Overview of Cisco Email Encryption
AsyncOS supports using encryption to secure inbound and outbound email. To use this feature, you create an encryption profile that specifies characteristics of the encrypted message and connectivity information for the key server. The key server may either be:
- The Cisco Registered Envelope Service (managed service), or
- An Cisco Encryption appliance (locally managed server)
Next, you create content filters, message filters, and Data Loss Prevention policies to determine which messages to encrypt.
- An outgoing message that meets the filter condition is placed in a queue on the Email Security appliance for encryption processing.
- Once the message is encrypted, the key used to encrypt it is stored on the key server specified in the encryption profile and the encrypted message is queued for delivery.
- If a temporary condition exists that prohibits the encryption of emails in the queue (i.e., temporary C-Series busyness or CRES unavailability), messages are re-queued and retried at a later time.
You can also set up the appliance to first attempt to send a message over a TLS connection before encrypting it. For more information, see Using a TLS Connection as an Alternative to Encryption.