What is SPX Encryption?

Secure PDF Exchange (SPX ) has many advantages compared to other encryption models, including:

  • Simplicity of setup: it takes less than 10 minutes to get up and running.
  • A familiar process means protection of sensitive email data without changing your user's experience.
  • There are no client requirements, since the PDF file format is ubiquitous and is supported on multiple platforms.
  • When offline, there is no requirement to connect to the internet to view or open encrypted messages.
  • Fully customizable template management provides a consistent end user experience tailored to your department/group or policy.
  • Flexible password management allows passwords to be communicated out-of-band, or created by end users through a scalable registration system.
  • Secure reply functionality through an HTTPS web portal allows end users to reply securely to encrypted messages.

SPX enables immediate compliance with internal or external data protection regulations and privacy guidelines. A point-and-click policy engine integrates with Microsoft Active Directory services to make policy administration simple and effective.

How SPX Works

  1. Unencrypted email messages are sent to the Email Appliance, which converts each message and any attachments to a PDF document, which is then encrypted with a password. You can configure the appliance to allow recipients to select their own passwords via the SPX Secure Email Portal, or the appliance can generate passwords for recipients.
  2. The encrypted message is then sent to the recipient's mail server.
  3. The recipient can then decrypt the message using Adobe Reader, and the password that was used to encrypt the PDF.
  4. [Optional] If secure reply is enabled, the recipient can respond securely by clicking the Reply button that is embedded in the encrypted PDF. If the optional Reply All feature is enabled, each recipient can choose to respond securely to both the original sender and to all other recipients.

Encryption Standards

Sophos uses industry-standard 128-bit AES encryption to encrypt the secure PDF messages. This is a FIPS-compliant standard adopted by the U.S. government, and used in many applications to provide a high degree of security for confidential data.

SPX On Mobile Platforms

SPX-encrypted email messages are accessible on all popular smartphone platforms that have native or third-party PDF file support, including Blackberry and Windows Mobile devices.

PCI Compliance

PCI compliance is not directly related to SPX encryption, but an increasing number of organizations are bound to these requirements as part of their overall data protection strategy.

While Sophos is unable to provide a blanket guarantee of PCI compliance of our appliance products due to constantly changing regulations, we are constantly testing our appliances and updating them as necessary to best keep up with the compliance requirements. As such, Sophos is able to confirm that our appliances are fully PCI compliant when deployed according to our best practices as of testing that took place in December 2009.