The company is also looking into reaching out into the cloud with hosted email security services, which would take it into competition with some of PostX’s OEM partners, among others.
Both companies are private, but the deal is not expected to close for several weeks. PostX shareholders will own 7% of the merged company, according to Peter Schlampp, IronPort’s senior director of product management. PostX has several hundred customers, and a handful of OEMs, according to Schlampp.
PostX’s encrypted envelope technology enables people to send encrypted emails without needing the recipient to have decryption software installed on their client. IronPort plans to incorporate this software into its email gateways.
This will give the company a stronger regulatory compliance sales pitch, something that’s on every security company’s checklist at the moment. Customers will be able to use the same filters used for catching spam and content violations to watch for compliance-sensitive emails and encrypt them before they leave the network.
The system works by encrypting the contents of an outgoing email in an HTML attachment, and embedding some JavaScript that enables the recipient to decrypt it, without client software, if they have the proper credentials. These credentials can be stored in the envelope, on the email gateway, or on a hosted service IronPort will provide.
It also supports the ability to store the email on a web server and merely send a link, which requires authentication, to the recipient. But Schlampp said that this method, already available from several vendors, is not proving very popular.
A lot of people are moving away from that, he said. If you’re the sender you’re basically storing messages for every single email you send. If you’re a large company that means you’re storing email for all the recipients, you’re liable for their emails, and you’ve got to pay to store them.
The compliance story is also getting a boost from the inclusion of PostX’s regulation-specific lexicons, which will enable the gateway to catch emails that, for example, would fall under HIPAA regulations. The gateway would then be able to encrypt them before letting them off-network.
Schlampp said that while IronPort will offer key hosting for the new offering, it has not yet entered the hosted email security space, where the likes of SurfControl, MessageLabs and Microsoft are players.
I will tell you that going forward it would be very easy for us to start up a hosted service, and we’re looking at that, he said. This would make IronPort the second email security appliance company, after Secure Computing Corp, to reveal such plans to us in recent weeks.
The vast majority of customers who choose hosted offerings or managed service providers like MessageLabs, Postini or Microsoft Frontbridge all end up having [on-premises] gateways as well, Schlampp said. Even though you scrub messages in the sky you end up having an appliance on your gateway as well.
While the details about how IronPort would build such a service are not yet known, Schlampp claimed that competitors with two-box email gateways which also offer both hosted services do so partly so customers can take out the second box in a typical deployment. Contrary to IronPort, he said, which offers a one-box gateway.
Getting into the hosted market would take IronPort into competition with at least one PostX OEM, MessageLabs, though arguably the two companies compete already. Borderware is also an IronPort competitor and a PostX OEM.
Schlampp said that, despite the acquisition, IronPort will continue to support these existing OEMs, regardless of competition, and indeed will actively pursue more OEMs.
