This content is part of the Buyer's Guide: The best email encryption products: A comprehensive buyer's guide

Proofpoint Email Encryption: Product overview

Expert contributor Karen Scarfone examines Proofpoint Email Encryption products, which come with data loss prevention capability and a Secure Share add-on for secure file sharing.

The Proofpoint Email Encryption product provides enterprise-level email encryption functionality. This includes automatically encrypting sensitive outbound email through a policy-based gateway and enabling the secure transfer of large files via email messages through the Secure Share add-on.

Product editions

The Proofpoint Email Encryption product only comes in a single edition. It is part of a larger solution, the Proofpoint Enterprise Privacy product. The main feature of this product, besides the Email Encryption component, is a Data Loss Prevention (DLP) capability. It is commonplace for DLP and email encryption technologies to work hand-in-hand because the DLP can detect potential policy violations involving email-transmitted data, and the email encryption technology can encrypt or block affected email, thus safeguarding their data from interception.

There is an additional add-on for Proofpoint Enterprise Privacy known as Proofpoint Secure Share. The purpose of Secure Share is to enable the secure sharing of large files containing sensitive information via email encryption. So Secure Share works hand-in-hand with the Email Encryption product.

Platform Support

Proofpoint Enterprise Privacy with Proofpoint Email Encryption is available as a local enterprise-deployed capability, such as a virtual appliance, or as a cloud-based service. The Proofpoint Secure Share add-on is available as a cloud-based offering only.

Encryption support

The Proofpoint Secure Share add-on is available as a cloud-based offering only.

Proofpoint Enterprise Privacy's encryption algorithm is the Advanced Encryption Standard (AES) algorithm, with encryption key length of 256 bits. Use of the AES algorithm and 256-bit AES keys is widely considered a sound practice and should provide strong security against both current and future threats.

Proofpoint has several Federal Information Processing Standard (FIPS) compliance certificates for its cryptographic libraries. This means Proofpoint has had an accredited third party do validation testing on its products' cryptographic capabilities to ensure they meet minimum standards. However, because these compliance certificates do not specify the exact products they correspond to, prospective customers should check with Proofpoint to ensure the products they are evaluating are covered by one of the FIPS compliance certificates.

File encryption support

As mentioned above, the Proofpoint Secure Share add-on can support the ability to transfer large files via email. This can take the place of File Transfer Protocol (FTP) usage and other alternative file transfer mechanisms, potentially providing a more usable and secure file transfer capability.


There is limited licensing information publicly available for Proofpoint Enterprise Privacy. However, as already mentioned, it is available both in a local instantiation, or virtual appliance, and a cloud-based service. The Email Encryption product and the Secure Share product are both separately available through their own licensing arrangements.

Free trials of many Proofpoint products are available. The Email Encryption and Secure Share products are available as part of the Proofpoint Enterprise Privacy product trial.


Proofpoint Email Encryption is an add-on to the Proofpoint Enterprise Privacy product that provides email encryption for the enterprise. The Proofpoint Secure Share add-on enables the secure transfer of large files via email encryption. Together, these solutions are a great way to implement email encryption capabilities for organizations already running the Proofpoint Enterprise Privacy product or organizations that would benefit from acquiring it and leveraging its DLP capabilities.

The Proofpoint products do not require a particular email server or client type because they run separately as a virtual appliance or a cloud-based service.

Proofpoint Enterprise Privacy's encryption is state of the art, using AES with 256-bit keys. The status of FIPS compliance is not 100% clear, so make sure to check with Proofpoint on its products' FIPS compliance status during product evaluation. Licensing is a bit complex because the product is available as both an on-premises and cloud-based offering; again, check with Proofpoint for the latest information on how its products are licensed, depending on which solution is appropriate for your organization.

Next Steps

In part one of this series, learn about the basics of email encryption software in the enterprise

In part two of this series, take a look at email encryption software from a business perspective

In part three of this series, learn about the procurement process for email encryption software

Learn about how enterprise encryption is becoming more resistant to reverse engineering.

Check out our buyer's guide on email security gateways.

This was last published in April 2016

Dig Deeper on Data loss prevention technology