Secured email Global Communication version 4.6

Similar documents
Encryption Recipient Guidelines

Cryptzone Group AB (publ) The Simple Encryption Platform An Overview. Created 2011 For technical questions

1. How to Register Forgot Password Login to MailTrack Webmail Accessing MailTrack message Centre... 6

Secure Mail Registration and Viewing Procedures

SECURE User Guide

Receiving Secure from Citi For External Customers and Business Partners

Using etoken for Securing s Using Outlook and Outlook Express

Secure Client Guide

Bank of Hawaii Protecting Confidential . What's in this User Guide

Secure User Guide. Guidance for Recipients of Secure Messages from Lloyds Banking Group

How To Secure Mail Delivery

CIPHERMAIL ENCRYPTION. CipherMail white paper

Barracuda User Guide. Managing your Spam Quarantine

DJIGZO ENCRYPTION. Djigzo white paper

Your is one of your most valuable assets. Catch mistakes before they happen. Protect your business.

Secur User Guide

This document provides a brief, end-user overview of the Cisco Registered Envelop Service which has been implemented by Sterne Agee.

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

Policy Based Encryption Gateway. Administration Guide

Policy Based Encryption Gateway. Administration Guide

Djigzo encryption. Djigzo white paper

Cloud Services. Cloud Control Panel. Admin Guide

Wakefield Council Secure and file transfer User guide for customers, partners and agencies

Secure User Guide

Security Solutions

Policy Based Encryption Z. Administrator Guide

User Guide. Version 3.0 April 2006

Your is one of your most valuable assets. Catch mistakes before they happen. Protect your business.

Proactive controls to mitigate IT security risk

E Mail Encryption End User Guide

Steps to Opening Your First Password-Protected Envelope

Secure Management Guide. June 2008

Secured Enterprise eprivacy Suite

Recalling A Sent Message in Outlook 2010

EBMS Secure . February 11, 2016 Instructions. Version 2

Secure Mail Message Retrieval Instructions

MSI Secure Mail Tutorial. Table of Contents

FDIC Secure Procedures for External Users April 23, 2010

eztechdirect Backup Service Features

Remember, this is not specific to your address alone... the METHOD you retrieve your is equally important.

Implementing Transparent Security for Desktop Encryption Users

Compliance in 5 Steps

Frequently Asked Questions. Frequently Asked Questions SSLPost Page 1 of 31 support@sslpost.com

SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Welcome to Websense Archive Quick Start Guide

White paper. Why Encrypt? Securing without compromising communications

isecur User Guide for iphone

6. Is it mandatory to have the digital certificate issued from NICCA? Is it mandatory for the sender and receiver to have a NIC id?...

Guidance for sending and receiving an encrypted NHSmail

How To Use The Gtokus Secure Mail System

Secure - Customer User Guide How to receive an encrypted

About (EAS) Archived Service

Tumbleweed MailGate Secure Messenger

Configuring your client to connect to your Exchange mailbox

Policy Based Encryption Essentials. Administrator Guide

Outlook Web Access End User Guide

P309 - Proofpoint Encryption - Decrypting Secure Messages Business systems

Welcome to Enterprise Vault Archiving

Encryption. How do I send my encryption key?

Cryptshare for Outlook User Guide

Encryption. Instructions for sending and retrieving an encrypted

Getting Started with Microsoft Outlook with Exchange Online Software from Time Warner Cable Business Class

MUTUAL OF OMAHA SECURE SYSTEM CLIENT/PARTNER USER GUIDE

EJGH Encryption User Tip Sheet of 8

Secure Messaging is far more than encryption.

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Manually store & documents in

Archive Attender Version 3.5

U.S. Bank Secure Mail

Guidance for using the East Sussex County Council Secure system

Secure A Guide for Users

U.S. Bank Secure Quick Start Guide

How To Send An Encrypted To The State From The Outside (Public)

Basics. For more information on the Library and programs, visit BCPLS 08/10/2010 PEMA

bank zweiplus Gateway user manual

VAULTIVE & MICROSOFT: COMPLEMENTARY ENCRYPTION SOLUTIONS. White Paper

OutDisk 4.0 FTP FTP for Users using Microsoft Windows and/or Microsoft Outlook. 5/1/ Encryptomatic LLC

FileCloud Security FAQ

BlackBerry Internet Service. Version: User Guide

Outlook Data File navigate to the PST file that you want to open, select it and choose OK. The file will now appear as a folder in Outlook.

Word Secure Messaging User Guide. Version 3.0

User Guide. Contents. Information Systems and Technology Dawson College v 1.3, 15 November 2013

Sending an Encrypted/Unencrypted Message. Let's Begin: Log In and Set Up Security Questions. Create Additional ProMailSource Accounts:

PORTLANDDIOCESE.ORG - How to Connect Table of Contents

mkryptor allows you to easily send secure s. This document will give you a technical overview of how. mkryptor is a software product from

Exchange mailbox users can access their from anywhere using the Outlook Web Access

Bridging People and Process. Bridging People and Process. Bridging People and Process. Bridging People and Process

Introduction to . Jan 24 th 2010

Creating a Content Group and assigning the Encrypt action to the Group.

Realfax Service User Manual Version 4

Spambrella SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Secure User Guide. PGP (Pretty Good Privacy)

Lotus Notes 8.5 to Office 365 for business

HOW WILL I KNOW THAT I SHOULD USE THE IAS CONTINUITY SERVICE?

Secure Frequently Asked Questions

SECURE MESSAGING PLATFORM

Send and receive encrypted s

Online Backup Solution Features

Inventus Software. Antum Secured Mail / Message System. Users Guide

Transcription:

Secured email Global Communication version 4.6 A new and improved way to receive Secured email Authors: Daniel Nilsson and Jeff Sherwood May 11, 2010

Content Introduction...3 Secured email...4 Sending Secured emails - user perspective...4 Establishment of a secured channel identification of the receiver...4 Receiving a Secured email with Global Communication technology user perspective.5 Additional ways to receive Secured emails user perspective...8 Centrally managed templates education is the key...9 Endpoint to endpoint security...10 Technical requirements for Global Communication...10 Additional features in version 4.7 released fall 2010...11 Summary... 12 www.cryptzone.com 2

Introduction This technical paper is intended to provide an overview of Cryptzone s planned release of Secured email version 4.6 with new features based upon Cryptzone s exciting new technology called Global Communication. Secured email v4.6 planned released date is June of 2010 and will be delivered as a product extension of the SEP platform focused on outbound communication compliance. This technical paper will explain for the first time, details of this exciting new technology and the impact upon Cryptzone s security suite of encryption technology. To learn more about Cryptzone s security solutions, please visit the Cryptzone Resource Center at http://www.cryptzone.se/resourcecenter/products/email/. Technical White Papers, pre-recorded webinars and video casts are available for viewing and download. www.cryptzone.com 3

Secured email Email is the most common method of communications for businesses today and is used daily to transmit sensitive or confidential information - including customer information, employee records, customer lists, operational data, trade secrets, and legal documents. Cryptzone s Secured email is our award winning email security software application that provides powerful end-to-end, easy to use email encryption to ensure regulatory compliance and protect your organization sensitive data. Figure 1 The Send secured button When Secured email is installed the user will get a new button for their Outlook, Send secured. This will enable the user to send secured emails. Sending secured emails - user perspective From a user perspective, sending a secured email is done by simply clicking a Send secured button integrated within Microsoft Outlook or Lotus Notes. When a user clicks the Send Secured button the email will become encrypted, wrapped and sent. Wrapping of an email refers to Cryptzone s concept of delivering secure messages where the actual secured content is delivered as an attachment in an ordinary MIME email. This is also referred to as wrap-mail. The wrap-mail is a communication tool used by the sender to educate the recipient of the encrypted information as to what they need to do to be able to read the secured email. The enterprise solution provides the ability to customize the wrap-mail to communicate special instructions to the recipient of the encrypted email. The goal of the wrap-mail is to establish a simple and easy method of communications between the sender and recipient for the first time and to use that frame work for all future communications. The optional Secured econtrol application delivers Data Leak Prevention (DLP) beyond encryption by scanning all content in the body of an email, subject line and all attachments. Deployed on the client, you can monitor and control the type of information based upon security policy. Secured econtrol comes packed with ready-made policies for laws and regulations such as HIPAA HITECH Act, FTC s Red Flag Rule, SOX, GLB Act, EU Data Protection Act, privacy rules and others making it easy for customers worldwide to deploy a solution to guarantee data loss prevention and offer automatic encryption. When Secured econtrol is installed and integrated with the Secured email application, security policies can be applied to enforce a policy which whenever a user clicks the send button in his mail client, so you don t have to rely on them pressing the Send Secured button. The Secured econtrol policies are highly customizable to control the outcome of email communication. For example, security policies can be configured to react to recipient email addresses, or to the very content of the email itself providing automatic encryption of an email that has sensitive information within the body, subject line and/or attachments, such as social security numbers, credit card information and other items of sensitive information. Establishment of a secured channel identification of the receiver A secured channel is a term that represents a secured tunnel of communication between a sender and recipient. The channel is created with the use of a shared secret and the relationship of the known identity of the sender and the receiver. The identities used are the email addresses of the sender and the receiver. The shared secret is an authentication tool to verify that only the correct recipient can read the secured email, and is established by the sender to create a secured channel between two parties. This is also called end to end encryption communications, which is mandated by a number of laws and regulations. The shared secret can be provided to the application in two ways; manually by the user, or automatically with the use of an Enterprise Server. The shared secret can be provided in two ways; manually by the user, or automatically with the use of an Enterprise Server. In the first example, the user is prompted to create a custom shared secret. The bit-strength of the shared secret created by the user can be controlled with the use of password policies. These policies control the number of characters in the shared secret or shall we say password, as well as the kind of characters that should be used. In the second scenario, the client will retrieve the shared secret from the Enterprise Server. If the Enterprise Server cannot deliver a stored shared secret, the user will be prompted to create the secret himself. www.cryptzone.com 4

Once the secured channel has been established, the client application maintains the trusted relationship. This means that once a secured channel has been established, there will be no need to create or use a shared secret again for any and all communications. The next email will be sent securely through the secured channel without needing a password forever. During the process of sending a secured email, the sender has the option to provide a custom unencrypted message that gets embedded with the wrap-mail. The unencrypted message is a valuable option for communicating per-message information in a plain form, readable by the recipient. Once an email has been created and sent to an external recipient, the sender is responsible for exchanging the shared secret with the receiver. The exchange of the shared secret need only be done once and will be verified by the receiver. When the verification is done, the sender and the receiver can continue to send secured emails to each other forever without being asked for any new, shared secrets. It is possible to set up a policy so the receiver will have to verify again every month if required or on a continuous basis. This is rare because, most users want to limit the use of passwords and receive the benefit of automatic authentication and key management. Methods of communicating the shared secret include faxprintouts, emaildrafts or verbally. The shared secret can be a combination of information that is known by both parties. For example, a shared secret may be a customer number, the last four digits of their social security number, initials plus last four digits of the social security number - anything that the recipient would know without forgetting. There is a multitude of agreed-upon shared secrets that provide a high level of security and can be easily remembered by the sender and recipient. Methods of communicating the shared secret include fax-printouts, email-drafts or verbally. As for inbound communication, the server will handle all key-exchanges. If the sender forgets the shared secret or needs to view it again, it is possible to view it in the Secured email Settings. It is our belief that sending a secured email is an end-point to end-point process, which can be done without the use and cost of a gateway. The Secured email and Secured econtrol applications can be used online, or in an offline environment when they behave as if they are still connected to the Internet. When a user sends an email when offline, the user will see the secured email become encrypted and end up in his outbox at the time of sending the email. When the user connects to the Internet, the email will be automatically sent from the outbox and moved to the sent folder. One key differentiator of the Secured email application is that the recipient can access the secured content from any email service. Secured email s secured content is sent using the MIME layer as an attachment to the wrap-mail, which allows the user to access their emails from anywhere, including public mail-services such as Gmail, Hotmail etc. Required components when sending secured emails are Outlook or Lotus Notes in conjunction with the Secured email Client, which is a Windows application. Receiving a secured email with Global Communication technology user perspective The recipient of an encrypted email will first see the delivery of the wrap-mail, which is a notification to the recipient that they have received an encrypted email and special instructions on how to read it. In the content of the wrap-mail there is a direct link to a webpage that serves as a portal for accessing the secured content directly. www.cryptzone.com 5

Figure 2 This is an example of a secured email. All the receiver has to do is to click on the link to open the secured email. Receivers that are internal (employed by the same organization as the sender) only need to double click on the email to open it up inside their Outlook or Lotus Notes email client. This portal is hosted by the senders company and can be customized to fit the organizations needs. The receiver will be able to authenticate using the shared secret that is communicated by the sender. This method is very secure because the service is being hosted sender s IT department. Figure 3 This is an example of a portal. When the receiver clicks the link in the wrap-mail the default web browser will open up and display the portal. The receiver will now type the shared secret communicated by the sender and click continue to open up the secured email. www.cryptzone.com 6

Figure 4 This is an example of an opened secured email. When the recipient enters the shared secret in the portal and clicks Continue the content of the secured email will be displayed in clear text. It is possible for the receiver to open and download any attachment. The receiver can download the email in.msg or PDF format. If the receiver presses the reply button the default email client will start up and the receiver can reply back to the email. It is important to note, when using Cryptzone s Global Communication technology, a receiver will be able to open any type of secured emails from any type of platform. Now the receiver can view a secured email on PC, Mac, iphone, ipad, Symbian phones, and many other types of devices. All the receiver has to do it have access to the Internet and a web browser. This means that it will be possible to send secured email to any receiver without considering what platform the receiver may receive the secured email at. Figure 5 This is an example of how a recipient authenticate on an iphone. The receiver simply clicks on the link in the email. The iphone Safari web browser will open and display the message shown in the picture. The receiver enters the shared secret and press Continue. www.cryptzone.com 7

Figure 6 When the receiver has authenticated, the email will be displayed. Additional ways to receive secured emails user perspective If the Global Communication is not used or activated there is additional ways to receive secured emails using a full version Reader and Reader Lite. The recipient of an encrypted email will first see the delivery of the wrap-mail, which is a notification to the recipient that they have received an encrypted email and special instructions on how to read it. In the content of the wrap-mail, the user is given the option to download either the Full Reader application or the Reader Lite. The user must have administrative rights for their computer in order to install the Full Reader application. For users that don t have administrative rights, the Reader Lite application is a perfect solution. Note that JAVA is required on the recipient s computer. When the full version Reader is installed in Outlook and Lotus Notes environments, the user will simply double click the email to open it. The reading pane will display the content of the wrapmail. When using other mail-clients in conjunction with the Secured email client, users simply need to click on the attachment above the wrap-mail message to see the secured content. The email will then be displayed as created by the sender within the local-machine webbrowser. www.cryptzone.com 8

Figure 7 Cryptzone standard wrap-mail the Cryptzone Enterprise solution is delivered with several well tested templates for wrap-mails (instructions for the receiver). The example shows different instructions for internal and external receivers. Figure 7 Once the Reader software is installed, and the user wants to open a secured email, the content has to be decrypted with the key used at the time of encryption. The instructions within the wrap-mail provide a way to communicate the method to retrieve the shared secret used. Our customers have chosen a number of ways to communicate the shared secret to the recipient of an encrypted email, such as profile-driven forums or by fax, postal mail or verbally. In most enterprise installations the key is retrieved automatically and seamlessly from the Enterprise server. Once a secured channel has been established, the client software maintains the secured channel and it will never needed again forever. The next time an email is received from the sender, the encrypted email is automatically opened without needing to authenticate or input the shared secret or password. The software stores the shared secret locally. The client software, if used in conjunction with Outlook or Lotus Notes, allows the recipient to reply securely to the sender without needing a software license. The recipient simply clicks reply and then clicks Send Secured. Required components when opening a secured email are any mail-client together with the Secured email Client or Reader Lite (Java web-start application that in turn requires Java 1.4). Centrally managed templates education is the key Educating users about the importance of new security applications and how to use them can be a problem. When deploying Secured email, it is necessary to train the sender to educate the recipient. The success of any email encryption solution is dependent on training senders and receivers in a way that makes it easy to exchange secured emails. Secured email supports this with a template designer. Templates include ready-made instructions for the sender to send to the receiver instructions on how to open the secure email as well as templates for the shared secret communication. The template designer allows the administrator to edit and manage templates centrally. Editing includes text and pictures as well as automatic texts. Templates can be created and deployed for large groups of senders, and customized for specific individual users. The Secured email Enterprise solution includes pre-defined best practice templates that can be used and modified to fit the current implementation and the need of the organization. www.cryptzone.com 9

Figure 8 SEP Template Designer With the template designer it is possible for the administrator to customize messages to educate users. Figure 8 Endpoint to endpoint security The Secured email solution creates a secure channel or tunnel for emails from the sending computer to the receiving computer. Wherever and however emails are sent between the two parties, the email will be stored encrypted and secured. The email will be stored secured at the receiver s mail server and email client, as well as the sender s mail server and email client. The secured email will also be stored secured in email archiving systems used by the sender and the receiver. There is also an option to store unencrypted copies of the email for distribution to the archival system. For a higher level of security it is possible for the administrator to activate a local security feature where the end user will be required to authenticate to the Secured email system to be able to open and send secured emails. The local security feature includes a user password that is unique and can only be used to authenticate to the Secured email system. The concept of the local security feature is to create an extra authentication that is separate from the standard authentication used in the organization. Technical requirements for Global Communication To be able to use and activate the Global Communication solution where receivers of secured emails simply clicks a link to open the secured email, there are several steps required to support the application. See below for instructions to support Global Communications: 1. Activate the SEP server for external communication Secured emails received are decrypted and displayed with help of the SEP Server. To activate the SEP server to accept external access please read the manual how to set up the SEP server for external access. http://www.cryptzone.com/_download/documentation/cryptzone_set_up_guide_fo r_sep_enterprise_for_external_access.pdf 2. Exchange 2003, Exchange 2007 or Exchange 2010 To be able to activate the Global Communication you must have Exchange 2003 or later. 3. Create a mailbox on the Exchange server that will be used to host secured emails for access from the outside. The SEP Server needs to be configured to have access to this mailbox. 4. Every secured email sent by the clients will be copied into this mailbox and will be stored for a predetermined period of days, after which they will be deleted. When a mail is deleted, the external user will not be able to access the emails, though the Secured email can still be view by other methods indicated previously. (Reader, Reader Lite). www.cryptzone.com 10

Additional features in version 4.7 released fall 2010 In the fall 2010, version 4.7 will be released containing additional features for the Global Communication technology. The most important features with this release will be the ability to reply securely from any location - regardless of the type of platform and a new method delivery of the shared secret for authentication. We at Cryptzone believe our customers will demand the ability for recipients have the capability to reply back whereas the recipient would want to start up a secure and safe communication with receivers where emails can be sent securely back and forward. This means that organizations can easily communicate sensitive information with customers and partners. In the current version of Secured email a receiver is verified using a shared secret/password created and communicated by the sender. This is a very secure method but for some organizations it may feel too secure and complicated. The solution is to create a more seamless way to authenticate the receiver. In version 4.7 an alternative way will be introduced to verify the receiver, a sign up process. The sign up process works like the following: The sender creates a new email to a recipient and the receiver has never received a secured email before. The sender clicks the send secured button and the email will be sent securely to a receiver at once. The receiver receives the secure email and clicks on a web link to open it. Since this is the first time the receiver receives a secured email from the sender the receiver is asked to verify his email and then create a password. The receiver clicks a Continue button and will then be informed that a verification email will be sent out. To verify the registration the receiver must click on a link in the verification email. The receiver gets the verification email and clicks the link. The secured email will now be displayed for the receiver. The sign up process is the same process used to sign up for services like Gmail, Hotmail and Facebook and is familiar for most internet users. www.cryptzone.com 11

Summary Cryptzone s approach is to create a solution that fits any size of company. The basis of Secured email is that the application creates an end-to-end, virtual channel between the sender and the receiver. It doesn t matter how the recipient receives their email Outlook, Microsoft OWA, Gmail, Yahoo, Thunderbird, Mac, iphone, ipad, Symbian phones, etc The Secured email solution provides a way that will de-encrypt secured emails, simply and easily. The most important aspect of Secured email is that our technology helps our customers to meet worldwide regulatory compliance of sensitive information laws including HIPAA Hitech Act, Sarbanes Oxley, HIPAA, Payment Card Industry DSS standards, the EU Data Protection Directive and GBL Act. We use the strongest encryption method AES 256 - as well as System SKG, which generates a dynamic one time encryption key for every email sent. Equally important is the fact that the key is not sent over the open Internet, therefore it is impossible to break the encryption technology. It is impossible for somebody to hack your emails when they are secured. All the sender has to do is press a button send secured and everything else is taken care of. www.cryptzone.com 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information