This is where ZixMail, in theory, steps in to provide a more transparent solution for companies that want to avoid the hassle of building and maintaining
server-to-client VPNs or their PKI and CA counterparts. ZixMail identifies, authorizes, and authenticates users and encrypts their correspondences.
ZixMail's environment is essentially transparent to the users. Pierce, for example, doesn't have to send his public key to all recipients and keep a database of others' keys. Instead, he asks recipients to download ZixMail, which works alongside most
e-mail programs, including Lotus Notes, Eudora, AOL and Hotmail. After he and a client swap encrypted messages once, ZixMail saves their keys and seamless adds them to later exchanges.
If it looks too easy, it probably is
Jonathan Penn, a Senior Industry Analyst at Giga Information Group, says companies lose more than they gain when they use ZixMaiil, which is proprietary and works only within its own community of users. "It's hard enough for a company to force ZixMail on its entire enterprise," says Penn. "Its ability to force product decisions on companies it does business with is extremely limited."
And because ZixMail does not integrate into e-mail systems, says Penn, users are forced to switch between their ZixMail and regular e-mail program's interfaces.
IT departments also have to make trade-offs. "ZixMail's certificates," says Penn, "don't fit into a company's scheme in terms of going to one place for certificates and to learn who's who and who can access what." Goals of instituting a single logon are impossible when using ZixMail.
Likewise, Forrester Research's Frank Prince wonders if ZixMail should assume three responsibilities that companies have traditionally handled separately: identifying, authenticating, and authorizing users. "People who authorize what you do are different from those who ID who you are," says the senior e-business infrastructure analyst. "In more complicated situations, tying authentication and authorization together could be bad." Prince recommends that larger companies that want to avoid unconsolidated certification schemes and inappropriate security clearances stay involved with and integrate their certification solutions.
Despite such concerns, ZixMail is catching on. Since the application launched in December 1999, attorneys from over ten of the nation's largest law firms -- including Fulbright & Jaworski and Pierce's Akin Gump -- have signed on, as well as web companies like ObjectSpace, Inc., a B2B services provider, and Matchmaker.com, an network of web communities.