Tech net Why you shouldn't send sensitive emails
-
Upload
david-strom -
Category
Technology
-
view
739 -
download
1
description
Transcript of Tech net Why you shouldn't send sensitive emails
Why You Shouldn’t Email Your Sensitive Documents
David [email protected]
TechNet Mid America July 2012
Email docs to yourself
Email is inherently insecure…
Secure email alternatives
• Full encryption• DLP• Cloud-based storage• Secure document delivery services
Full encryption choices
• Voltage SecureMail• PGP Universal Server• Sophos Email Appliance• Proofpoint Protection Server• Mimecast's Unified Email Messaging
Common product features
• Crypto key management• Auto encrypt sensitive info as part of their
policies• Lots more rules processing• Outlook plug-ins
Drawbacks
• No visibility into document chain of custody• Encryption is still largely unused and
cumbersome• Key management
issues
Web-based encryption
• Voltage SecureMail Cloud• Hushmail for Business• Proofpoint on Demand• PGP's Web Messenger • Mimecast's Closed Circuit Messaging
Data loss prevention
• Global Velocity's GV-2010 security appliance • BlueCoat Networks DLP appliance• Sendmail's Sentrion email server• McAfee Host DLP• Symantec/Vontu DLP v10• Safend Protector• Trend Micro DLP
File sending services
Responses to MegaUpload shutdown
YouSendIt Privacy Policy
Certain information may become accessible, such as the text and subject of messages you have sent, the name and content of the User Files you have sent, the date and time messages were sent, and the email addresses of the recipients.
Secure document services
Security issues
Secure document issues
• Do you need secure intra- or inter-enterprise collaboration?
• Can you recall sent messages? • What happens when someone leaves your
company? • How does the service affect users’ existing
email experience? • Can you authenticate recipients and thwart
malware such as key-loggers?
The moral of the story: don’t use straight email to send your documents. Anything is else better.