+1 Exactly the way we have our Zix set up. (even the same keyword)
Jim Holmgren Senior Manager, Infrastructure Services XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com -----Original Message----- From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Tuesday, February 01, 2011 1:24 PM To: MS-Exchange Admin Issues Subject: RE: Question around forcing mail encryption We went with Zix for our email encryption. Set up and running in less than 4 hours; appliance based. It has scanning templates for HIPPA, Personal Info, Sox. You can also create your own. Users can force encryption by typing a certain word in the subject line. In our case, it's SECURE. Paul Chinnery Network Administrator Memorial Medical Center 231-845-2319 -----Original Message----- From: Scott Pease [mailto:spe...@sapient.com] Sent: Tuesday, February 01, 2011 1:14 PM To: MS-Exchange Admin Issues Subject: Question around forcing mail encryption Hi there! Long time lurker, been a while since I've posted however... We're being asked to look at how to force encryption for outbound mail traffic more so than we do today. Current environment is Exchange 2007 SP1, moving to SP3 "soon". Client mix covers everything from OL2003 up through OL2010, as well as all the usual suspects on the Mac side (Entourage / Entourage Web Services / Outlook 2011 "early adopters"). A handful of our folks do use PGP desktop client to encrypt individual messages, and we do leverage opportunistic TLS, and force mutual TLS with certain domains as well, server side. There is growing concern about messages being forwarded outside of our environment (and control) that are not encrypted. The desire is to have a capability to encrypt some (or all) of the outbound email. While client side solutions for PGP or S/MIME do work, given what we're being asked to do my preference would be to leverage a gateway product if possible, where we could enforce encryption based on configured policy settings, keyword hits, etc. Thought process being that if we leave this in the hands of the "end user", encryption of messages is still a behavioral issue that we'll likely not solve; if we can isolate things and handle the encryption based on a set of policies and such at the gateway level, we have much less risk of a "lazy user" who habitually neglects to encrypt "sensitive" messages (for example). I've come across both the PGP Universal Gateway and the SecurExchange offering in the past, but don't have a preference (or a favorite, or experience with either). In the next several months we will also be doing a fairly aggressive global upgrade to our UC infrastructure to Exchange 2010 and Lync 2010 server. Again, the preference would be that IF we have to invest in something now, it is something we can leverage in that future state in some manner (at a minimum should be compatible or support upgrade to Ex2010 versions!). I'm hoping that all of you can offer any insight or thoughts around this; I'm sure we're not the only enterprise that's decided to tackle this particular issue, so I'm hoping to leverage the collective hive mind and see if there are any other amazing products we're missing, or any tips, ideas, thoughts, challenges, gotchas, or anything else to keep in mind that y'all can share. I'm particularly interested in any product recommendations that we could add to our short list of potential vendors, or thoughts either way if one is clearly much better than others (or clearly much worse, natch!). Thanks in advance! Scott --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist