Presentation on theme: "GlobalCerts & SurfControl Only a layered approach can provide total risk management."— Presentation transcript:
GlobalCerts & SurfControl Only a layered approach can provide total risk management.
Who is GlobalCerts? Founded as Tovaris in Fall 1999 by team of information security and electronic mail experts Changed name to GlobalCerts in 2004 to better illustrate our corporate strategy Brought first S/MIME-compliant secure messaging gateway appliance to market in Fall 2000 Headquarters in Bedford, NH, and offices in Charlottesville, VA, Washington DC, Boston, MA, and Dublin, Ireland Privately held company with customers in the healthcare, insurance, banking, investment, government, legal and corporate spaces in U.S., Canada, and Europe
Turn-Key, ALL INCLUSIVE Secure Email & Secure Messaging Platform S/MIME Secure Messaging Automatic certificate lookup and harvesting Automatic encryption and decryption Digital signatures SecureMessenger SecureMail Gateway universal secure messaging feature Enables secure email to any recipient, requiring only: Standard web browser Email address SecureTier Scalable backbone network Connects SecureMail Gateway appliances Management and distribution of standard X.509 certificates (public keys) Automatic certificate lookup on every message S/MIMECompliant UniversalSecureDelivery GlobalCertificateNetwork
The Benefits & Advantages for Compliance with the GlobalCerts are Clear Turn-key email security with little to no user overhead No client software to load on each individual workstation Automatic encryption and decryption Send secure email to any recipient Little to no management burden Automated cert management - find and retrieve recipient certificates by default (automatically), on every message sent Integrate secure email with anti-virus, content scanning, etc. Link remote email locations quickly – within a couple of hours Ensures privacy with strong encryption, ensures confidentiality with symmetric key exchange, ensures integrity with a hash function and ensures non-repudiation with symmetric key exchange.
Who is SurfControl? Leading provider of enterprise threat protection Shields enterprises from known and emerging Internet dangers through Layered Threat Protection Redefined traditional “filtering” into a unified set of web, email and messaging security solutions Continuously filter inbound and outbound Internet traffic to eliminate spam, spyware, phishing, web and email abuse More than 20,000 customers worldwide
The Risk 80% of breaches originate within an organization and are carried out by an insider. Some may be malign, but more commonly they are ‘user error’ –hitting send by mistake. Information leakage is ranked right after spam as a major content issue facing corporations today. Today, enterprises need to protect not only external threats, but emerging internal threats regulating the need to control outbound content Information taken from research done by IDC.
What am I protected against? Violations of regulatory compliance –HIPAA –GLBA –Sarbox (See additional slides for full description of each) Violations of corporate email policy & best practices Loss/leakage of intellectual property Loss/leakage of confidential or customer information Inappropriate content
Regulatory Compliance Healthcare – HIPAA All Protected Health Information (PHI) must be secured to ensure privacy and confidentiality when electronically stored, maintained or transmitted. Email containing PHI sent across the Internet unencrypted puts a healthcare organization in jeopardy of public scrutiny, stiff fines, and in gross negligence cases can even include imprisonment.
Regulatory Compliance Financial – GLBA Under the Gramm-Leach-Bliley Act financial institutions must provide customers with a notice of privacy policies and must not disclose nonpublic personal information about consumers. GLB requires that the SEC establishes standards for protecting customer information. (Section 248.30) Any perceived threat or hazard to the security or integrity of customer records and information must be protected. This includes customer information in both storage and via email.
Regulatory Compliance Enterprises-Sarbanes-Oxley Act (Sarbox) Sarbox was created to restore investor confidence in US public markets, which was damaged by business scandals and lapses in corporate governance. Under Sarbox good corporate governance and ethical business practices are no longer optional niceties. Email is a key corporate infrastructure that, per sections 302 and 404 need to be further controlled. When email leaves an organization it is in clear text and there is no way to “control” the integrity of the information in that message.
The Joint Solution The joint solution from SurfControl & GlobalCerts provides seamless content-forced encryption, allowing for tighter enterprise-wide content protection and compliance enforcement. Users don’t do anything differently to send/receive email Administrators don’t manage complex systems Recipients don’t change the way they receive secure messages Sensitive information stays confidential, protected and compliant