tech net why you shouldn't send sensitive emails
DESCRIPTION
This is a speech I am giving at a DoD-sponsored conference in July 2012.TRANSCRIPT
![Page 1: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/1.jpg)
Why You Shouldn’t Email Your Sensitive Documents
David [email protected]
TechNet Mid America July 2012
![Page 2: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/2.jpg)
Email docs to yourself
![Page 3: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/3.jpg)
Email is inherently insecure…
![Page 4: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/4.jpg)
![Page 5: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/5.jpg)
![Page 6: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/6.jpg)
Secure email alternatives
• Full encryption• DLP• Cloud-based storage• Secure document delivery services
![Page 7: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/7.jpg)
Full encryption choices
• Voltage SecureMail• PGP Universal Server• Sophos Email Appliance• Proofpoint Protection Server• Mimecast's Unified Email Messaging
![Page 8: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/8.jpg)
Common product features
• Crypto key management• Auto encrypt sensitive info as part of their
policies• Lots more rules processing• Outlook plug-ins
![Page 9: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/9.jpg)
![Page 10: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/10.jpg)
Drawbacks
• No visibility into document chain of custody• Encryption is still largely unused and
cumbersome• Key management
issues
![Page 11: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/11.jpg)
![Page 12: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/12.jpg)
Web-based encryption
• Voltage SecureMail Cloud• Hushmail for Business• Proofpoint on Demand• PGP's Web Messenger • Mimecast's Closed Circuit Messaging
![Page 13: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/13.jpg)
Data loss prevention
• Global Velocity's GV-2010 security appliance • BlueCoat Networks DLP appliance• Sendmail's Sentrion email server• McAfee Host DLP• Symantec/Vontu DLP v10• Safend Protector• Trend Micro DLP
![Page 14: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/14.jpg)
![Page 15: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/15.jpg)
File sending services
![Page 16: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/16.jpg)
![Page 17: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/17.jpg)
![Page 18: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/18.jpg)
Responses to MegaUpload shutdown
![Page 19: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/19.jpg)
![Page 20: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/20.jpg)
YouSendIt Privacy Policy
Certain information may become accessible, such as the text and subject of messages you have sent, the name and content of the User Files you have sent, the date and time messages were sent, and the email addresses of the recipients.
![Page 21: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/21.jpg)
Secure document services
![Page 22: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/22.jpg)
![Page 23: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/23.jpg)
Security issues
![Page 24: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/24.jpg)
Secure document issues
• Do you need secure intra- or inter-enterprise collaboration?
• Can you recall sent messages? • What happens when someone leaves your
company? • How does the service affect users’ existing
email experience? • Can you authenticate recipients and thwart
malware such as key-loggers?
![Page 25: Tech net Why you shouldn't send sensitive emails](https://reader036.vdocuments.site/reader036/viewer/2022081413/546c251bb4af9f8e2c8b504b/html5/thumbnails/25.jpg)
The moral of the story: don’t use straight email to send your documents. Anything is else better.