1 zixcorp the criticality of email security dena bauckman director product management april 2015
TRANSCRIPT
1
ZIXCORPThe Criticality of Email Security
Dena BauckmanDirector Product ManagementApril 2015
2
YOUR BIGGEST SOURCE OF DATA LOSS
3
WE DON’T THINK TWICE BEFORE HITTING SEND
o Learn from the Sony Hack− Executives were comfortable sending out this information− Perception vs Reality
o It won’t happen to me mentality− Its like not getting car insurance because you are a good
driver− Sending an email is like sending a post card in the mail
o Lack of Awareness− Man in the Middle Attacks
o Sending Sensitive Information Unintentionally− “Should I be encrypting this?”
4
EMAIL SECURITY TOOLS TO MITIGATE THE RISKS
o Data Loss Prevention (DLP)o Email Encryptiono Mobile Device Management (MDM) /
Bring Your Own Device (BYOD) Security
5
DATA LOSS PREVENTION (DLP) FOR EMAIL
o Enhanced Email DLP allows organizations to:− Detect outbound emails that
violate corporate policies− Capture and analyze email
violations − Filter, search and report on email
violations− Quarantine sensitive emails that
contain sensitive information based on wide range of parameters
6
EMAIL DLP VIEW OF SENSITIVE EMAIL
7
AFTER DLP, THEN WHAT?
o You now have the sensitive email, but what do you do with it?
o If authorized to be sent, encrypt ito But not all email encryption is equalo Do not deploy Email Encryption to just:
8
A USABLE EMAIL ENCRYPTION SOLUTION
o Policy based email encryption− Integrates with email DLP to auto encrypt
sensitive contento Transparent email encryption
− Auto encrypt to other organizations using the same solution/protocol with • No logins/passwords needed
− Automatic Key Managemento Encrypted Delivery to “Non” encryption
users− Anyone, anywhere and on any device
9
How can we connect with so many roadblocks?
Portals Passwords Secure
attachments Password resets Extra steps
WHY ARE WE ALL SPEAKING A DIFFERENT LANGUAGE?
10
An elegant solution is one that works without you even knowing it.
No portals No passwords No extra steps
Shared Public Key Directory
THE POWER OF EMAIL ENCRYPTION TRANSPARENCY
11
WHAT ABOUT RECIPIENTS WHO DO NOT HAVE ENCRYPTION TECHOLOGY?
o Secure messaging Portal− Registration to receive these encrypted emails must be
easy and non-invasive− Allow for the recipient to reply back encrypted AND to
compose brand new emails encrypted− Consider impact of delivery method on mobile devices
12
Typically, recipients are unable to open encrypted email on mobile devices.
The result: User frustration Interrupted workflow Reduced productivity
WHAT ABOUT DELIVERY OF ENCRYPTED EMAIL ON MOBILE DEVICES?
13
EMAIL ENCRYPTION SHOULD MANAGE MOBILITY EFFECTIVELY AND EFFICIENTLY
o User should experience encrypted email like any other email on their mobile device.
o Accessing encrypted mobile email should be as easy as one click.
14
15
MOST POPULAR MOBILE BUSINESS APPSEMAIL, CALENDAR AND CONTACTS
15
Source: BYOD and Mobile Security Report, 2014, Holger Schulze, Information Security Community on LinkedIn
16
MARKET RESPONSE TO BYOD
o Survey results indicate:− 45% of respondents report that within
the previous 12 months, one or more employees lost a mobile device containing company data
• InformationWeek’s 2014 Mobile Security Report
− 3.1 Million smartphones were stolen in the USA during 2013 - sixty per minute
• Consumer Reports’ Annual State of the Net survey, 2014
− 72% of respondents say their top mobile security concern is data loss from lost or stolen devices
• InformationWeek’s 2014 Mobile Security Report
17
ADDING TO BYOD CHALLENGES
17
18
Manage access, not devices!
TODAY’S APPROACHES ARE MISSING THE POINT
• MDM & CONTAINER VENDORS – Assume Data on the Device– Too Complex and Too Expensive– Too Invasive For Users– Too Difficult To Implement– Creates Corporate Liability Concerns– Overkill for Email, Contact and Calendar– Problem Getting Worse
19
WHAT THEY DON’T WANT IS: Company monitoring their personal activities or
restrict apps Interruption of their calendar, contacts, phone and
texting functions Invasion or deletion (wiping) of their personal data
USERS WANT EASE OF USE
Brooklyn gives IT the security they need and.
COMPANIES WANT SAFE DATAWHAT THEY DON’T WANT IS:Corporate data distributed on hundreds of devicesUsers resorting to personal email or other insecure
means of maintaining productivity
THE STATE OF BYOD
20
EMAIL BYOD DELIVERSTHE BEST OF BOTH WORLDS
• Companies benefit from – Enhanced Data Protection– Productive employees and
improved morale– Minimize Corporate Liability– One copy of corporate data– License by user, not device
• Employees benefit from – Convenience of using their
own devices– Control of their devices and
personal data– Protected privacy without
employer access to personal data
21
ABOUT ZIXCORP
o Founded in 1998 as an email encryption company, now with DLP and BYOD security
o 11,500+ active customers including:− Six divisions of the U.S. Treasury− All of the FFIEC U.S. federal financial regulators
(incl. FDIC and OCC)− The U.S. Securities and Exchange Commission− 24 U.S. state financial regulators− More than 2,000 U.S. financial institutions− 25% of all banks in the U.S.− 20% of all hospitals in the U.S.− 32 Blue Cross Blue Shield organizations
21
To See How ZixCorpProvides Email DLP, Encryption, and BYOD Security come to our booth
Thank you
Dena BauckmanDirector Product [email protected]