[ejr]

"messaging" Implies that these notices travel from A to B likely in your own network, but you added "secure". This suggests the network itself is only password protected and is a compromise - or two? - away from revealing what is being sent. The purpose of encryption is to limit the damage should eavesdropping of the network occurs.

Ex: Your routers, switches, RAID storage etc. are not immune to rootkits. However, if your message from A to B is encrypted and only decrypted locally by B, you've limited the exposure of this information.

[allegory]

Everything is only a compromise or two away from being revealed. It may be one compromise away and we don't know it (yet). Cat and mouse my friend, that is all.

There are no passwords - we use our own CA system, PKI, carefully selected cipher suites, physical security, mutiple vendors' products, logical isolation, tiered architecture, an IDS system, mirrored environments, tamper detection and automatic key disposal.

And I still don't sleep because there are a thousand ways around it all.

Still, we have insurance.

[ejr]

That's a rather bleak outlook, but I don't blame you. Obviously you can't name which specific company you work in, but may I ask which sector in finance you do?

[allegory]

It's the chains of being responsible for the security :-)

Integration between various companies, nothing more. We're a hub.

[BillFranklin]

Thanks for the info. I work in email encryption so it's useful to know what specifically makes it appealing.