E-mail Security Governance: E-mail Encryption and Authentication as a Business Enabler

Written by CipherTrust

Continued from page 1

Asrepparttar complexity increases, so doesrepparttar 109517 probability that not all e-mail containing PHI will be encrypted. Doctors, who are always pressed for time, may not takerepparttar 109518 extra few minutes required to encrypt an e-mail. The clerk handling outbound messages for a nurse may not understand which information requires encryption and which does not. Furthermore, many healthcare administration workers have not been trained onrepparttar 109519 identification of PHI and subsequent proper handling.

The uncertainties and potential liabilities have led some organizations to go so far as to outlaw all PHI in e-mail. Instead of solvingrepparttar 109520 problem, however, these decisions generally force employees to find alternative, and usually insecure, methods of transmitting PHI via e-mail in order to accomplish their jobs. This leaves organizations vulnerable to lawsuits based, at best, on non-compliance with HIPAA and, at worst, exposed PHI. The liability is tremendous – leading many insurance providers to be extremely hesitant to provide coverage inrepparttar 109521 IT space unless sound security practices and compliance can be proven.

The same problems arise with client-based encryption technologies that requirerepparttar 109522 user to be trained or to take extra time to accomplish his or her task. The effect is an increase in likelihood that PHI will be transmitted through an insecure channel as rushed or untrained employees break policies set up to protect information.

Another issue faced by organizations is a lack of technological standards. Some organizations may be employing technologies such as S/MIME or PGP encryption, while others utilize secure connection technologies such as TLS or HTTPS. The effect is that any two organizations, each complying with HIPAA regulations in their own way, may be unable to communicate electronically due to a lack of standardization withinrepparttar 109523 industry.

The solution to each of these issues is to moverepparttar 109524 encryption responsibility fromrepparttar 109525 individual user to a specialized server, and to utilize a system that can select from a number of encryption technologies depending onrepparttar 109526 recipient’s technological capabilities. The server should be capable of applying encryption policies based on heuristics determined byrepparttar 109527 security officer, administrator, or business rules. Individual users should be able to specify that a message be encrypted, butrepparttar 109528 encryption should automatically be applied where appropriate regardless of user involvement.

Beyond encryption issues, CE's need to maintain system integrity, and availability of information. At all times,repparttar 109529 network should not be at risk of downtime due to hacking attempts, Denial of Service (DOS) attacks, spam attacks, phishing, social engineering, or viruses.

E-mail Security Issues for Graham-Leach-Bliley Act

The Graham-Leach-Bliley Act (GLBA) was signed by Bill Clinton in 1999 and made fully effective on July 1, 2001. GLBA requires financial institutions, partners and contractors to protect consumer’s private financial information. It is similar in purpose torepparttar 109530 HIPAA regulations governingrepparttar 109531 use and transmission of information inrepparttar 109532 healthcare industry. It also imposes many ofrepparttar 109533 same challenges onrepparttar 109534 financial industry as those faced byrepparttar 109535 healthcare industry.

As with organizations affected by HIPAA and Sarbanes-Oxley regulations, financial institutions are faced withrepparttar 109536 need to protect confidential data, comply with regulations, keeprepparttar 109537 network operational and secure, and operate on a budget. The consequences of a failure to perform in any of these areas could result in imprisonment of company officers and fines. It could also have devastating effects onrepparttar 109538 business itself – potentially causing existing and potential customers to lose faith inrepparttar 109539 company’s ability to service their financial needs.

As with healthcare organizations and corporate entities,repparttar 109540 need to establish centralized policy-based governance overrepparttar 109541 transmission, encryption, and archival of sensitive information requires a secure server-based solution. The solution should be capable of interfacing with all of an organization’s business partners regardless ofrepparttar 109542 partner’s technological capabilities, and it should be transparent torepparttar 109543 user in order to maximizerepparttar 109544 efficiency and utility of e-mail and encourage adoption of acceptable means of corporate communication.


The trend is clearly inrepparttar 109545 direction of more complex security regulations and an increasing concern by consumers and investors over an organization’s ability to protect privileged information. Fortunately, this increasing awareness ofrepparttar 109546 general public and government agencies has coincided with a rapid development ofrepparttar 109547 technologies required to meet these demands. CipherTrust has ledrepparttar 109548 e-mail security industry in developing comprehensive solutions to e-mail borne threats such as spam, hackers, phishing, DOS attacks and more.

CipherTrust’s IronMail providesrepparttar 109549 first true balance of security and usability that will enable businesses to protectrepparttar 109550 confidentiality and integrity of information as required while ensuring that employees can continue to use e-mail easily as a central communication medium. IronMail enables e-mail security governance with ease, solving a problem that has plaguedrepparttar 109551 industry for 15 years.

Others merely claim it. IronMail does it. We invite you to try it. Click here to schedule a FREE online demonstration of IronMail.

CipherTrust manufacturesrepparttar 109552 leading Enterprise E-mail Security appliance, IronMail. To learn more about how IronMail can help your organization filter spam, block attacks, and prevent fraud, download our white paper, "Controlling Spam: The IronMail Way."

Stay up to date on all E-mail security issues by signing up forrepparttar 109553 IronMail Insider Newsletter.

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Securing the E-mail Boundary: An overview of IronMail” or by visiting www.ciphertrust.com.

How Sarbanes-Oxley Affects Corporate Email Systems

Written by CipherTrust

Continued from page 1

For years, corporations addressed their various email security needs through a mixture of third-party software “solutions” designed to address specific areas of vulnerability. Today, however, this approach is ineffective. New amorphous threats adapt to evenrepparttar latest security technology, helping hackers and spammers stay a step ahead of most stand-alone protective measures. System administrators remain in a reactionary mode, waiting forrepparttar 109516 next attack and hoping their mixed bag of security software is up torepparttar 109517 test. The new challenges posed to email security demand a new approach that protects enterprises from all types of malicious attacks. Enter CipherTrust’s IronMail.

IronMail and Sarbanes-Oxley

CipherTrust’s IronMail has been created to protect organizations from both known and unknown email security attacks. IronMail offers automatic or manual updates to protect against both known and newly discovered email security threats and vulnerabilities, andrepparttar 109518 comprehensive messaging security provided by IronMail assists organizations in key areas of maintaining effective internal controls. Specific financial information threats and vulnerabilities protected by IronMail include:

  • Viruses, worms, and other malicious code
  • Internal users and external hackers attacking email systems
  • System failures from malicious attacks that can lead to subsequent legal liabilities
  • Unintentional or malicious information access or exposure

IronMail provides a comprehensive solution torepparttar 109519 Sarbanes-Oxley information integrity requirements as they relate to protecting corporate financial information that is transmitted and stored via email. Everything from message privacy/encryption to email firewall and intrusion protection to content filtering is included inrepparttar 109520 IronMail solution.

Takerepparttar 109521 Next Step

Learn more about how IronMail helps organizations ensure Sarbanes-Oxley compliance by visiting www.ciphertrust.com or requesting CipherTrust’s free whitepaper, ““Contributing to Sarbanes-Oxley Compliance with IronMail”.

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Contributing to Sarbanes-Oxley Compliance with IronMail” or by visiting www.ciphertrust.com.

    <Back to Page 1
ImproveHomeLife.com © 2005
Terms of Use