Dispatch: A Unique Security Solution

Transcription

1 Dispatch: A Unique Security Solution sales / support [email protected] web 8740 Lucent Boulevard, Ste 101 Highlands Ranch, CO, WP005-1

2 Organizations use every day to store, deliver, and discuss sensitive information, such as financial data, business plans, intellectual property, client and employee records, and more. Current security products consistently fail to provide the security and control businesses are looking for, and consistently succeed at annoying IT administrators and employee end users. As a result, many businesses have limited or delayed the implementation of encryption services. The Absio Dispatch application enables organizations to secure their communications by invisibly encrypting each individual message and attachment automatically. Dispatch adds the optional ability for senders to control what recipients can do with messages and attached files once received. Senders can determine in advance if recipients can save, print, copy, forward or reply all to a message, and if recipients can save, print or copy from attached files. Senders can also set messages to expire at a certain time, or recall sent messages on demand. Dispatch is easy to use, easy to manage, and provides real security and control over your communications. In order to determine if Dispatch is the right solution for your organization, you should answer these two key questions: 1. Why among the various security risks you face, why should security be a high priority? 2. Why Dispatch does Dispatch address risk better than other available solutions from a security, control, and ease-of-use perspective? Preface 1

3 WHY ? Every business would like to secure and control its critical digital information at all times, everywhere it exists. Digital information can be categorized two ways: (i) structured (stored in a database), and (ii) unstructured (files, such as s, Word or Excel documents, PDFs and pictures). While database applications generally provide a means of controlling structured data, unstructured data is typically shared between multiple users on multiple systems across multiple domains. This makes it nearly impossible to know where the data is, who has access to it, and how it is being used at any given time. messages and file attachments are types of unstructured data. While your organization may have some form of secure file repository, how many copies of sensitive messages and attachments are stored on your service provider s servers, as well as your employees and their recipients devices? From the standpoint of security and control, is likely the most out-of-control application used by your organization. In essence, each time an employee sends an , you are outsourcing the security of the communication and any attached files to the recipients, whether they are inside the organization or not. Securing and controlling with existing security products has proven impossible, because they all use legacy protocols (underlying rules computers must follow in order to enable communications) that were never intended to be secure or to enable control. Understanding the deficiencies of legacy protocols is critical when selecting an security solution. 1. Weak user authentication and permissions. Since you don t know and can t choose who is sending you , you need spam blockers to keep inbound from flooding your inbox, and anti-malware to keep hackers from using to install malicious software (phishing attacks). Unfortunately, anti-malware vendors cannot keep up with the pace of new attacks. Two-factor authentication (such as requiring that a user verify their address via a web link) and various data loss prevention technologies (inspecting outbound for sensitive information like social security numbers) are partial compensations for not being sure who is sending you or who is receiving the you send. 2. Transmission in the clear. HTTPS and TLS protocols work to the degree that servers are properly configured, and software is updated on every link in the communication chain. messages are sent through many and varying servers between the sender s device and the final recipient s device. Each of those servers is vulnerable to attack, and often messages are only encrypted between the sender s device and the first server in the chain. Why ? 2

4 3. No control of intermediate servers. As mentioned above, messages and attachments are sent to multiple servers between the sender s and recipients devices. Unencrypted messages are often read and/or copied and stored by several of those intermediate servers. None of the legacy protocols provide visibility or audit records to know what is happening to received by each server. 4. No protection of in storage. The vast majority of messages and attached files are in storage at any given time. The number of copies and where they are stored is unknown. Major breaches are a result of storage attacks, which are far easier to execute (lost or stolen device, malware, etc.) and result in a greater volume of valuable information. Transmission security does nothing to protect s and files in storage. In an enterprise environment using Microsoft Outlook, with or without Exchange, messages and attachments are stored in clear text on the company s server and on end user devices. 5. No control over redistribution. Even if an is stored and transmitted securely, once accessed by a recipient, the sender has no control over redistribution of the message and attachment contents. The sender loses control over who receives the content, what they do with it, and whether or not it is redistributed securely. To better understand the deficiencies of legacy protocols, it s useful to understand all the places where content may travel or be stored. SENDER DEVICE SENDER ISP/SERVER RECIPIENT ISP/SERVER RECIPIENT DEVICE Internet Connection Internet Connection Internet Connection Potential Risks SENDER OR SENDER DEVICE INTERNET CONNECTION ISP OR COMPANY SERVER RECIPIENT OR RECIPIENT DEVICE Sender mistake Device hack/attack Lost or stolen device Eavesdropping Server hack/attack Subpoena Other breach Recipient mistake Unintended distribution Device hack/attack Lost or stolen device Why ? 3

5 For to be secure, it must be automatically secured everywhere messages and attachments exist on the sender s device, on company servers, in transit, on the service provider s servers, and on the recipient s device. The sender also needs to be able to decide in advance what recipients can do with the messages and attachments they send, and know that the receiving application will reliably enforce those controls. This is not possible using legacy protocols, but is possible using a new protocol designed to implement security by default and control on demand. WHY DISPATCH? Dispatch does not rely on legacy protocols. Originally developed to secure battlefield communications, the Dispatch application uses a new, patented protocol that enables automatic, persistent encryption of messages and attached files in storage and in transit, and optional control over what recipients can do with received messages and files while in use. Senders can rest assured that their sensitive messages and attachments will be stored and shared securely by default, and that the rules they set are reliably enforced by the Dispatch application on their recipients devices. Using an application provides a host of usability and security benefits. Many security solutions force recipients to open a separate web portal to access secure messages and files. If your recipients need to access any of the messages or attached files outside the portal (e.g. offline), there is no option other than to allow them to download the content to their devices in an unsecure and uncontrolled format. With Dispatch, users install the application, sign up for an Absio account one time, and then are able to send and receive secure and controlled messages within a familiar interface. Since Dispatch uses an updated protocol, it can be used right within your Outlook client. Legacy messages and Dispatch messages are integrated in the same inbox, and Dispatch messages can be stored and moved into any Outlook folder. In addition, an easy-to-use, standalone version of the Dispatch application is available for desktop and mobile devices. Combining everywhere, all the time security, optional usage controls, and an easy-to-use application interface allows Absio to offer the following unique feature set through Dispatch: Each Dispatch message and attachment is individually encrypted in storage and in transit with its own encryption key. In virtually all other secure technologies, all your messages and attachments are encrypted and decrypted using a single encryption key, which is a much easier exploit for any attacker. Why Dispatch? 4

6 Dispatch messages and attachments are automatically stored in encrypted form on both sender and recipient devices. Most secure technologies do not provide for automatic encryption at the device level, and, as a result, your s are readable if your or recipient s device is lost or stolen. Dispatch messages are automatically stored in Absio s patented Obfuscating File System, where the filenames of stored messages and attachments are intentionally unrecognizable. Other secure providers store encrypted messages with recognizable filenames and types. If filenames and types are recognizable, attackers can see what to attack and attempt to decrypt by brute force. When logged in to Dispatch, only the messages and attachments currently being viewed are decrypted. With most other secure services, all your messages are decrypted when you are logged in. If malware has been installed on your device, all those messages are available to an attacker. In addition to username and password, Dispatch requires the presence of a user key file on the local device to log in and access messages. Without this additional level of authentication, compromised usernames and passwords can enable an attacker to access your from any device. Other secure technologies fail to apply this additional level of authentication. Dispatch messages and attachments are encrypted on the local device before transmission to the Absio server. Most secure technologies do not encrypt the message or attachments until they reach the server, meaning the service provider has access to the encryption keys and can decrypt your (whether required to do so, or if they are subject to a breach or mistake). Absio never has possession of user passwords or unencrypted key files. We can t read your or enable others to do so. With Dispatch, every message and attachment is provably sent, received, and stored in encrypted form, meaning that under most current regulatory requirements (including HIPAA, GLBA, SOX and others), a breach of data would not be reportable. The vast majority of even secure vendors cannot provide this assurance, and a breach would very likely need to be reported to the relevant governmental agency and to those affected by the breach. Why Dispatch? 5

7 Previously sent Dispatch messages and attachments can be recalled. If not, it s very difficult to recover from messages sent by mistake or in haste. Most secure vendors do not provide this capability. The sender of a Dispatch message can set an expiration time for sent messages. If not, recipients can retain messages and attachments for as long as they want whether you want them to or not. As with recall, most secure vendors do not provide this capability. Dispatch offers the most extensive set of control capabilities available today. The sender of a Dispatch message can control a recipient s ability to forward messages, print messages and attachments, save messages and attachments, copy and paste message and attachment contents, and reply all to message recipients. If not, recipients, or those who successfully attack recipients, can do whatever they like with the messages and attached files. With Dispatch, a free user can initiate secure communications with a paying user. Most other secure technologies only provide non-paying recipients the ability to reply to a message, not initiate one, which fails to respect the security of inbound communications from customers or clients, and incents customers and business partners to bypass secure solutions. Corporate administrators of Dispatch can manage group users and encrypted archives. If not, it is difficult to implement secure and to meet regulatory or corporate requirements for retention. Unencrypted archives are a high-value target for attackers. Dispatch is available as a plug-in to Microsoft Outlook, a standalone Windows desktop application, and a standalone mobile application for ios and Android devices. A standalone OSX application will be available in early The business service plan also includes a comprehensive administrative console for managing group users and policies, and a searchable archiving application to store encrypted messages. Archived Dispatch messages can also be exported to other unencrypted archiving tools or e-discovery systems. Absio s dedicated support team ensures enterprise administrators have constant help from US-based employees deeply knowledgeable in the Absio product suite. If you are looking for a solution to truly secure and control your communications, contact us today for a demonstration of Absio Dispatch in an enterprise environment. Why Dispatch? 6