SSProtect:Email provides true and complete end-to-end email security for almost any of today's most popular Internet email services. This is more than encryption - this is complete data protection. While several email providers are touting end-to-end encryption by year's end, encryption without access control isn't security at all. SSProtect combines the industry's most advanced data encryption capabilities together with aggressive access controls to put a significant barrier between you and the world's most advanced electronic threats.
Microsoft Outlook Integration
SSProtect:Email is a Microsoft Outlook Add-In that utilizes the SSProtect:Expand command line interface to leverage the power of DefiniSec data protections independent of email UI considerations. When we sat down to build our products, we aimed to create solutions that would be easy to use for most anyone. Though there are many security products to choose from, most are are hard to use and are also limited in their capacity to manage today's threats. Our goal has been to combine the strongest available data protections with ease-of-use never before seen with strong security products, and we have achieved this for email messages with our latest offering.
Use External Email Services
Because Outlook allows you to integrate with external Internet email services, you can quickly apply message content protection to almost any service such as Gmail, Yahoo! Mail, and Windows Live Mail by adding the account to your Outlook configuration and provisioning an SSProtect Account specific to that email address. Why wait until the end of the year for end-to-end encryption when you can have true and complete security with independent access control for every single item right now - and without the concerns that come with browser plug-ins?
To keep things simple, we started with the idea that default workflows would retain data protections at all times. This allows you to collaborate with peers that may not have a high level of security awareness, or may operate in an unknown or questionably protected environment. With today's BYOD corporate computing models and shadow IT deployment for cloud collaboration, it's more important than ever to recognize that your information will pass through very high-risk environments before being consumed by your peers. By imposing protections on the entire process, by default, we free you from the worry of disclosure due to human error without limiting you from the flexibility required in getting to the plaintext for special purposes, as you see fit.
:Email Policy Options
When you provision SSProtect, you provide an email account that acts as your username. When your Administrator enables :Email for your account, the system recognizes configuration requirements and automatically downloads and installs the Outlook Add-in for you. At that point, you will see an Outlook ribbon control group for SSProtect:Email, as shown above. When you click on Settings, you get the one and only configuration dialog that is used to govern :Email behavior. Let's take a look at some details.
At the top left you can see the name of the SSProtect account to which :Email applies. When you send and receive email using this account, the software applies policy settings you manage in this interface. Other accounts are not affected. Note however that SSProtect provides an on-the-fly profile management capability that lets you switch from one Account to another. This lets you protect multiple email accounts at one time.
In general, on the left you find options associated with existing mail in your system, and on the right options associated with outbound items that others will receive. The lower portion of the dialog holds configuration items that deal with more advanced interaction for troubleshooting and fine tuning. Before looking at specifics, let's take a look at simple collaboration and how this works when receiving messages.
Receiving Protected Content
Because :Email relies on the SSProtect:Foundation, you are able to leverage :Collaborate - part of every deployment - and seamlessly share data with your Organization peers. These are most often your work colleagues or members of your immediate or extended team. In fact, though it's not practical, the software doesn't keep you from putting everyone in your company in the same Organization. This is the general approach we have taken in all cases - provide a suitable default protected workflow, but always offer flexibility in allowing you to choose how to utilize details.
When you receive a protected message, it will come to you in a format similar to that shown on the left. This is the encrypted message content using an encoding method that translates numbers into display characters. Though it would be nicer to hide these details and provide only a summary, email systems in general do not entertain a great deal of consistency in how they handle attached data, so we stick with an approach similar to what others use to retain compatibility.
Accessing Plaintext Message Content
When you open the message, SSProtect authenticates you against the active profile's email account, authorizes your access, then converts the message to plaintext for your use. When you close the message, the plaintext content is discarded and the encrypted copy remains.
On-Demand Message Protection
The Outlook message ribbon holds two additional icons over the main display control group - Protect Now and Release Protection. Because SSProtect retains the encrypted version of a message when you close, you can use these controls to affect results on individual email messages. For protected content, use, Release Protection to retain plaintext data in stored message content and, Protect Now to add protections to existing items in any of your Outlook folders.
You do more than open and close email - you compose new messages, forward messages, and reply to those that come into your Inbox. When you work with protected materials, SSProtect will take action, based on your preferences, to insure you don't unintentionally exposed plaintext data. These actions include:
- Deny any operation that exposes plaintext materials to any recipient
- Prompt you before permitting plaintext materials to be exposed to any recipient
- Permit your end-result independent of whether or not protection was retained
These cases come up when you:
- ...reply to or forward a protected message
- ...compose a new protected message and address recipients not authorized to access the data
- ...attach unprotected files to protected messages
Email is a tool that helps you accomplish your business objectives, and there isn't any reason you should have to remember all the details that come with protecting sensitive information. By exposing workflow options, SSProtect allows you to determine how the software responds to your most typical way of doing things and at the same time insures you don't accidentally expose plaintext materials. This can have a tremendous impact on the overall security posture of an organization when applied uniformly throughout.
We noted earlier that SSProtect allows you to collaborate with Organization peers using protected content that's easily accessible to them, but not others. Sometimes it's difficult to remember who has permissions to do what, and rather than make you go through all the painful details of choosing which users can read individual email items, we've chosen to scrub the recipient list when you send a message and offer choices in responding to situations where recipients would not be able to access your protected content.
By default, you are prompted with unauthorized recipients and given options:
- Send protected content anyway - this is useful if recipients will in the future have access to your shared content
- Remove unauthorized users before sending - this saves you the trouble of working your way through large user lists in dialog boxes
- Return to the message and edit the recipient list manually - this is necessary when other options fail to achieve your desired end result
This is especially helpful when collaborating with larger groups of people who use a selective data protection policy based on risk factors rather than protecting everything by default. By addressing recipients or replying to a large thread with a branch off the main conversation thread, this takes the burden of authorization off your shoulders and lets the system do the detailed work for you.
AutoSave and Stored Message Content
When you're editing a message, Outlook will after some short period of time save a copy of your progress in the Drafts folder to make sure you don't lose data as a result of unexpected events. While this can be useful in some cases, it can be downright catastrophic in others. SSProtect lets you decide how you want to handle this by permitting you to override the Outlook Auto-Save mechanism. This insures your information is never saved in plaintext format to a folder location you may not be aware of, helping you avoid accidental exposure of sensitive data.
You can also setup the program to make sure Save operations never overwrite stored encrypted content. This is applicable while viewing a protected message in plaintext format. Some users have indicated that they have a habit of choosing to Save items on a frequent basis, mostly as a results of days past when Windows wasn't as stable. If you do this while accessing plaintext versions of protected content, you would overwrite obfuscated material stored in your folders. Use this option which then forces you to use Remove Protections in order to affect stored protected message content.
SSProtect:Email brings together the convenience of Outlook's planning and messaging capabilities with the power of SSProtect data disclosure risk mitigation which allows you to spend more time focused on your job and less time on learning how to protect data. Operating as an Outlook Add-In, :Email provides significantly more than data encryption, it leverages SSProtect's patent-pending distributed cryptosystem to implement stringent data access controls and strong encryption designed to ward off APT and impersonation threat dynamics. When combined with additional SSProtect product suite components such as backup/restore (:Recover), on-demand data exposure risk categorization (:Assess), and integrated two-factor authentication (:Access), you quickly achieve the most advanced and effective level of Data Exposure Mitigation and Management capability without additional administrative costs or end-user training.
This article was published July 10th, 2015