Home / Secure Email as a Service

SECURE EMAIL AS A SERVICE

“Using Software as a Service (SaaS) should always be considered, particularly for enterprise IT and back office functions”

UK Government Cloud First Policy – June 2023

Our Secure Email SaaS provides a cost-effective pay-per-user service, built to the highest security standards within a closed community of users giving you confidence your data is only being shared and seen by the intended recipient

Security

At the heart is security. Built upon NCSC Secure by Design Framework and Zero Trust Architecture, the service implements technical controls including

  • Enforced TLS 1.2 and 1.3
  • Phishing resistant Multi Factor Authentication (MFA)
  • DMARC, SPF and MTA-STS Compliance and Monitoring
  • 24/7 Protective Monitoring
  • Mutual TLS (mTLS) enforcement for SMTP relay customers.

Assured to handle OFFICIAL data with sensitive marking, all data is encrypted at rest and in transit. Meets NCSC email security standards for anti-spoofing and privacy.

Certification

All our services are designed against the highest security standards and are independently assessed and certified. We adopt the NCSC NIST v2.0 Framework, Cloud Security Principles and AWS Well Architected Framework as key foundations for our Information Security regime.

We independently assess our services against ISO27001:2022 and NCSC Cyber Essentials Plus annually.  Finally, we engage with independent CREST accredited Penetration Test partners to undertake an annual IT Health Check.

Integration and Connectivity

Customers can access the service in a number of ways, providing them flexibility to integrate the service with their own IT environment. Customers can access through:

  • Web browser – supports all latest browser versions and is tested against WCAG 2.1 Level AA
  • Mobile App access
  • Integrating on prem SMTP email services
  • Cloud email services including Office 365 and Google Workspaces

The secure email user Directory, exposes an API enabling users to look up secure email addresses directly from their email clients, seamlessly integrating the services into the customers ecosystem.

Closed Community

The service operates as a private ‘Closed Community’ where secure emails can only be exchanged between users and organisations within that closed community. External emails cannot enter the community and secure emails cannot accidently be sent out of the community.

Organisations applying to join the community are security assessed prior to joining and throughout their time using the platform. Our real time monitoring proactively flags organisations that may have fallen below an acceptable threshold, enabling our security teams to take immediate remedial action and maintain the integrity of the service.

Scalability and Reliability

Working with our cloud partners, we utilise serverless architecture and Well Architected design patterns to ensure our service can scale during peak times and increased demand from customers.

The service is provided using a High Availability (HA) scalable architecture across multiple UK locations. We prioritise the security and integrity of our service by:

  • Reviewing and testing our Business Continuity Plans
  • Initiating independent Well Architected reviews
  • Ensuring ongoing certification against ISO27001:2022
  • Conducting Non-Functional Testing including failover and chaos engineering

Other Services

Managed Testing Services

Secure Platform PaaS

Secure Messaging SaaS