I'm glad to see that SPX encryption is coming over from the Classic Sophos product. I have it at one client site, a medical clinic, and it's very cool.
However, the docs won't be satisfied if they can't easily confirm that the documents are being encrypted. Soooo, I don't think we'll be able to sell the UTM's SPX where HIPAA is a requirement unless the fact of encryption is logged somewhere. At the very least, in the SMTP logfile, but, preferably, also on the 'SMTP Log' tab in Mail Manager and User Portal. The ability to schedule a monthly report, as in Web Protection Reporting, also would enhance the attractiveness of the Encryption offering - in fact, that would be all that was necessary.
Another client is a military contractor, and I bet he would have similar requirements.
While this is being done for SPX, wouldn't it also be nice to do it for PGP and S/MIME?
Related feature request: Encryption: Logging for this Feature
Cheers - Bob
