Messaging:Protecting your Data and your Reputation


Published on

Corporate email systems are vital to the successful operation of a business. They can contain sensitive data which should never be exposed to outside parties and needs to be totally secure; whilst providing users with flexible access from a wide range of devices and locations.
Andrew Quinn and Nigel Robson, discuss the myriad of security, regulatory, and corporate compliance issues facing organisations today.
How can we ensure that our data is safe and accessible, and that our corporate image is presented in a consistent and defined manner?

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • dc192.168.9.57 exch192.168.9.58 rms192.168.9.59 client
  • Nigel
  • Nigel
  • telnet exch.demo.local 25ehlomail from:mike.waterston@waterstons.comrcpt to:administrator@demo.localdataFrom:Mike Waterston<>To:Administrator<administrator@demo.local>Subject:Go home!I'm declaring today a holiday. Everyone can go home..quit
  • Credit card number - sends approval to adminProfanity "holiday" - overrideIP address - override and report to adminResearch - Applies RMS template
  • Show Exclaimer Mail Disclaimers on dur-vmmail-01Show the following templates for a good idea of capabilities:WaterstonsStandard Email SignatureDisclaimersCompanies Act 1985Business Cards\SignaturesOrbit Illustration Business CardExclaimer ExternalLetterhead styleOutgoing Style 2Letterhead 1 – eSpiralxChange Letterhead
  • Messaging:Protecting your Data and your Reputation

    1. 1. Messaging: Protecting your Data and your Reputation Andrew Quinn & Nigel Robson 1/11/2013
    2. 2. Email and your Business • Primary method of business communications • Stores critical business data • One of the main sources of data leaks • Your organisation’s identity • Your electronic ambassador
    3. 3. Protecting your Identity • • • • Your domain is your identity on the internet People recognise this and trust it Its important to protect this asset It’s incredibly easy to fake!
    4. 4. Sender Spoofing Demo
    5. 5. Protecting your Identity: Sender Policy Framework (SPF) • Allows receiving mail servers to check domain identity via public records (DNS) • Addresses of authorised mail servers added to public DNS records • If an email comes from an unlisted address it’s a fake • SPF is free to set up • Make sure you can list everything that sends emails from your domain!
    6. 6. Protecting your Identity: Sender Policy Framework (SPF)
    7. 7. Email is NOT Secure • Email is NOT a secure communications channel • Emails can easily be intercepted, viewed, altered and forwarded on • Sensitive information should never be sent via email unless security is enhanced
    8. 8. Email Capture Demo
    9. 9. Email is NOT Secure: Transport Layer Security (TLS) TLS Encryption
    10. 10. Email is NOT Secure: Transport Layer Security (TLS) • Secures messages in transit • Newer email systems support basic functionality out of the box • Some organisations will not do business with you without it • Can be configured for “best efforts” or guaranteed security
    11. 11. A Familiar Story?
    12. 12. Mobile Device Management (MDM) • Majority of organisations allow employees to access corporate email from mobile devices • Emails contain sensitive data, which is stored in memory, and usually not encrypted • What happens if that device is lost or stolen? • Approx. 300 mobiles stolen in London per day • Approx. 20,000 UK mobiles lost or stolen per day
    13. 13. Mobile Device Management (MDM) • MDM allows corporate devices to be managed centrally • Policies can be applied to all devices independent of make and model • Devices can be forced to be encrypted • Devices can be remote wiped if required • Microsoft Exchange provides basic MDM via ActiveSync but more granular control can be provided by other products
    14. 14. Journaling & Archiving • Two phrases which are often mixed up • Serve different purposes • Archiving – moving data to alternate storage for long term retention • Journaling – keeping a separate, immutable copy of messages sent & received
    15. 15. Journaling & Archiving
    16. 16. Why Archive? • • • • Reduce storage costs Improve scalability Provide longer-term storage to users Eliminate a reliance on PST files
    17. 17. Why Journal? • • • • Compliance with retention policies Provide an electronic paper trail Prove what was said / agreed Information cannot be lost when people leave
    18. 18. Journaling Considerations • If the email is modified in order to copy it (e.g. silently add BCC address), it may not stand up in court • If end-users can access the “journal”, it is an “archive” • Access to journaled messages should be audited
    19. 19. Data Loss Prevention • Email is one of the largest sources of data leaks • Data leaks are usually accidental • Once an email is sent, you can’t get it back!
    20. 20. Data Loss Prevention • Technology to manage the exposure of information is built into the Microsoft platform – Windows – MS Office (Word, Excel, PowerPoint, Outlook,…) – Exchange Server • Lots of acronyms… – – – – – Rights Management Services (RMS) Information Rights Management (IRM) Message Classification File Classification Infrastructure (FCI) Data Loss Prevention (DLP)
    21. 21. Data Loss Prevention • Add Classification – Provides information – Can be used for file system security • Apply Rights Management – Restricts data usage even when you have access • Process can be automated
    22. 22. Data Loss Prevention Rights Management... Classification... So what does this do for us? This is confidential. Don’t distribute it! Recipient blocks Exchangecan't sending Outlook warns open blocks
    23. 23. Data Loss Prevention Demo
    24. 24. Branding • • • • Present a consistent corporate image Provide contact details Support marketing campaigns Comply with legal requirements
    25. 25. Signature Management Andrew Quinn - Executive Consultant: Infrastructure Technology Office: 0845 094 094 5 | Mobile: 07710 374895 | Website: Waterstons Limited. Registered in England and Wales No. 3818424 Our registered office is at Liddon House, Belmont Business Park, Durham, DH1 1TW DISCLAIMER: The information contained in this email is intended for the named recipient only. It may contain confidential information. If you are not the intended recipient, you must not copy, distribute or take any action in reliance on it. Please note that neither Waterstons Limited nor the sender accepts any responsibility for viruses and it is your responsibility to scan attachments (if any).
    26. 26. Email Branding Demo
    27. 27. Q&A Coming up… Messaging: Harnessing the Cloud 15th November 2013