how to secure your emails for sensitive docs
DESCRIPTION
This was a presentation that I gave at Technet MidAmerica conference in St. Louis in July 2012TRANSCRIPT
![Page 1: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/1.jpg)
Why You Shouldn’t Email Your Sensitive Documents
David [email protected]
TechNet Mid America July 2012
![Page 2: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/2.jpg)
Email docs to yourself
![Page 3: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/3.jpg)
Email is inherently insecure…
![Page 4: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/4.jpg)
4
Obstacles to Email Encryption Adoption Today
• Unencrypted emails are too easy to send• IT admins think encryption is too expensive or
cumbersome or complex• Compliance regs should drive more email
encryption usage (but don’t…)• The mobile encryption experience hasn’t been
so wonderful
![Page 5: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/5.jpg)
Investors’ Email Compromises Have Consequences!
5
![Page 6: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/6.jpg)
![Page 7: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/7.jpg)
![Page 8: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/8.jpg)
Secure email alternatives
• Cloud-based storage• Secure document delivery services • Data loss prevention products• Full encryption choices
![Page 9: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/9.jpg)
File sending services
![Page 10: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/10.jpg)
![Page 11: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/11.jpg)
![Page 12: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/12.jpg)
![Page 13: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/13.jpg)
![Page 14: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/14.jpg)
YouSendIt Privacy Policy
Certain information may become accessible, such as the text and subject of messages you have sent, the name and content of the User Files you have sent, the date and time messages were sent, and the email addresses of the recipients.
![Page 15: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/15.jpg)
Responses to MegaUpload shutdown
![Page 16: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/16.jpg)
Secure document services
![Page 17: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/17.jpg)
![Page 18: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/18.jpg)
Secure document issues
• Do you need secure intra- or inter-enterprise collaboration?
• Can you recall sent messages? • What happens when someone leaves your
company? • How does the service affect users’ existing
email experience? • Can you authenticate recipients and thwart
malware such as key-loggers?
![Page 19: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/19.jpg)
Data loss prevention
• Global Velocity's GV-2010 security appliance • BlueCoat Networks DLP appliance• Sendmail's Sentrion email server• McAfee Host DLP• Symantec/Vontu DLP v10• Safend Protector• Trend Micro DLP
![Page 20: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/20.jpg)
![Page 21: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/21.jpg)
DLP Drawbacks
• You are tracking rather than encrypting messages
• Once a message leaves your premises, you can’t do anything about it
• Can be expensive
![Page 22: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/22.jpg)
Full encryption choices
• Voltage SecureMail• PGP Universal Server• Sophos Email Appliance• Cisco IronPort• Proofpoint Protection Server• Mimecast's Unified Email Messaging• Echoworx Encrypted Mail
![Page 23: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/23.jpg)
Common product features
• Crypto key management• Auto encrypt sensitive info as part of their
policies• Lots more rules processing• Outlook plug-ins
![Page 24: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/24.jpg)
![Page 25: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/25.jpg)
Encryption LandscapeVendor Approach Key/Certificate Management Mobile capability
Cisco IronPort Symmetric key per message
CRES (cloud)Or on premise
Web-based
Proofpoint Symmetric key per message
PP Key service or on premise Web-based; read only
Symantec/PGP PKI PGP Directory or on premise Web-based; read only
Entrust PKI Entrust PKI or on premise Web-based
Zix PKI Zix Directory Web-based
Voltage Identity-based encryption
Cloud-based Native app
Echoworx PKI Echoworx PKI Native app
![Page 26: How to secure your emails for sensitive docs](https://reader033.vdocuments.mx/reader033/viewer/2022061120/546c252eaf79597b298b4f14/html5/thumbnails/26.jpg)
Voltage’s Secure email mobile client