Transcript Document
ZIXCORP
The Criticality of Email Security
Dena Bauckman
Director Product Management
April 2015
1
YOUR BIGGEST SOURCE OF DATA LOSS
2
WE DON’T THINK TWICE BEFORE HITTING
SEND
o Learn from the Sony Hack
− Executives were comfortable sending out this information
− Perception vs Reality
o It won’t happen to me mentality
− Its like not getting car insurance because you are a good
driver
− Sending an email is like sending a post card in the mail
o Lack of Awareness
− Man in the Middle Attacks
o Sending Sensitive Information Unintentionally
− “Should I be encrypting this?”
3
EMAIL SECURITY TOOLS TO MITIGATE
THE RISKS
o Data Loss Prevention (DLP)
o Email Encryption
o Mobile Device Management (MDM) /
Bring Your Own Device (BYOD) Security
4
DATA LOSS PREVENTION (DLP) FOR EMAIL
o Enhanced Email DLP allows
organizations to:
− Detect outbound emails that
violate corporate policies
− Capture and analyze email
violations
− Filter, search and report on email
violations
− Quarantine sensitive emails that
contain sensitive information
based on wide range of
parameters
5
EMAIL DLP VIEW OF SENSITIVE EMAIL
6
AFTER DLP, THEN WHAT?
o You now have the sensitive email, but what
do you do with it?
o If authorized to be sent, encrypt it
o But not all email encryption is equal
o Do not deploy Email Encryption to just:
7
A USABLE EMAIL ENCRYPTION SOLUTION
o Policy based email encryption
− Integrates with email DLP to auto encrypt
sensitive content
o Transparent email encryption
− Auto encrypt to other organizations using the
same solution/protocol with
• No logins/passwords needed
− Automatic Key Management
o Encrypted Delivery to “Non” encryption users
− Anyone, anywhere and on any device
8
WHY ARE WE ALL SPEAKING A DIFFERENT
LANGUAGE?
How can we
connect with so
many roadblocks?
Portals
Passwords
Secure
attachments
Password resets
Extra steps
9
THE POWER OF EMAIL ENCRYPTION
TRANSPARENCY
An elegant
solution is one that
works without you
even knowing it.
No portals
No passwords
No extra steps
Shared
Public Key
Directory
10
WHAT ABOUT RECIPIENTS WHO DO NOT
HAVE ENCRYPTION TECHOLOGY?
o Secure messaging Portal
− Registration to receive these encrypted emails must be
easy and non-invasive
− Allow for the recipient to reply back encrypted AND to
compose brand new emails encrypted
− Consider impact of delivery method on mobile devices
11
WHAT ABOUT DELIVERY OF ENCRYPTED
EMAIL ON MOBILE DEVICES?
Typically, recipients are
unable to open encrypted
email on mobile devices.
The result:
User frustration
Interrupted workflow
Reduced productivity
12
EMAIL ENCRYPTION SHOULD MANAGE
MOBILITY EFFECTIVELY AND EFFICIENTLY
o User should experience
encrypted email like any other
email on their mobile device.
o Accessing encrypted mobile
email should be as easy as one
click.
13
14
MOST POPULAR MOBILE BUSINESS APPS
EMAIL, CALENDAR AND CONTACTS
Source: BYOD and Mobile Security Report, 2014, Holger Schulze, Information Security Community on LinkedIn
15
15
MARKET RESPONSE TO BYOD
o Survey results indicate:
− 45% of respondents report that within
the previous 12 months, one or more
employees lost a mobile device
containing company data
• InformationWeek’s 2014 Mobile Security
Report
− 3.1 Million smartphones were stolen
in the USA during 2013 - sixty per
minute
• Consumer Reports’ Annual State of the
Net survey, 2014
− 72% of respondents say their top
mobile security concern is data loss
from lost or stolen devices
• InformationWeek’s 2014 Mobile Security
Report
16
ADDING TO BYOD CHALLENGES
17
17
TODAY’S APPROACHES ARE
MISSING THE POINT
• MDM & CONTAINER VENDORS
–
–
–
–
–
–
–
Assume Data on the Device
Too Complex and Too Expensive
Too Invasive For Users
Too Difficult To Implement
Creates Corporate Liability Concerns
Overkill for Email, Contact and Calendar
Problem Getting Worse
Manage access, not devices!
18
THE STATE OF BYOD
USERS WANT EASE OF USE
WHAT THEY DON’T WANT IS:
Company monitoring their personal activities or
restrict apps
Interruption of their calendar, contacts, phone and
texting functions
Invasion or deletion (wiping) of their personal data
COMPANIES WANT SAFE DATA
WHAT THEY DON’T WANT IS:
Corporate data distributed on hundreds of devices
Usersgives
resorting
tosecurity
personal
email
or and
other insecure
Brooklyn
IT the
they
need
.
means of maintaining
productivity
19
EMAIL BYOD DELIVERS
THE BEST OF BOTH WORLDS
• Companies benefit from
– Enhanced Data Protection
– Productive employees and
improved morale
– Minimize Corporate Liability
– One copy of corporate data
– License by user, not device
• Employees benefit from
– Convenience of using their
own devices
– Control of their devices and
personal data
– Protected privacy without
employer access to personal data
20
ABOUT ZIXCORP
o Founded in 1998 as an email encryption
company, now with DLP and BYOD security
o 11,500+ active customers including:
− Six divisions of the U.S. Treasury
− All of the FFIEC U.S. federal financial regulators
(incl. FDIC and OCC)
− The U.S. Securities and Exchange Commission
− 24 U.S. state financial regulators
− More than 2,000 U.S. financial institutions
− 25% of all banks in the U.S.
− 20% of all hospitals in the U.S.
− 32 Blue Cross Blue Shield organizations
21
21
To See How ZixCorp
Provides Email DLP, Encryption,
and BYOD Security come to our
booth
Thank you
Dena Bauckman
Director Product Management
[email protected]