Thursday, October 25, 2012

Egress Switch 007 - Licence to Secure Data

Natalie-Kym Vinnicombe
Business Development Manager
Egress Software Technologies Ltd.
Who knew that IT security would be cool enough to be the star of the new James Bond movie; Skyfall? Admittedly not sexy enough to don the new bond girl ‘Geek Sheek’ with thick rim glasses, braces and a silver surfer T-shirt; but hot enough to be the main theme of the latest film in the 007 series.
The film’s plot revolves around the loss of extremely confidential government information that discloses the identities of every active MI6 secret agent in the world, pretty damming stuff and definitely the type of information that should really be protected.
Being the secret agent / marketing genius that I am, I saw an opportunity to jump on 007’s bandwagon. However my idea of filming a spoof trailer with my colleagues in the office and editing in some shots of the Egress Switch Software didn’t go down as well as I had first hoped. So instead I thought I would look in more detail at the challenges faced by James Bond and MI6 in Skyfall and show that they are not that far removed from the problems most organisations face when trying to share sensitive information.
Working within the world of IT security where I spend the majority of my time helping customers deal with data security challenges and the Data Protection Act (DPA), I understand the importance of file encryption and the consequences for organisations which choose to ignore it. But outside of this world, how many organisations realise how important information security is? Certainly the increase in fines from the Information Commissioners Office (ICO) is helping to raise awareness and only last week a major UK police force became the latest organisation to receive a hefty fine due to a data breach. But is this enough and what more can be done to educate businesses and end users?
Unfortunately the ICO is not the antagonist of the 007 film, but I am definitely considering a bit of plot alteration for my trailer;
I can envision the closing scenes of the film now... James Bond and the ICO fighting to the death, all the while the ICO is quoting the 7th Principle of the Data Protection Act and telling 007 that if MI6 had only used ‘Egress Switch’ to send the information securely they would have retained real-time control over the data at all times and everything would’ve been ok…Classic film making.
So what can the IT security community hope to get out of this film? Well one thing, the contract to provide encryption to MI6 would be nice :). I wonder how many cold calls & FOI requests they will get from Vendors and IT suppliers alike following its release?!
But more seriously, the cinematic manifestation of the topic ‘Secure Data’ is a significant step forward in the promotion of data protection and the steps organisations need to take. I don’t know how many people watch James Bond but according to ‘answers.com’ over half the world has seen at least one Bond movie.
I am unsure as to whether viewers will find the topic as thrilling as previous Bond films which include stolen missiles, hijacked submarines, stopping evil drug lords and not to forget being led astray by many beautiful women (though I think there will still be plenty of the latter), however, it might be just the thing to really help our industry reach the mass market and finally make people sit up and think ‘Is my Data Safe?!’
Natalie-Kym Vinnicombe
Egress Software Technologies

Tuesday, July 17, 2012

How do you share information securely? Not very well judging by a recent survey!

Tony Pepper
Chief Executive Officer and Co-Founder
Egress Software Technologies Ltd.

As we see more and more news headlines reporting on the heavy fines from the Information Commissioners Office (ICO) for organisations that have lost data or who are perceived to have mishandled information*, there is a growing culture of fear and concern as we all wonder, "who will be next to drop the ball?"

This is at a time when IT and security budgets are being cut and organisations are struggling to identify where to prioritise their efforts and how to find the money to invest.

I recently attended an NHS event where one delegate actually said that some Trusts would almost welcome an ICO fine because it would mean that budget would be found to invest in the correct security technology! How sad a situation we find ourselves in!

At Egress we constantly work with our clients and partners to understand the challenges they face when sending information and data securely. It ensures we are providing solutions that solve these problems.

In June we decided to take this one step further and in partnership with the SC Magazine Website ran a survey entitled "Data on the move - How do you share your information?"

The objective was to look in detail at some of these issues, to try and understand how they are being managed by organisations across multiple sectors and where the systems are failing.

The results were startling! There is a full write up in the latest issue of SC Magazine, but here are some of the key points;

  • 94.5% of those surveyed thought that data security systems are often overlooked when sharing confidential information because they are too complicated for the recipient or both the sender and recipient to use.
  • Over 10% of firms still rely on fax or registered post to send sensitive data to third party suppliers or clients... whilst 67.9% rely on unsecured email to send this information!
  • 71.6% use either FTP sites or unsecured transfer sites (Yousendit, Dropbox, etc) to send files that are otherwise too large to email.
  • 74.5% said they have received an Outlook recall request – suggesting a huge number of incorrectly sent emails!!
  • And finally 92.6% of surveyed confirmed that the ability to prevent an email recipient forwarding on an email was important, something traditional email can't do!

Having looked in detail at these stats there are a number of conclusions;

  1. Clearly the systems are not currently in place to enable users to effectively send information securely.
  2. The systems that are in place are often so complicated that they actually prevent users from doing their work efficiently and therefore are more often than not overlooked.
  3. There doesn't seem to be enough emphasis on education. Do end users really understand when they are sending something securely and when they are not? Do they know what information needs to be sent securely and what information doesn't?

And the one that gets me every time - 10% of firms still rely on fax and registered post to send sensitive information… there was me thinking we worked in the 21st century?!

So where does all that leave us?

  • Well I think we can confidently predict that the number of ICO fines will continue to rise both in the Public and Private sectors.
  • Organisations will continue still struggle to implement best practice solutions that ensure they comply with the Data Protection Act.
  • And most important of all, sensitive information that may include yours or my details may be lost or fall into the wrong hands!!

Until organisations and end users understand the true security threat and are educated both on the right technology systems to use and how to use them, then this is a story that just won't go away!

* http://www.ico.gov.uk/news/latest_news/2012.aspx

Thursday, June 7, 2012

Egress Switch Support for Google Apps

John Goodyear
Chief Technology Officer
Egress Software Technologies Ltd.
At Egress Software we love Google services, GMail and Google Docs (now Drive) and the paid incarnation of Google Apps provides users with one of the richest and most complete cloud services for message, document, and file management.

As we built Egress Switch which offers users secure message and cloud delivery as secure encrypted packages we were always intrigued by Google Apps Mail.  Because we wanted to keep things as seamless and transparent as possible for end users there seemed like no sensible way to secure messages without making end-users go through extra steps.

We’re excited to announce that we’ve solved the usability issue of secure messaging when using Google Apps Mail. During June 2012 we’ll be starting a beta program to allow organizations using Google Apps secure email using Egress Switch.


How we have solved the problem

We have two deployment options for Egress Switch; Client deployment or server gateway based deployment.  It's this second option Gateway mode that allows us to secure email for Google Apps users.  An Apps account can be configured to use a custom SMTP gateway, this means all emails leaving the Apps domain are routed to a custom SMTP server.

It's simply a case of pointing the Apps domain to an Egress Switch Gateway appliance,  this server will then apply your enterprise policies to all emails leaving the domain.

Enhancing the user experience

The gateway approach works very well especially if the organization doesn’t necessarily want its users making choices about encryption. The Gateway can use a series of defined rules to decide when security is applied. This isn’t always the case and many organizations like the idea that users are responsible for applying classification to messages. The Egress Switch client for Outlook gives users this level of control.

To address this for Google Apps accounts we’ve developed a Google Chrome Extension that brings Egress Switch controls to users accessing Google Apps Mail via the Chrome web browser. 




The addin connects the user’s Switch account through the Google Apps account and allow them to apply appropriate security labels to the message.

This message classification is intercepted by the Switch Gateway and appropriate steps taken to secure it before delivery to the recipient.

During the beta phase we’ll be rolling out more enhancements to the Egress Switch Chrome extension to allow a much richer user experience. If you're interested in taking part in the beta program or have some ideas for feature enhancements, talk to your Egress representative.