White paper. Why Encrypt? Securing email without compromising communications



Similar documents
Top 10 Features: Clearswift SECURE Gateway

Encryption Services

How To Secure Mail Delivery

PineApp TM Mail Encryption Solution TM

Encryption Services

Compliance in 5 Steps

Tumbleweed MailGate Secure Messenger

Security Solutions

Encryption Made Simple

Secure Frequently Asked Questions

Encryption Made Simple

Clearswift Information Governance

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting

Implementing Transparent Security for Desktop Encryption Users

Why Encryption is Essential to the Safety of Your Business

When Data Loss Prevention Is Not Enough:

BANKING SECURITY and COMPLIANCE

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

CIPHERMAIL ENCRYPTION. CipherMail white paper

Secure Your with Encryption as a Service

Secured Enterprise eprivacy Suite

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Options for encrypted communication with AUDI AG Version of: 31 May 2011

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Malicious Mitigation Strategy Guide

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

ZixCorp. The Market Leader in Encryption Services. Adam Lipkowitz ZixCorp (781)

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Document Imaging Solutions. The secure exchange of protected health information.

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

INSTANT MESSAGING SECURITY

A Guide to Secure

Receiving Secure from Citi For External Customers and Business Partners

DJIGZO ENCRYPTION. Djigzo white paper

The Benefits of SSL Content Inspection ABSTRACT

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Securing Microsoft Office 365

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

How To Understand And Understand The Security Of A Key Infrastructure

INFORMATION SUPPLEMENT. Migrating from SSL and Early TLS. Version 1.0 Date: April 2015 Author: PCI Security Standards Council

A NATURAL FIT. Microsoft Office 365 TM and Zix TM Encryption. By ZixCorp

Achieving PCI Compliance Using F5 Products

Enterprise Data Protection

Dispatch: A Unique Security Solution

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Security in Fax: Minimizing Breaches and Compliance Risks

mkryptor allows you to easily send secure s. This document will give you a technical overview of how. mkryptor is a software product from

Evolution from FTP to Secure File Transfer

Taking a Data-Centric Approach to Security in the Cloud

Transport Layer Security (TLS) About TLS

Policy Based Encryption Z. Administrator Guide

Protecting Data-at-Rest with SecureZIP for DLP

Compliance in the Corporate World

A New Standard in Encrypted . A discussion on push, pull and transparent delivery

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Evaluation Guide. eprism Messaging Security Suite V8.200

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Secure User Guide

Secure User Guide

A Buyer's Guide to Data Loss Protection Solutions

Axway SecureTransport Ad-hoc File Transfer Service

A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway

How To Protect Your From Being Hacked On A Pc Or Mac Or Ipa From Being Stolen On A Network (For A Free Download) On A Computer Or Ipo (For Free) On Your Pc Or Ipom (For An Ipo

W H I T E PA P E R. Providing Encryption at the Internal Desktop

Trend Micro Hosted Security Stop Spam. Save Time.

Trend Micro Encryption (TMEE) Delivering Secure . Veli-Pekka Kusmin Pre-Sales Engineer

Secur User Guide

White Paper. Keeping Your Private Data Secure

IBM Data Security Services for endpoint data protection endpoint encryption solution

Why you need secure

Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution

Djigzo encryption. Djigzo white paper

Global security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

TECHNICAL WHITE PAPER. TLS encryption: Is it really the answer to securing ?

Securing enterprise collaboration through and file sharing on a unified platform

DLP Quick Start

Problem. Solution. Quatrix is professional, secure and easy to use file sharing.

Compliance Quick Reference Guide

Transcription:

White paper Why Encrypt? Securing email without compromising communications

Why Encrypt? There s an old saying that a ship is safe in the harbour, but that s not what ships are for. The same can be said of enterprise data. If a company s success is increasingly determined by its ability to act on information, a fundamental requirement of that success is the enablement of unfettered communications between co-workers, partners and clients. 2 Why encrypt? For many companies, data loss prevention (DLP) has, for too long, emphasised the management of internal data, blocking sensitive information from leaving company networks. But this is not a real world solution when email continues to be the main channel over which employees distribute and share what is often confidential information. Research undertaken by the Enterprise Strategy Group indicates that up to 75 per cent of intellectual property is sitting in email data stores. Forrester s finding that email is second only to removable storage as the most common cause of enterprise data leakage puts a worrying slant on that first statistic, not least when you factor in their finding that one in five outgoing emails contains data that poses a legal, financial or regulatory risk. The great challenge of email is that its ubiquity and centrality to any organisation make it simultaneously the most vital and most vulnerable link in the business chain. Encryption is a vital component of any DLP strategy. It allows businesses to exchange sensitive information without compromising on security; even if data is intercepted, encryption makes it unreadable and renders it tamper-proof. The evolving business landscape While many organisations recognise the need to enable pervasive use of email and other, evolving, communications channels, they re also increasingly concerned about the IT security risks arising from more open communications across the business. Preventing data loss, from accidentally misdirected email to the intentional and malicious revelation of trade secrets by an aggrieved employee, is a significant issue for any business. Additional pressures have come in the form of a growing range of government and industry regulations aimed squarely at data security and privacy. In most of the world s major markets, data security and privacy are now mandated by law for companies of all sizes and across industry sectors. Federal laws such as SOX, GLBA, HIPAA, the UK s Data Protection Act and other similar national data privacy legislation in Australia and Japan, among others, all require that organisations don t simply put policy in place and then forget about it, but that they proactively seek to prevent data breaches. In the UK, for example, the Information Commissioner (ICO) has announced that data losses that occur where encryption software has not been used to protect the data are likely to result in regulatory action against the offending organisation. Since 2010, the ICO has had the power to fine organisations that breach the Data Protection Act, with the largest fine to date being issued in June 2011: 120,000 for incorrectly addressing sensitive emails. Meanwhile, in the US, the Ponemon Institute reports that the average cost of a cyber attack in the year to August 2011 was $416,000 a 70% increase on the previous year. The same research found that each breach took an average of 18 days to resolve, rising to 45 if the source of the leak came from within. Apart from the financial costs, current and future business lost through reputational damage and diminished customer trust form a significant component of the damage that can be caused by even the smallest of breaches. Waiting for something to happen isn t just bad practice, it s placing increasing pressure on IT security professionals tasked with managing and mitigating risk in a threat landscape that s changing on an almost daily basis.

White paper: Why encrypt? Data losses that occur where encryption software has not been used to protect the data are likely to result in regulatory action With research from a broad range of sources indicating that not only are data breaches on the rise, so too are the costs associated with them (upwards of 71 per record, translating into almost 2 million per average incident in the UK in 2010, according to the Ponemon Institute), the stakes have never been higher. Research from the Ponemon Institute has found that 75 per cent of organisations implement security solutions after data breaches, with 70 per cent of them selecting encryption as their preventative measure of choice. s SECURE Email Gateway provides an easy-to-use approach to secure email conversations. The technology enables customers to provide the privacy, authenticity and integrity of communications that secure messaging offers, but without the complexity and high administration costs of other systems. The SECURE Email Gateway with integrated encryption technology enables businesses to communicate with confidence while protecting them from the risk of sensitive data loss. Encryption and decryption are performed automatically and centrally, within flexible policy parameters and without the need for user interaction. Choosing an email encryption solution Simply adopting a one-size-fits-all approach and encrypting all company data is a costly exercise. Not all data is sensitive, and encrypting everything that enters and leaves your network can become a drain on resources as well as creating an unnecessary layer of complexity over day-to-day data access and use. Among the factors to consider when choosing an encryption solution are user experience, deciding when to encrypt and the choice of underlying technology. s Encryption Technologies: Key features ENCRYPTED (SITE TO SITE) ENCRYPTED (SITE TO RECIPIENT) ENCRYPTED (DESKTOP TO DESKTOP) STANDARDS BASED CRYPTO STRENGTH KEY EXCHANGE OR PASSWORD RECIPIENT TRANSPARENCY TLS Yes No No Yes Medium No Yes S/MIME, PGP Yes Yes Yes Yes High Yes Site to Site - Yes Encrypted to Recipient may require key and client plugin Password (Windows) No Yes No Yes Medium Yes Yes Password (AES) No Yes No Yes High Yes Portal No Yes No Yes High No Requires Zip package that supports AES256 May require plugin for push messages 3

Why encrypt? User experience It s a fact of human nature that the more difficult or cumbersome it is to do something, the more likely they ll be to find a way of side-stepping it. Make the corporate email security experience a painful one and it s likely that many of your employees will simply try and circumvent the system using webmail accounts to transmit company data. It s vital that you factor ease-of-use into your choice. When to encrypt Best practice calls for encryption to be part of an automatically enforced Email Security Policy. Removing the decision-making from end users doesn t mean limiting their ability to share and communicate information, however. A flexible system is context and content aware, subjecting data to deep analysis, content inspection and examining intended recipients before making the decision to encrypt whether the end-user selects that option or not. s SECURE Email Gateway contains built-in routines allowing organisations to define automated parameters that will trigger encryption based on any of the following elements of a message: Sender Recipient Subject line X-header Message body Any attachments: not just file names but also including content beyond simple word scanning. Using defined triggers, SECURE Email Gateway may choose to encrypt a message containing an excessive number of credit card or social security numbers, for example. The solution can also use pre-defined dictionaries or permit users to create their own set of words and weightings. s solutions can detect business terms and profanities in 40 languages; an extensive collection of managed lists, editable terms and compliance dictionaries includes: Payment Card Industry Data Security Standard (PCI DSS) Personally identifiable information Basel II Data Protection Act Gramm-Leach-Blilely Act Health Insurance Portability and Accountability Act (HIPAA) Securities and Equities Commission (SEC) Sarbanes-Oxley Act (SOX) The underlying technologies No two companies are identical, so being able to offer a broad range of encryption technology options ensures maximum flexibility. The encryption requirements for securing B2B messages are, for example, likely to differ from those for B2C recipients. The technology used should be user and function appropriate. s SECURE Email Gateway employs one of the widest ranges of encryption options available to end users, in a number of different industry-standard formats: S/MIME, PGP and ad hoc password protection, including AES (Advanced Encryption System). The encryption protocols and standards used in s SECURE Email Gateway solution are: Transport Layer Security (TLS) TLS is the email equivalent of Secure Sockets Layer (SSL) for the web. It allows seamless encryption between two servers without encrypting the message itself, offering, if you like, a secure tunnel through which the message can travel. No additional software or interaction between sender and recipient is required. TLS installs SSL certificates on the servers involved, establishing a safe, encrypted channel over which messages are delivered. This is particularly useful in situations where two different companies, such as a client and a vendor, wish to exchange confidential data. Because TLS used in this way doesn t protect messages sent to other addresses in the public domain, many organisations implement opportunistic TLS mode. Messages sent to third parties in this mode automatically seek out and favour a connection using the TLS protocol. This eliminates the need to configure TLS for each separate party an organisation needs to communicate with. TLS Encrypted Tunnel All traffic is encrypted Alice Bob encrypted following a key exchange with the other gateway decrypted using this gateway private key 4

White paper: Why encrypt? s SECURE Email Gateway uses both forced and opportunistic TLS. While the technology is widely used to secure the path over which data is transferred, it doesn t secure the message itself. To do that, are variety of message encryption techniques are available: Secure MIME (S/MIME) This is a standards based message encryption algorithm based on a public key model. Supporting strong encryption, S/MIME is effective for sharing sensitive data with users outside a TLS connection. All users have a pair of keys: one private, one public. Using S/MIME, messages are encrypted and decrypted when the sender and recipient exchange public keys. The information the recipient provides for the sender to encrypt the message is not the same as that used to decrypt it. Similarly, while the sender may use the recipient s public key, they do so without fully knowing the information contained in it, thus adding a further layer of security. Key exchange is both a strength and a weakness. On the one hand, both parties can exchange data with some assurance that they know who they re communicating with. On the down side, the act of exchanging keys requires a conscious decision on the part of the sender and recipient, inserting an extra layer into what should be the simple process of sending and receiving mail. Encryption key management can also become an administrative headache. Keys have to be monitored, stored, applied and, on occasion, revoked. They must be available 24/7 if information is to flow freely. For the same reasons, they need to be backed up. In large organisations sending large volumes of email, the number of keys to be managed can grow at an exponential rate. s encryption solution eliminates these concerns as there are no certificates or keys for users to worry about. The SECURE Email Gateway is centrally configured, encrypting and signing mails without the need for end user action. S/MIME can be used in gateway to gateway mode, where Systems Administrators create a secure connection between systems in much the same way as they do for TLS, but this method can also be used to secure mail exchanged between desktops. The SECURE Email Gateway automates this process, detecting the content or direction of travel before encrypting on the sender s behalf in one of the following ways: 1. Desktop to desktop, with content checking of messages 2. Gateway to gateway, with content checking prior to encryption 3. Gateway to desktop, with content checking followed by encryption OpenPGP (PGP) S/MIME & PGP - GATEWAY TO GATEWAY Message is sent encrypted Alice Bob encrypted using the public key from the target gateway decrypted using the private key of this gateway S/MIME & PGP - GATEWAY TO RECIPIENT Message is sent encrypted Alice Bob encrypted using Bob s public key which has been registered in the local certificate store Message can not be decrypted unless it has a copy of Bob s private key Bob can decrypt the message using his private key 5

Why encrypt? OpenPGP (PGP) This protocol, like S/MIME, defines standard formats for encrypted messages, signatures and certificates for exchanging public keys. Although PGP and S/MIME offer similar services, they have very different formats, making them incompatible and therefore incapable of sharing certificates. This can cause problems in a business setting but, as s solution supports both standards, secure communications between users of either format are enabled. As with the other encryption technologies used in s SECURE Email Gateway, this process can be automated based on content or destination in one of the following ways: 1. Desktop to desktop, with content checking of messages 2. Gateway to gateway, with content checking prior to encryption 3. Gateway to desktop, with content checking followed by encryption SECURE ENCRYPTION PORTAL secured so that only the intended recipient can read it sent to Pickup Centre using TLS encryption Notification message generated for recipient Browser HTTP/S Alice un-encrypted Notification message sent to recipient from senders gateway to preserve SPF (etc) records for authenticity of sender Bob Bob receives message and clicks on hyperlink to connect to portal Bob can also reply to Alice via the Secure Portal Portal based encryption As with the other encryption options in s SECURE Email Gateway, portal based encryption can be automated to perform the task on the user s behalf, based on either content or direction of travel: 1. Gateway to desktop using web pull delivery 2. Gateway to desktop using web push delivery Given that the technological savvy of your intended recipient can often dictate which method of encryption you use, it s worth noting that portal based encryption is an easy-to-use method requiring no knowledge of encryption. Encrypted messages sent using PBE can be opened on all types of devices, from PCs to phones and tablets. Using an Infrastructure as a Service (IaaS) hosted encryption platform in conjunction with a SECURE Email Gateway customer allows users to receive and reply to encrypted messages and attachments without the need for any special client software. 6

White paper: Why encrypt? Encryption makes sense Encryption enables organisations of all sizes and functions to deliver the privacy, authenticity and integrity of communications that today s business and regulatory environment demands. s SECURE Email Gateway with integrated encryption technology takes the uncertainty, complexity and high administration costs out of the process, enabling businesses to communicate effectively with the confidence that they are protected from the risk of sensitive data loss. As the international regulatory environment increasingly requires that any organisation engaged in the processing of personal data take proactive steps to protect against leakage, encryption has moved up the business agenda as a key component of any strategy to mitigate risk, including criminal liability, heavy fines and reputational damage. As human error continues to be the main cause of data breach, s automated encryption solution can help your organisation to take the guess work out of security, providing you with an interoperable one-stop shop for all encryption requirements, giving IT administrators total control over their web and email environments. If you d like to find out more, contact your local team: UK info@clearswift.com +44 (0)118 903 8903 Australia info@clearswift.com.au +61 2 9424 1200 Germany info@clearswift.de +49 (0)89 904 05 206 Japan info.jp@clearswift.com +81 (3)5326 3470 Rest of Europe info.es@clearswift.com +34 91 572 6764 United States info@us.clearswift.com +1 856 359 2360 7

www.clearswift.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information