CipherPost Pro

Businesses who need to email sensitive information to a wide range of recipients?including employees, customers, contractors, and partners?have to think about ways to securely transmit the information. For those organizations, email encryption service CipherPost Pro may ease some of the pain of rolling out a secure messaging platform, because AppRiver would be shouldering the responsibility for protecting the data.

Encryption is one of those things that needs to be done right in order to be effective, and that's not always easy to do. In some recent data breaches, it turned out the organization hadn't implemented encryption correctly, such as using a weak cryptographic key or not managing the keys properly.

Why Businesses Need Secure Email
Recently, I had to send a scanned copy of my passport to someone in Massachusetts. State law required the file be protected, so I wound up creating a password-protected PDF file and gave the recipient the password over Skype. A healthcare facility has to comply with HIPAA (Health Insurance Portability and Accountability Act) regulations, so staff members may be creating password-protected zip archives to protect the data.

While the data may actually be protected, neither of these methods are particularly sustainable over many users and both leave a lot of room for human error.

A Primer on Email Delivery
Basic mail works pretty simply. A user composes a message and sends it, which then bounces from one server to another over the SMTP (Simple Mail Transfer Protocol) network, until it reaches the receiving mail server. Copies of emails may be stored on some of these intermediate servers. And there is no way to track what happens to that message once you've sent it out in to the big wide world.

Many encrypted email systems encrypt messages being sent with local certificates and public/private cryptographic key pairs. This can get complicated easily when rolling it out to a lot of users, and even more challenging if the organization regularly has to send sensitive data to people outside the organization, such as contractors, customers, and partners. While many people use PGP (Pretty Good Privacy) to encrypt their messages, it can be tricky getting first-time recipients set up with the private key, or even verifying which key the sender should use.

The Security Trade-Off
Businesses interested in secure email generally have two options: have the sender encrypt messages themselves, or rely on a dedicated secure system that handles the process in the background. The first option can be cumbersome for some users, but it keeps control in the hands of the organization and users. There is also no need to segment messages as everything is in one system and readily accessible.

The second option is easier for end-users because the responsibility is shifted to the administrators. And if the dedicated system is a hosted platform, then the service provider is the one who controls the encryption keys and is responsible for making sure the messages are secured. The organization must, however, trust the provider to do it right and not to sneak a peek at the data.

For some organizations, the ease of use is worth partnering with a provider. If so, a platform like AppRiver's CipherPost Pro is right up their alley. Others who believe retaining control is more important would have to consider other options. In CipherPost Pro, AppRiver holds the keys for all the customers. Even though the company generates a custom AES256 key for each customer account, AppRiver handles key management.

Getting Started With CipherPost Pro
Organizations sign up for CipherPost Pro on www.appriver.com. A member of the AppRiver team calls the administrator back to help with the setup and to do a very quick walkthrough to familiarize the administrator with the platform. The platform costs $7.95 per user per month.

For this review, AppRiver setup a PCMag-branded account which I was able to use to send and receive secure messages.

The administrator has full control over the system, managing users who have access to the system, storage and bandwidth limitations, and deciding whether messages could ever be saved locally. While administrators have control over the system's configuration and settings, they do not have access to individual messages and file attachments. The administrator can also see overall usage statistics with the Web Admin Console, such as total number of users, the total amount of storage available, and other usage patterns.

The administrator could set up authentication levels for users, such as designating them as "Guests," which means they could just view messages.?Next: Sending, Receiving Messages with CipherPost Pro

Source: http://feedproxy.google.com/~r/ziffdavis/pcmag/~3/9uL7Xb5Llmc/0,2817,2412903,00.asp

Suzanne Barr Clint Eastwood speech Maria Montessori clint eastwood Julian Castro Blue Moon August 2012 Eddie Murphy Dead