CRES Feedback

David Owens · ‎06-05-2013

Currently we have implemented IEA appliance in the Websafe mode. However, Cisco has abandoned this product line and we are evaluatiing alternatives to this secure mail product. Of course one option would be to convert to using CRES, we are looking for feedback from current CRES users on what they like /dislike about CRES.

So far some testing has pointed out that attachment size will be an issue - we send several emails daily with larger than 10 MB attachments. Another surprise has been a large number of messages that are delivered to the recipients Junk/SPAM folder instead of the inbox. Has anyone experienced these same issues and how have you worked around them?

Also any additional feedback would be beneficial in our decision process.

Ken Stieers · ‎06-05-2013

I know that in ESA version 8, they changed the 10meg limit as I tested that in the Beta. I think the limit is now 25.

The also fixed some other CRES things in that release.

The backend/management of your CRES account is hokey, they have some work to do there...

johnsmith1000 · ‎06-08-2013

I'm consulting one of my clients on a POC using CRES and so far we have been satisfied with the results. As you may see some of my earlier questions on this forum, we have been mostly discoverying and resolving configuration questions. But so far everything has worked out to our satisfaction.

Regarding the attachment sizes, yes I have seen the reference to 10MB limit, but as Ken indicated, I think the limit has been extended. I have tested up to 15 MB of attachment and successfully encrypted and transmitted. It does take a while (up to 15 minutes) which I believe is due to IronPort throttling the bandwith (which is a good thing). We are in the midst of confirming this but so far we see smaller messages in both direction flowing nicely as couple of big ones are crancking on the background.

The management of CRES could be imporved, but it offers the basics we need. The UI is sometimes confusing, but we got over it after awhile.

We are also testing the support for mobile devices which requires signed activation files for BCE apps to be generated from the CRES admin console. It works fine. Unrelated to CRES, but just be aware that BCE native app on iPad is not available yet. We are using iPhone BCE app on iPad and works fine.

So in short, assuming that you are OK with your keys being managed in the cloud, CRES has been fine for us based on current testing.

As discussed in the earlier threads here, there are areas for improving the security which I'm hoping will some about as this service matures:

1) I would really like to see some "easy-to-deploy-use" two-factor auth such as one-time SMS passcode or software OTP token being added to CRES (for both users and admins) to enhance the security of access to the cloud-based service. I've been told that is being considered for future releases.

2) The external recipients need to log into CRES portal and reply or initiate a secure message (i.e. their message payload is visible to CRES). Would be nice to have better solutions for the privacy of the external users (outside the org) when using CRES to send secure messages.