The Escalating Importance of The Escalating Importance of Email Encryption September 21, 2011
The Escalating Importance ofThe Escalating Importance of Email Encryption
September 21, 2011
Today’s Agenda
Introduction’s
State of Email Encryption Survey OverviewLarry Ponemon, Chairman and Founder, Ponemon Institute
Discussion of Survey highlightsGeoff Bibby, Vice-President Corporate Marketing, ZixCorpy, p g, p
Demonstration of ZixCorp Email Encryption ServiceC S S CAlex Chiu, Senior Sales Engineer, ZixCorp
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 2
The State of Email EncryptionU.S. Survey of IT & Compliance Practitioners
Sponsored by Zix Corporation
Independently conducted by Ponemon Institutep y y21 September 2011
P I tit tPonemon Institute LLC
The Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business andpractices that positively affect privacy and data protection in business and government.
The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protectionprivate and public sectors and verifies the privacy and data protection practices of organizations.
Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations) Dr Ponemon serves as CASRO’s chairman ofResearch Organizations). Dr. Ponemon serves as CASRO s chairman of Government & Public Affairs Committee of the Board.
The Institute has assembled more than 60 leading multinational corporations ll d th RIM C il hi h f th d l t d ti fcalled the RIM Council, which focuses the development and execution of
ethical principles for the collection and use of personal data about people and households.
The majority of active participants are privacy or information security leaders.
9/22/2011 2Ponemon Institute: Private and Confidential
About our studyy
Sponsored by Zix Corporation, this national study utilized a representative sample of IT and compliance practitioners p p p plocated in all regions of the United States.
Sampling and screening procedures ensured respondents were presently in the workforce and held bona fide credentials.
W b b d lt t d 4 kWeb-based survey results were captured over a 4-week period ending in late August 2011.
Our survey research focused on issues relating to the use ofOur survey research focused on issues relating to the use of email encryption solutions within the workplace.
9/22/2011 Ponemon Institute: Private and Confidential 3
About our study (continued)y ( )
Our research sought to better understand the plethora of issues and challenges in trying to secure email g y gcommunications between senders and receivers.
The total sample size consists of 830 individuals (557 in IT & 273 in compliance), which represents a 2.7% overall response rate.
S d t h f 10+ fSurvey respondents have an average of 10+ years of experience in their field. More than half (59 percent) are at or above the supervisor level in their organizations. Forty percent work in organizations with a headcount of 5 000 orpercent work in organizations with a headcount of 5,000 or more employees.
9/22/2011 Ponemon Institute: Private and Confidential 4
Stratified samplepThe following pie chart summarizes the industry classification of respondents in the combined sample. By design, stratified sampling methods resulted in a disproportionate number of respondents in financial services (29 percent) and healthcare (25 percent) organizations. The remaining 46% of respondents are located in more than 12 other industry selections.
3%2%
2%2% 4% Financial services
Healthcare
Retail29%
5%
4%
3% Retail
Technology & Software
Government
Industrial
5%
5%
Services
Pharmaceuticals
Hospitality
Transportation
6%
5% Entertainment & media
Communications
Energy
Other
9/22/2011 Ponemon Institute: Private and Confidential 5
25%7%
Summary of top five findingsy p g
1. Fifty-nine percent of respondents strongly agree or agree that the use of email by employees is one of the mainthat the use of email by employees is one of the main sources of data leakage in their organizations.
2. Email security on mobile devices is a major concern for y jrespondents. Seventy percent of respondents are concerned about the loss of information via email on mobile devices.
3. Sixty-eight percent of respondents say that employees ignore policies about emailing unencrypted or confidential d t th h i h ldocuments through insecure channels.
9/22/2011 Ponemon Institute: Private and Confidential 6
Summary of top five findingsy p g
4. Sixty-one percent say that employees send unencrypted confidential information through insecure email channelsconfidential information through insecure email channels.
5. More than half (52 percent) of respondents say senders in their organization are frustrated with current email solutions gin the workplace and 57 percent say recipients are frustrated.
9/22/2011 Ponemon Institute: Private and Confidential 7
Caveats
Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of IT and compliancereturns. We sent surveys to a representative sample of IT and compliance practitioners, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that auditors who did not participate are substantially different in terms of underlying beliefs from those ho completed the s r ethose who completed the survey.
Sampling-frame bias: The accuracy is based on contact information and the degree to which the sample is representative of individuals who are IT or compliance professionals We also acknowledge that responses fromor compliance professionals. We also acknowledge that responses from paper, interviews or telephone might result in a different pattern of findings.
Self-reported results: The quality of survey research is based on the integrity of confidential responses received from respondents While certainintegrity of confidential responses received from respondents. While certain checks and balances were incorporated into our survey evaluation process, there is always the possibility that certain respondents did not provide responses that reflect their true opinions. p p
9/22/2011 Ponemon Institute: Private and Confidential 8
Company OverviewCompany OverviewCompany OverviewCompany Overview
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 3
Who Are We? The Leader in Email Encryption Services
• Dallas-based company traded on Nasdaq (ZIXI)• Founded in 1998• Offices also in Burlington, MA• 100% focused on Email Encryption
“ZixCorp is by a wide margin the leadingZixCorp is, by a wide margin, the leading services provider” for email encryption services.
– Gartner
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 4
Trusted by the Most Influential Institutions
• Divisions of the U.S. Treasury• U.S. federal banking regulators and the SEC• More than 20 U.S. state banking regulators• More than 1,500 U.S. financial institutions• Nearly 1 in 5, or more than 1,200, U.S. hospitals• 33 Blue Cross Blue Shield organizations
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 5
Email and Business Today
Email continues to be the dominant communication tool used in business, with time spent on email exceeding
the combined time spent on all other communication tools the combined time spent on all other communication tools.
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 6
*Osterman Research (based on time spent on communication tools during an eight-hour day)
Company OverviewSurvey ResultsCompany OverviewSurvey Results
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 7
Executive Summary • Many respondents have an email encryption solution in place
M j it h h d th i l ti f th 4 • Majority have had their solutions for more than 4 years
• Over half use “Push” technology as their primary method of delivery for • Over half use Push technology as their primary method of delivery for encrypted email
• Ease-of-use is a priority but difficult to attain, and user frustration is high for both senders and recipients
• Mobility is a major concern, but Push solutions aren’t useable on mobile devices
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 8
Existing Users May Have Outdated Technology F th 64% f d t ith il ti l tiFor the 64% of respondents with an email encryption solution:
How long has your organization had its current email encryption solution(s)?
Less than 1 year5%
yp ( )
5% 1 to 3 years28%
Over 10 years7%
4 to 6 years36%7 to 10 years
7%
7 to 10 years23%
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 9
The Need for Encrypted Email
For those with an email encryption solution: What are the primary drivers for
email encryption in your organization?email encryption in your organization?
3 2
3.94.1
3.5
4.0
4.5
2.3
2.93.2
2 0
2.5
3.0
3.5
0 5
1.0
1.5
2.0
0.0
0.5
Company reputation Customer or business partner demand
Industry best practice Risk avoidance Regulatory compliance
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 10
The Need for Encrypted Email
• Compliance and risk avoidance continue to provide the major impetus for email encryption implementationy
• Email encryption from ZixCorp assists with compliance and:• Limits risk of private information being exposed• Protects your company’s reputation from breach notification• Allows exchange of encrypted email transparently with business
partners and customers when both are ZixGateway customers.
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 11
Email = Source of Data Leakage
The insecure use of email by employees is one of the main sources of data leakage in our organization.
Strongly agreeUnsure
19%24%
Disagree14%
Agree35%
Strongly Disagree8%
And the majority believe the growing use of mobile devices increases the
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 12
difficulty of protecting sensitive information in email
Companies Are Worried About Data Loss
• The majority of respondents feel that confidential corporate information is disseminated via email on a nearly constant basis.
I il ti b l i t d i f l • Insecure email practices by employees introduce meaningful risks to enterprises in healthcare, financial services and most major industries major industries.
• By automating email encryption with ZixCorp employees can By automating email encryption with ZixCorp, employees can retain their usual workflow, and companies can feel confident that sensitive information in email is protected.
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 13
p
Frequency of Data Leaks in Email
Do employees send unencrypted confidential information through
i il h l ?
How frequently do employees mistakenly send unencrypted
confidential information to recipients insecure email channels? confidential information to recipients outside the organization?
Very frequently30%
Never3%
Don't Know20%
No30%
Not frequently14%
Yes64%
36
Frequently34%
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 14
How Frequently Do Employees…
Ignore policies about emailing unencrypted confidential
Use personal web-based email to send unencrypted confidential unencrypted confidential
documents?send unencrypted confidential
information?
Very frequently32%
Never3%
Don't Know19%
Very frequently
Never1%
Don't Know19%
32%
Frequently
Not frequently17%
39%Not frequently11%
Frequently34% Frequently
34%
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 15
Policies Are Not Enough
• Organizations need enforceable policies that are published
• Enforce those policies with a robust and automated email encryption solution to automate the detection and encryption of sensitive i f ti i ilinformation in email • Limit risk of sending information in the clear that should
be encryptedbe encrypted• Avoid disruption of employee workflow
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 16
Company OverviewThe Value of Ease of UseCompany OverviewThe Value of Ease of Use
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 17
Sender Experience
Rate the level of frustration that senders have when
encrypting email
When selecting an email encryption solution, how important is ease of use
for your senders? encrypting email.
I l t
for your senders?
Unsure
Very ImportantNot important
Irrelevant12%
Frustrated
Unsure13%
y p43%
I t t
p20%
Frustrated52%Frequently
34%
Important25%
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 18
Recipient Experience
Rate the level of frustration that recipients have when encrypting
il
When selecting an email encryption solution, how important is ease of use
f i i t ? email.for your recipients?
Irrelevant Unsure
Very ImportantNot important19%
10% Unsure12%
y p50%
Important
19%
Frustrated57%
Not Frustrated30%
21%
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 19
Email Encryption Triggers
How does your organization triggermessages for encryption?
50%Content filter
69%Keywords
45%Domain/recipient specific
8%
0 20 40 60 80
Other
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 20
Respondents selected all triggers that applied to their solution.
Ease of Use and Frustration
• Though respondents cared about ease of use when selecting an email encryption solution, sometimes long ago, their
d d i i t till f t t dsenders and recipients are still frustrated
Ch “ t ti ” l ti th t id bil • Choose a “next generation” solution that provides mobile support and allows transparent sending and receiving of encrypted messagesencrypted messages
• As more users choose these easier to use solutions expect • As more users choose these easier-to-use solutions, expect senders and recipients to find email encryption convenient to use and their levels of frustration to decrease
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 21
use, and their levels of frustration to decrease
Methods of DeliveryWhat is your organization’s primary method for delivering
encrypted email?
48%Push – email is received as an encrypted attachment opened with a password
31%Attachment – sender manually encrypts an attachment and communicates password separately
21%
0% 10% 20% 30% 40% 50% 60%
Pull – email is retrieved at a portal using a password
“Push” email encryption creates an HTML attachment to an email message. These messages require a password open, sometimes are stripped by anti-virus and anti-malware solutions and are considered more difficult to open on mobile devices. “P ll” t d il i d li k t il t l lik li b ki li ti Th
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 22
“Pull” encrypted email messages are received as a link to an email portal, like an online banking application. These are considered easier for recipients because the interfaces are familiar to recipients and not stripped of the encrypted information.
ZixCorp’s Key Differentiator: ZixDirectory
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 23
Transparency a Key Solution to Frustration• User frustration will likely increase as vendors promoting who
only provide “Push” falter in their support of mobile email access
• ZixCorp offers the only hosted and shared email encryption network, ZixDirectory, which allows ZixGateway customers to exchange encrypted email transparently, with no passwords
• ZixCorp also offers robust “Push” and “Pull” methods ensure the least possible frustration for those not in ZixDirectory
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 24
Company OverviewAdded Complexity:
M bilitCompany OverviewMobility
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 25
Mobile Email Encryption
Is your organization concerned about loss of information via
bil il?
Have you ever attempted to open an encrypted email on a
bil d i ?mobile email?
Unsure
mobile device?
Yes70%
No
Unsure20% Yes
31%
Unsure13%
70%10%
No57%
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 26
Mobility Increases Complexity
The growing use of mobile devices in the workplace makes it difficult to secure email communication.
Strongly disagree
8
Strongly agree25%
Disagree12%
Agree27%
Unsure29%
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 27
Mobile Support Is Becoming More Critical
• Use of mobile devices is growing rapidly, and difficult to manage
• Making encrypted email easily accessible on mobile devices is vital to day to day businessmobile devices is vital to day-to-day business operations and to keep information protected
• ZixMobility offers 1-click access for mobile device users that saves frustration and secures data
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 28
ZixCorp Solution Summary
• Best-of-breed technology that is continuously updated and
• Automatic encryption of emails ensures compliance and eliminates employee triggering
improved• It’s all we do
• Strong lexicons reduce false-positives and negatives
• The only solutionoffering transparent
• 1-click access to encrypted email via offering transparent
email encryption• Allows workers to continue
their work flow and comply
ZixMobility• Protects information and
allows business to continue unimpeded
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 29
p yunimpeded
Launching TodayAll of the detailed data along with videos and other relevant materials
survey zixcorp comsurvey.zixcorp.com
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 30
Thank you for your participation!
The iPad2 winner is…..
Your questions for:• Larry Ponemon, Ponemon Institute• Geoff Bibby, ZixCorp
At the top of the hour:• ZixCorp technical demonstration
Please complete the feedback form
The Escalating Importance of Email Encryption: Results of a Survey by the Ponemon InstituteSlide 31
ZixCorp Solution OverviewAlex Chiu
9/21/11
Things To Consider
How to Encrypt Messages
How to Encrypt Messages
How To Deliver Encrypted Messages
How To Deliver Encrypted Messages If Cloud / SaaS BasedIf Cloud / SaaS Based
TT TT I t it d li bilit I t it d li bilit • Transparency• Regulatory compliance• Encrypt only what
needs to be encrypted
• Transparency• Regulatory compliance• Encrypt only what
needs to be encrypted
• Transparency• If not possible, make it
as easy as possible
• Transparency• If not possible, make it
as easy as possible
• Integrity and reliability of the data center
• Third-party tifi ti
• Integrity and reliability of the data center
• Third-party tifi tineeds to be encrypted
• Doesn’t hinder business
needs to be encrypted• Doesn’t hinder
business
• Smartphone support• Guaranteed encrypted
replies
• Smartphone support• Guaranteed encrypted
replies
certifications• Disaster recovery
certifications• Disaster recovery
• Proper handling of bounces
• Proper handling of bounces
Ensure Compliance and Employee Workflow
Reduce Frustration and Enhance Function
Guarantee Data Privacy and Security
9/22/2011 ZixCorp Solution OverviewSlide 2
p y y
ZixCorp Secure Email Suite
Encryption– ZixGateway - Appliance
Zi M il D kt– ZixMail – Desktop
Delivery– Existing ZixCorp user (Transparent Delivery)Existing ZixCorp user (Transparent Delivery)– ZixPort (Browser Pull)– ZixDirect (Browser Push)
Reporting Service– Automatically generated
3
Risk Assessment Service– ZixAuditor — Identifies, quantifies, and reports
email vulnerabilities3
9/22/2011 ZixCorp Solution OverviewSlide 3
ZixDirectory™: Enabling TransparencyWorld’s largest email encryption directoryWorld s largest email encryption directory. Grows at 100,000 users per week.
Healthcare Finance Government9/22/2011 ZixCorp Solution OverviewSlide 4
ZixGateway™ Inboundand ZixPort Compose FeatureOutbound
9/22/2011 ZixCorp Solution OverviewSlide 5
Encrypted Replies Decrypted at the ZixGateway
9/22/2011 ZixCorp Solution OverviewSlide 6
The Backbone: ZixData Center
S T t C tifi ti i 2003SysTrust Certification since 2003– Security, Confidentiality, Integrity, Availability
SAS70 Type II PCI Level 1 DSS 2 0SAS70 Type II, PCI Level 1 DSS 2.0
Includes Business Continuity Plan– Man-made disasters, terrorism– Natural disasters– Environmental disasters– Pandemic preparedness
24x7x365 NOC
99 99% availability under SLA7 99.99% availability under SLAThe ZixData Center™
9/22/2011 ZixCorp Solution OverviewSlide 7
Delivery to Non-Zix RecipientsDelivery to Non-Zix Recipients
ZixMobility On iPhone
9/22/2011 ZixCorp Solution OverviewSlide 9
ZixMobility On iPhone (Other Views)
9/22/2011 ZixCorp Solution OverviewSlide 10
ZixMobility On iPhone (Other Views)
9/22/2011 ZixCorp Solution OverviewSlide 11
ZixMobility On A Desktop Browser
9/22/2011 ZixCorp Solution OverviewSlide 12
ZixMobility On A Desktop Browser
9/22/2011 ZixCorp Solution OverviewSlide 13
ZixPort Integration With Your Website
9/22/2011 ZixCorp Solution OverviewSlide 14
Questions?