Thursday, June 20, 2013

NISC 2013 – A gold sponsor’s view

Daniel Hoy
UK Marketing Manager
Egress Software Technologies Ltd.
The National Information Security Conference (NISC) is one of the largest security specific conferences held in the UK, and this year took place between 12th and 14th June at the Westerwood Hotel, Scotland.

As Gold Sponsors of the conference, members of the Egress Team were both exhibiting and speaking over the course of the three days.

With so much going on during the event, I thought it would be useful to keep a day-by-day diary, highlighting some of the best bits!


Day One: Wednesday 12th June

There was a busy start to the day for the Egress Team – comprising CEO Tony Pepper, UK Sales Manager Kelly McCann and yours truly – as we finished getting the final bits of the stand ready for the rush of delegates that would soon be descending upon us.

In terms of agenda for Day One, there were some really interesting presentations going on. This year, the event was hosted by Harvey Mattinson, who previously worked for CESG and the Cabinet Office, and whose experience as a leading figure in UK information security for over three decades guaranteed that delegates gained real educational value from the event.

Back on the stand, the Egress Buzz Wire, made famous by Infosecurity Europe 2013 (Securing success - highlights from the Egress stand at Infosecurity Europe 2013), immediately attracted a lot of interest. The question was: Could anyone beat the current world record time of 11:02 seconds? However, whether or not they beat the record, the prize for the fastest time at NISC was a Nexus 7 – so definitely worth a go!

Elsewhere, the talk was generally focused around the upcoming CESG IL3 Certification (expected in July) that will make Egress Switch the only CPA Foundation Grade Certified Email Encryption Product in the UK. For many organisations – including blue light, central government departments and local authorities that need to share Impact Level 3 data – this certification gives them the reassurance that they are selecting a CESG assured product to protect and encrypt information.

The stand also saw a number of professional services organisations, including leading law firms, looking to protect the highly confidential case information they share with both clients and third parties (including local authorities). Everyone we spoke to was searching for a simple, secure solution that integrates with existing systems and business processes so that user experience is seamless. Fortunately, that’s exactly where Egress Switch adds value!

The evening of Day One was all about the Networking Event, where delegates were encouraged to engage with exhibitors they hadn’t already spoken to. Again, this is where the Buzz Wire came into its own – it’s amazing how competitive people can get when there is a Nexus 7 up for grabs! As the day drew to a close, the Egress stand was the centre of attention as Buzz Wire records were beaten time and again, with the leading time finally being set at a mightily impressive 11.09 seconds. But will that be enough to secure the prize? Only time will tell...

Anyway, a great first day – roll on Day Two!

Day Two: Thursday 13th June

Day Two of NISC 2013 got off to a fast start for the Egress Team, with an in-depth briefing from Harvey Mattinson on the risk assessment processes SIROs and accreditors use as part of selecting technology for use in UK Government. This proved a crucial educational session for the team, and it was great to be able to benefit from Harvey’s knowledge and experience.

We then went straight into Tony Pepper’s presentation, entitled:

"Unravelling the myths, misunderstandings and misinterpretations that surround the process of sharing IL3 (RESTRICTED) data with external third parties"

The UK Government is being encouraged to collaborate more effectively in order to deliver greater efficiency and cost-effective services. Yet just one look at the myriad of third parties that government departments have to share information with on a day-to-day basis uncovers a major challenge: How do you share highly sensitive information up to Impact Level 3 (IL3) (RESTRICTED) with organisations that aren’t on accredited networks?

Tony’s presentation reviewed this complex challenge, unravelling many of the myths, misunderstanding and misinterpretations that accompany it, as well as providing insight directly from CESG into the approved ‘Risk Managed Approach’ to sharing IL3 data outside of Government.




The response to the presentation was fantastic, with the Egress stand swamped by interested delegates looking to overcome the same challenge, namely how to securely share information outside their accredited networks. Whether in the Public or Private Sector, this is clearly a common issue.

The afternoon also saw a steady stream of Buzz Wire contenders all attempting to beat the imposing 11.9 seconds posted on Wednesday night – and there was only one question on everyone’s minds: Can anyone successfully rise to the challenge? However as the day closed, the time of 11.9 remained top of the leader board.

The evening’s black tie dinner was a huge success, with delegates and venders networking and reflecting on what had been a very productive and successful two days at NISC so far.

Day Three: Friday 14th June

After two busy and extremely worthwhile days at the event, delegates and vendors alike used the final morning of NISC 2013 to wrap up conversations, as well as to agree key actions and next steps.

On reflection, NISC 2013 was an excellent event. The packed agenda provided focused educational sessions and the calibre of delegates meant that all conversations were focused on active projects that needed to be addressed. In addition, the environment NISC provides allows ideas to be shared and gives organisations the opportunities to find practical solutions to their challenges.Andy Johnson, Nexus 7 winner

In relation to Switch, the common theme when talking to delegates throughout the event was ‘simple yet secure’ information sharing. It doesn’t matter whether you‘re talking to a local authority, a charity or a start-up bank, they all share the same challenge of sharing sensitive information externally in an efficient and cost-effective manner. What they need are practical solutions that align to established business process and integrate with existing infrastructure.

At the lighter-hearted end of things, by Friday no-one had surpassed Wednesday’s Buzz Wire leader. So congratulations to Andy Johnson, who wins a Nexus 7 for his lap time of 11.9 seconds – a worthy winner.

Finally, a big thank you to the organisers of NISC 2013 for delivering such a worthwhile event. A sign of its success is that we’re already putting in place our plans for next year!

Friday, June 7, 2013

The Gateway guardian - a day in the life of an Egress Technical Engineer

James Hinks
Pre-Sales Engineer
Egress Software Technologies Ltd.
One of my favourite jobs as Technical Engineer is visiting our customers, providing pre-sales and technical support, as well as deploying our file and encryption solutions – such as Egress Switch Gateway. Deployment is a particularly exciting point, as by that time, we've worked closely with our customers to understand their individual needs. So it's really nice to be able to see them as they're just about to use the software for the first time.

Meeting customers' needs

When I arrive at a customer's office to deploy Switch Gateway, I normally have a quick briefing meeting with those involved - as well as a very welcome cup of coffee! Then I settle down to the business of deployment.

Firstly, I help to configure the mail filtering/scanning product. Customers never want all of their emails to go through Switch Gateway - there's simply no need, as not every email requires encryption. I set up the system so that, for outbound emails, those tagged for encryption or those that policy indicates need encrypting are sent to Switch Gateway. Similarly for inbound emails, only the ones that are encrypted need to be routed through Switch Gateway for decryption. Having worked with so many third party products, I've become very familiar with how different systems work – and, admittedly, I even have my favourites!

Simple installation 

Once the mail filtering/scanning product has been configured, the actual install of Switch Gateway comes next. The main benefit of Switch Gateway is that it does all the hard work for you – once it's deployed based on an organisation's individual security policy, it works in the background to seamlessly encrypt emails.

For me, this means that every deployment is different.

The first step is to configure the server, ensuring pre-requisite roles and features are installed. A large part of this relies on SMTP, so my next job is to make sure the SMTP servers are locked down appropriately and route to the next hops securely.

Finally comes the installation of the Switch Gateway server itself. During this process, I'll consult with the customer on various points – for example, domains that specify whether or not an email needs encrypting.

Delivering a working solution


Once Switch Gateway has been installed, I run tests to make sure that it's all working properly and in accordance with the customer's security policy. As part of this, I ensure that emails are being routed through Switch Gateway when they should be and whether they're being encrypted correctly based on customised policies. After this is done, I can then carry out some advanced processes, such as domain-based routing – for example, if an email has to be sent to both a secure and an unsecure domain, then Switch Gateway can be set up to only encrypt the email going to the unsecure domain, while the other one is passed down the relevant route.

When I'm finished with the deployment, I'll have another meeting with the relevant people to quickly discuss any next steps that need to be taken, such as user training materials and getting users set up with their Switch IDs/passwords. Generally, the most successful deployments are on the accounts that publicise a lot of material for both internal users and, most importantly, their customers. Since we have so much experience with this, it is important that we pass on our knowledge and best practice to the customers.

I would definitely say that deployment is one of the most enjoyable parts of my job. I've travelled all round the country doing it, and as our customers represent a wide range of businesses across all sectors, I get to meet a real variety of people. What I love most is seeing how what I do helps our customers to get on with what they do – even though, by the nature of the product, it's often just a feature in the background.