their environment, taking into account performance and other factors.

Organizations that have existing public key infrastructure (PKI) deployments may find the Symantec Desktop Email Encryption solution to be quite usable because keys are already widely available for internal senders and recipients. However, for organizations without PKI deployments or that need to send emails to numerous external recipients, second-generation email encryption solutions such as Symantec Gateway Email Encryption may provide more feasible because of their increased usability.

Next Steps

In part one of this series, learn about the basics of email encryption software in the enterprise

In part two of this series, take a look at email encryption software from a business perspective

In part three of this series, learn about the procurement process for email encryption software

Check out our buyer's guide on email security gateways

Dig Deeper on Data security and privacy