Tag : sensitive

Secure Email Encryption – Zixmail

BVA gets several requests month in and month out for a good way to send secure emails.  There is really no way to answer this with a cheap method.  There are a few great solutions out there though they can be a little costly but here recently we found a method that is pretty cheap and very reliable.  ZixCorp Email Encryption Services is a solution tool that can protect your sensitive mail data.  ZixMail is the name of their product and it basically provides desktop email encryption that includes automated key management and delivery to anyone, anywhere through a secure web portal. It can be used with any corporate or web-based email system, and optional plug-ins are available for full integration with Microsoft Outlook.

ZixMail makes it easy to securely send and receive confidential information. Encrypted messages are delivered using your existing email address, and a single ZixMail client can support multiple email addresses. ZixMail also provides time stamping and authentication for irrefutable proof of delivery and receipt.

If your recipient is not a ZixCorp customer, not an issue…ZixMail automatically sends your email to ZixPort, a secure messaging portal that can be used to deliver secure email to any address.  The majority of your clients are strong Microsoft environments and this solution works great with it. ZixCorp provides a special ZixMail plug-in so you can send and receive encrypted email without ever leaving Outlook. The plug-in integrates the ZixMail functionality directly into Outlook’s toolbar. The simple click of a button is all it takes to encrypt or decrypt a message.

Automated Key Management
ZixMail takes care of the most complicated aspect of using email encryption – key management. With ZixMail, all key management is handled through ZixDirectorySM, ZixCorp’s hosted public key repository. Tens of millions of members are included in ZixDirectory, allowing ZixMail users to automatically send and receive encrypted emails from other ZixMail or ZixGateway customers. No key set-up or exchange is necessary.

iPad and iPhone Can Be a Security Risk

BVA has found that these types of mobile devises if not provisioned correctly can seriously be a security risk to your network environment.  Security policies need to be set forth to ensure security at all levels of access.  Apple iPad tablet device as well as the iPhone is slowly becoming a legitimate business tool, your employees will soon have them in hand and invade your business. The reality is that the iPhone changes the playing field for security and really surprised IT consulting companies and their administrators when it got released.   The users needs versus wants changed completely where being able to have a Smartphone that just sync’s calendars, contacts, and emails changes drastically. The iPhone hit the scene and next thing we were getting requests for it to be integrated into a businesses mail environment immediately. These requests were coming from owners and directors, decision makers were being demanding about making it work, totally side-stepping the security protocols set forth by years of experience and best practice.  The bottom line is that the line between corporate tool and consumer gadget has not just been blurred; it has been completely erased.  There have been several studies that have shown that when asked, the iPad and iPhones present the greatest smartphone security risk for IT.  It’s a scary thought that you have locked down your environment but since a new gadget gets releases to the market and owners want it, it diminishes the integrity of the system.

There was recently a few contents by security outfits where they had people hack the iPhone in less than 2 minutes and won a cash price.  This is a scary thought and quite frankly shows how easy it can be for the non-hacker.  Obviously it might take a little longer from a less talented hacker but it can clearly be done.  Apple has little intention to make their OS more secure because it’s not the market that they are targeting.  Again they are targeting the consumer, not the business enterprise.  I am sure there will be a point in time when that day comes but it is not in the near future.  If Apple at the very minimum addressed just the enterprise security, supportability requirements, and new hardware level encryption.  I want to be very clear that the OS on the iPhone is the same as the iPad as well as its security. Apple targeted the iPad primarily as a media consumption gadget for the residential consumer, not the business community but again we have seen this shift.  I am not saying that you should ban the iPhone or iPad but develop policies and procedures that address the rules of engagement for integrating the iPad with your network environment.

As you develop the policies, keep in mind that the iPad is unique and could fall into a few different areas for policies.  Here are some key points to keep in mind:

•    delivers notebook-like functionality
•    smartphone OS platform
•    normally placed in the policy bucket for computer usage and security policies, not recommended
•    a good policy bucket to consider – smartphone usage and security policies (recommended)
•    same smartphone OS was hacked in less than 2 minutes

Make sure that whatever policy selected addresses the most important factor here which is allowing or denying the storage of confidential or sensitive information on the iPad, or how e-mail, instant messaging and other communications conducted through the iPad fit within archiving and compliance requirements.