How Finance in Motion enabled encrypted email communications from any device
Working with GlobalSign and KeyTalk was super. The team was extremely proactive, responsive, and sympathetic to some of the technical issues we were facing. There was communication and transparency throughout the implementation process. I would wholeheartedly recommend GlobalSign as a solution for other organizations who have the same type of security needs for their internal and external communications.
Matteo Snidero, Head of IT
| CUSTOMER PROFILE | |
|---|---|
| INDUSTRY | Financial Services |
| USER BASE | 230 internal employees and countless external contacts |
| GLOBALSIGN SOLUTION | Managed PKI for email security |
At a Glance
PROBLEM
In order to implement solid business best practices and stay ahead of the curve when it comes to safeguarding clients’ and investors’ sensitive information, asset manager Finance in Motion needed to be able to digitally sign and encrypt email communications.
SOLUTION
GlobalSign’s S/MIME email service and integration with IT security provider KeyTalk made it possible for Finance in Motion employees to easily and securely send encrypted internal and external emails from any device.
Challenge
Since its founding in 2009, impact asset manager Finance in Motion has relied on email to communicate effectively across more than 30 different countries while raising funds and investing public and private capital where it is needed to address the world’s social and environmental challenges. At the same time, the company felt compelled to protect the financial and personal information potentially being shared by employees, clients, and investors. While they had used encryption software in the past, it was not a robust enough solution to offer the security policies that their fast-growing global business demanded. Relatively quickly, Finance in Motion’s Head of IT determined that digital certificates would be necessary to develop a complete end-to-end email security solution.
Solution Requirements
- Protect the sensitive information of clients and employees. Due to the financial and personal nature of communications occurring between Finance in Motion employees, and clients, the company wanted to ensure the privacy and security of all parties involved.
- Follow business best practices. Finance in Motion sought to provide a security framework that would meet recommendations set by the Federal Financial Supervisory Authority in Germany, also known as BaFin.
- Minimize impact on end-users. With 230 internal users and many more external contacts, a seamless implementation was a top priority.
- Optimize for mobile. Finance in Motion desired a mobile-friendly solution to meet the needs of their connected workforce.
Solution
In order to prevent data leakage and ensure the privacy of clients, Finance in Motion sought the expertise of software company KeyTalk. To supplement their existing certificate and key management services, KeyTalk collaborated with GlobalSign, a Qualified Trust Service Provider (QTSP), to develop a comprehensive email security service that is affordable, easy to install and use on a variety of devices, and offers the highest level of trust possible.
GlobalSign is unique in its position as one of the first global CA’s to issue qualified digital certificates to users and organizations for the purpose of applying Qualified Electronics Signatures and Seals to documents, including regulated industries, across the European Union (EU). Our Managed PKI Platform is a cloud-based certificate management platform that makes it easy for enterprises such as Finance in Motion to issue, deploy, and manage multi-functional certificates from one central location.
For Finance in Motion, the solution works seamlessly for internal users who have been given:
- A personal S/MIME certificate issued by GlobalSign, a globally trusted public CA.
- Access to a secure email client app – in this case, an end-user app developed by KeyTalk, available for Windows, OS X, Android, and iOS. The app handles the request, installation, and configuration of the S/MIME certificate for the mail program of the user (e.g. Microsoft Outlook).
There is virtually no change in the end-user experience, although we did send some internal communication explaining the scope and importance of the implementation. For them, there is the addition of a small symbol added to their Outlook emails – that’s it. But the power of the security happening behind the scenes is huge.
On the backend, KeyTalk and GlobalSign helped the Finance in Motion IT team configure a Lightweight Directory Access Protocol (LDAP) directory service – especially designed by KeyTalk – in which every user of the secure email service will be registered and where the public keys for these users will be stored. Also part of the solution is KeyTalk’s certificate and key management system (CKMS) designed to securely manage the crypto key pairs used for the encryption and decryption of email messages and for the enrollment and management of the certificates at various endpoints (workstations, laptops, tablets, and smartphones).
One of the specific requirements of Finance in Motion was the ability to encrypt communications between employees and external contacts. This was achieved by allowing users to request a GlobalSign PS1 S/MIME certificate with a validity of a year for the external contact in question. KeyTalk then generates an automated email to both the requester and the receiver of the PS1 certificate, at which point the encrypted correspondence between the two contacts can start.
What’s Achieved?
- GlobalSign worked directly with KeyTalk developers to create and deploy an S/MIME solution to 230 internal employees’ laptops, and then replicated those certificates to be used on Android and Apple mobile devices.
- To enable external communications, the solution allows employees to invite an external user who does not have an S/MIME certificate to quickly create one – so they can have fully encrypted email conversation within minutes. Before, this scenario would take up to three weeks.
- Finance in Motion had planned to roll the solution out to clients over two months but were able to speed up the deployment to just a few weeks.
- Now the company’s IT team can control all new and existing digital certificates through the GlobalSign Managed PKI platform.
GlobalSign protects and secures your personal information, View GlobalSign Privacy Policy