1

ZIXCORPThe Criticality of Email Security

Kevin Cloutier781-993-6221kcloutier@zixcorp.comOct 2015

Founded in 1998 as an email encryption company, now with DLP and BYOD security

More than 11,500 active customers including:

Six divisions of the U.S. Treasury All of the FFIEC U.S. federal financial

regulators (incl. FDIC and OCC) The U.S. Securities and Exchange

Commission 24 U.S. state financial regulators More than 2,000 U.S. financial institutions 25% of all banks in the U.S. 20% of all hospitals in the U.S. 32 Blue Cross Blue Shield organizations

ABOUT ZIXCORP

2

YOUR BIGGEST SOURCE OF DATA LOSS

• Your organization is sending PII out today– Analysis shows an average of 5% of outbound

volumes include PII, NPI, PHI, SSNs, CCs, etc.– You need to know who sent, who received,

what was sent, why it was sent, and how it was sent

– Even one email violation, depending on your industry, can cost you thousands of $$$$ and public data breach exposure

• Your organization has a mobility risk– Employees are using mobile phones to

download email– Data proliferation on mobile devices is a huge

risk, even with an MDM solution in place

KNOW YOUR EMAIL

• Data Loss Prevention (DLP)• Encryption• Mobile Device Management (MDM) /

Bring Your Own Device (BYOD) Security

• Compliance Reporting

EMAIL SECURITY TOOLS TO MITIGATE THE RISKS

Enhanced Email DLP allows organizations to:

o Detect outbound emails that violate corporate policies

o Capture and analyze email violations

o Filter, search and report on email violations

o Quarantine sensitive emails that contain sensitive information based on wide range of parameters

ENHANCED EMAIL DLP

6

EMAIL DLP VIEW OF SENSITIVE EMAIL

7

• You now have the sensitive email, but what do you do with it?

• If authorized to be sent, encrypt it• But not all email encryption is equal• Do not deploy Email Encryption to just:

AFTER DLP, THEN WHAT?

• Policy based email encryption– Integrates with email DLP to auto encrypt

sensitive content• Transparent email encryption

– Auto encrypt to other organizations using the same solution/protocol with no logins/passwords needed

– Automatic Key Management• Encrypted Delivery to “Non” encryption

users– A system that delivers the encrypted email to

anyone regardless of what technology they have on receiving end

• Encrypted Delivery to Mobile Devices

A USABLE EMAIL ENCRYPTION SOLUTION

WHY ARE WE ALL SPEAKING A DIFFERENT LANGUAGE?

How can we connect with so many roadblocks?

Portals Passwords Secure

attachments Password

resets Extra steps

THE POWER OF EMAIL ENCRYPTION TRANSPARENCY

An elegant solution is one that works without you even knowing it.

No portals No passwords No extra steps

Shared Public Key Directory

WHAT ABOUT DELIVERY OF ENCRYPTED EMAIL ON MOBILE DEVICES?

Typically, recipients are unable to open encrypted email on mobile devices.

The result: User frustration Interrupted

workflow Reduced

productivity

EMAIL ENCRYPTION SOLUTION SHOULD MANAGE MOBILITY EFFECTIVELY AND EFFICIENTLY

Senders and receivers using the solution should experience encrypted email like any other email on their mobile device.

Accessing encrypted mobile email should be as easy as one click.

• The email still has to go, but how?• Solution should auto recognize the recipient

does not have technology in place but still delivers the email encrypted via a secure messaging portal (pull) or via an encrypted HTML attachment (push)

• Registration to receive these encrypted emails must be simple and non-invasive

• Allow for the recipient to reply back encrypted AND to compose brand new emails encrypted

• Consider impact of delivery method on mobile devices

WHAT ABOUT ENCRYPTED EMAIL TO RECIPIENTS WHO DO NOT HAVE DECRYPTION TECHOLOGY?

15

MOST POPULAR MOBILE BUSINESS APPSEMAIL, CALENDAR AND CONTACTS

16

Source: BYOD and Mobile Security Report, 2014, Holger Schulze, Information Security Community on LinkedIn

Survey results indicate45% of respondents report that within the

previous 12 months, one or more employees lost a mobile device containing company data

InformationWeek’s 2014 Mobile Security Report

3.1 Million smartphones were stolen

in the USA during 2013 - sixty per minute Consumer Reports’ Annual State of the Net survey, 2014

72% of respondents say their top mobile security concern is data loss from lost or stolen

devices InformationWeek’s 2014 Mobile Security Report

17

MARKET RESPONSE TO BYOD

MOBILE DEVICE USERS’ FRUSTRATION

18

“In their quest to do their jobs, mobile device users are offered comparatively sophisticated communications platforms that they're often untrained to effectively use, control, and make productive.

- Tom Henderson, IT World

ADDING TO BYOD CHALLENGES

19

20

TYPICAL MDM SOLUTIONEMAILS ARE RETAINED IN PERMANENT MEMORY

Data Proliferation

TODAY’S APPROACHES ARE MISSING THE POINT

MDM & CONTAINER VENDORS Assume Data on the Device

Too Complex and Too Expensive Too Invasive For Users Too Difficult To Implement Creates Corporate Liability Concerns Overkill for Email Problem Getting Worse

Manage access, not devices!

WHAT THEY DON’T WANT IS: Company monitoring their personal activities or

restrict apps Interruption of their calendar, contacts, phone and

texting functions Invasion or deletion (wiping) of their personal data

USERS WANT EASE OF USE

Brooklyn gives IT the security they need and.

COMPANIES WANT SAFE DATAWHAT THEY DON’T WANT IS:Corporate data distributed on hundreds of devicesUsers resorting to personal email or other insecure

means of maintaining productivity

THE STATE OF BYOD

EMAIL BYOD SOLUTIONFull email functionality, but NO data on the device, so no need to manage the device

23

Data Proliferation

EMAIL BYOD DELIVERSTHE BEST OF BOTH WORLDS

Companies benefit from Enhanced Data Protection Productive employees and improved

morale Minimize Corporate Liability One copy of corporate data Compliance Reporting License by user, not device

Employees benefit from Convenience of using their own devices Control of their devices and personal data Protected privacy without employer access

to personal data

• Who sent, Who Received, Top Domains, Delivery Method, Time Stamps, Subject, Policy– And Content! What sensitive data was sent!

• On Demand and Scheduled Reports• Graphical and Detailed Drill downs• Includes Reporting on all delivery methods

– Including TLS• Exportable to formats usable by you• Allows you to know what email was viewed on a

mobile device and when it was viewed

EMAIL COMPLIANCE REPORTING

To See How ZixCorpProvides Email DLP, Encryption, and BYOD Security come to our booth or contact me

Thank you

Kevin Cloutier781-993-6221Kcloutier@zixcorp.com