I received the email below from a public sector entity we work with, who are maintaining that for "security reasons" they now send out certain documents as encrypted .exe files, which they expect our users to unpack themselves. Notwithstanding that a) the IronPort isn't particularly keen on letting executable attachments through, b) our Application Management solution won't execute anything that isn't owned by Administrators, and c) our whitelist GPO won't execute anything that doesn't match one of its hash rules, this sort of approach seems a little, well, archaic to me. The best bit is, they are sending the password for the encrypted executable to our users via a plain-text, unencrypted email, so the security is more or less worthless anyway.
My question is, how do other people handle transmission of encrypted data to users who work in a locked-down environment? We use the IronPort's built-in encryption features to handle our user's requirements to *send *sensitive data, but I'm looking for something to work the other way. I can only assume there are far better ways than sending out executable files via email, so I am looking for some real-world solutions. I *could* ratchet down our end-user security to allow these through, but I'd sooner propose something else that allows me to keep it in place. TIA, JRR ---------- Forwarded message ---------- From: James Rankin <james.ran...@4hg.co.uk> Date: 12 May 2010 10:49 Subject: FW: Encrypted files. To: "kz2...@gmail.com" <kz2...@gmail.com> I understand from xxx that there has been a request from xxxxxxxxxxx that the landlord schedules are not sent as .exe files, unfortunately we are unable to send any information out externally relating to xxxxxxxxxxxxxxxxxxxx unless it has been encrypted. This is xxxxxxxxxxx policy I'm afraid, we did used to zip the files and password protect them but this has been deemed not secure enough. Apologies for any inconvenience this may cause to yourselves when you receive the file but as stated previously the current way we send the files is now standard xxxxxx practice. Thanks. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~