+1 for PGP, look at there PGP universal product if you want to take it all the way, and end-point encryption etc etc, looked like a sweet platform, and has been presented on in my chapter of NAISG ( Boston), I am sure there are others in this space that can help with the management of SMIME, also look into ZIXCORP and IRONPORT for email encryption of sensitive PII/PHI going outbound to others ( Using a secured vault) to get the information, we have used these in the past to good effect to cover that avenue (Non-Profit here also)
Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + [email protected] Phone:401-639-3505 ________________________________ From: Don Ely [mailto:[email protected]] Sent: Tuesday, June 16, 2009 11:25 PM To: NT System Admin Issues Subject: Re: HIPPA help PGP desktop if you're talking 2 users... PGP Enterprise if you want to globally control policies... On Tue, Jun 16, 2009 at 7:45 PM, Ralph Smith <[email protected]> wrote: Your description sounds just like my situation, so I am very interested to see how others respond to your message. Right now I have two of our HR people set up with certificates generated in house, so they can send encrypted messages from Outlook. The pain is having to exchange certificates with their recipients, so they don't like it. I looked at a couple of the paid solutions, but they seemed to be overkill or too expensive for us (non-profit). One solution I did look at also that was affordable was Comodo SecureEmail (http://www.secure-email.comodo.com/features.html). It lets you send encrypted messages, and gives the recipient the option of reading the message at a secure web site with a 'session certificate', so no exchange of certificates is required. The problem is that although it integrates with Outlook it only works with POP3, SMTP and IMAP - no MAPI, so it doesn't work for us well in our Exchange environment. The next release is supposed to fix this, but it is in Alpha, so I'm waiting. Ralph ________________________________ From: Bob Fronk [mailto:[email protected]] Sent: Tuesday, June 16, 2009 3:40 PM To: NT System Admin Issues Subject: HIPPA help I am in the middle of a HIPPA compliance review. One of the consultants is suggesting that all our email be encrypted because it may contain HIPPA related information. There might be 2 people that ever would be emailing anything that could be considered HIPPA related. We are not a medical company and the only correspondence would be between maybe insurance companies and our HR people. Just curious what those of you that deal with this on a regular basis suggest... Thanks. - Bob Fronk P Please print only as needed. Confidentiality Notice: ****************** This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
