If you don't want to deploy encryption for everyone and just want a few employees to have this feature, or if you have a POP-based system, then look at AppRiver. They are also appealing because of a very large attachment limit of 5GB; most of the other products could only accommodate smaller attachments.
While ProtonMail is mainly for individuals, it is a demonstration of what the current level of privacy and paranoia can do to deliver an easy-to-use encryption product. While its user interface lags behind some of the more mature products, it has a couple of features that are worth examining, including default double message encryption and how it can automatically notify new correspondents of a waiting encrypted message.
How we tested
We used a combination of Mac and Windows 7 desktop clients and an iPhone to run the various programs, using Firefox and Chrome browsers. We set up several Internet-based mail domains, changed MX records when they were needed, and added plug-ins to Windows 7 machines running Outlook 2013 and Mac Mail clients. In setting up this entire infrastructure, we looked at the following evaluation criteria:
1) Enterprise management and control features
These include how a product can recover from error conditions and how useful it is in troubleshooting email problems. We looked at how easy it was to set up new mailboxes or terminate existing ones and how to recover a lost password. We also noted in the summary chart what the various total mailbox and attachment size limits, if any, are specified by each vendor.
We looked at the different user interfaces (Web, mobile and desktop clients) and how they differ and how they are documented or supported with online tutorials and help files.
4) Encryption security features
Can you hide subject or other metadata surrounding the message? Who holds the encryption keys? Do customer messages reside on cloud-based servers owned by the vendor and if so where are they located?
5) Silk Road scenario
If you are ultra-paranoid, you might have read how the FBI arrested Ross Ulbricht for his activities with Silk Road. The FBI got around the encryption protocols he was using by seizing his laptop while he was using it in a public library in San Francisco. If this is a scenario that you want to avoid, then the only encryption products that can help you would be Datamotion and possibly Tutanova. While we recognize that none of these products is designed to evade the law, we got some interesting responses from the vendors as they pondered this scenario and we wanted to share them with you as an illustration of how the encryption products can be used in ultra-secret situations.
Sign up for CIO Asia eNewsletters.