Protect Your Customers and Your Business with Secure Business Communications

Jon Gatrell

VP, Product Management

12.16.2009

Business Risks and Realities• Communication requirements growing• Confidential communications

requirements• Complexity is growing• Compliance is critical

3

IT Realities•Users have to collaborate•Global Infrastructures•Too many tools•Limited Control

`Breaches happen everyday – 11.16.2009

FTP alone is not a viable option to give you the insight, security and performance and, ultimately, the risk mitigation necessary to responsibly conduct business.

Because e-mail connects through many routers and mail servers on its way to the recipient, it is inherently vulnerable to both physical and virtual eavesdropping. Current industry standards do not place emphasis on security; information is transferred in plain text, and mail servers regularly conduct unprotected backups of e-mail that passes through.

Another take on email privacy…

In personal email communications, there has always been, and always should be, an expectation of privacy between the sender and the intended recipients of a message, enabling open communication with friends, colleagues, family, and others…..

Let's be clear: there are issues with email privacy, and most of these issues are common to all email providers. The main issue is that the contents of your messages are stored on mail servers for some period of time; there is always a danger that these messages can be obtained and used for purposes that may harm you, such as possible misuse of your information…

Understanding the scale of data breaches

85% of businesses have had a data security breach

46% of businesses failed to implement encryption solutions even after suffering a data breach!

Source: Ponemon Institute

9

The Impact to Businesses

74% report loss of customers.

59% faced potential litigation.

33% faced potential fines. 32% experienced a decline

in share value

Source: Ponemon Institute, LLC

Number of Data Records Lost

It’s just money….

It happens to the best of us…

Yale has experienced 600 recorded security incidents in the previous 12 months (2008-2009), costing an estimated $200,000 to remediate

• HIPAA• Requires that companies prove that only the intended

recipients received the information and that it was secure

• Safe Harbor Directive• Protecting personal information and transfer

• GLBA• Requires organizations ensure the security and

confidentiality of customer records and information

• SOX• Requires auditable business processes

• E-Invoicing• Long term electronic retention and digital signatures

Governmental Requirements

“A member in public practice shall not disclose any confidential client information without the specific consent of the client.”

It’s not just government, it’s also professional standards

AICPA Code of Professional Conduct - Rule 301

Be concerned about all of these items

• Employee information• Employee Performance Data• Employee Disciplinary Data• Staff Employment Data

• Department Business Data • Credit Card/Purchasing Cards• Customer Information

• Procurement• Vendor Information• Quotes

252,474,509 people affected since 1/15/05

Best Practices to Avoid Exposure

• Use end-to-end encrypted communications

• Track all messages and confirmed who received it

• Manage user profiles, access and groups memberships

18

19

Know who received what messages and files

Historical and Real-Time Visibility into Messaging

Manage Users and their access

Proactively Manage groups and understand their activity

Productivity & Privacy

Financial information

Board of directors or just internally

Customer records and files

No matter what size

28

Do you retain PHI?

Security inside and outside required

Supporting your customers

Confidential environment and operational data is exchanged

31

Access and Controls

The right systems, the right platforms, the people and the right partners

The Benefits of an Easy to Use Secure Communications

Improved Service Levels Quicker cycle times

Improved compliance Corporate (Internal controls/audits, security, sustainability) Governmental (SOX, Basel II, HIPAA…)

Security Enforcement Process level governance Content and session encryption

Improved visibility and control Process status Exceptions Transactions and Trends

Easy to use Ability to deploy quickly Auditing, Security and

Reporting Privacy for confidential

communications Support large files Protect mobile content

Your solution must…

THANKS!

www.scribbos.com www.stonebranch.com managedfiletransfer.wordpress.com

Secure Communications:Enterprise Automation:

MFT Blog: