I feel your pain. MOST of our partners are OK with using TLS between our mail servers...but there is one that requires us to burn whatever.file to a CD in SDA format and overnight it to them.
We send CDs to one particular person (presumably the only person there that can handle decrypting a file with a key) and follow up the shipment with the decrypt key via email. Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com From: James Rankin [mailto:[email protected]] Sent: Wednesday, May 12, 2010 5:57 AM To: NT System Admin Issues Subject: Fwd: FW: Encrypted files. I received the email below from a public sector entity we work with, who are maintaining that for "security reasons" they now send out certain documents as encrypted .exe files, which they expect our users to unpack themselves. Notwithstanding that a) the IronPort isn't particularly keen on letting executable attachments through, b) our Application Management solution won't execute anything that isn't owned by Administrators, and c) our whitelist GPO won't execute anything that doesn't match one of its hash rules, this sort of approach seems a little, well, archaic to me. The best bit is, they are sending the password for the encrypted executable to our users via a plain-text, unencrypted email, so the security is more or less worthless anyway. My question is, how do other people handle transmission of encrypted data to users who work in a locked-down environment? We use the IronPort's built-in encryption features to handle our user's requirements to send sensitive data, but I'm looking for something to work the other way. I can only assume there are far better ways than sending out executable files via email, so I am looking for some real-world solutions. I *could* ratchet down our end-user security to allow these through, but I'd sooner propose something else that allows me to keep it in place. TIA, JRR ---------- Forwarded message ---------- From: James Rankin <[email protected]> Date: 12 May 2010 10:49 Subject: FW: Encrypted files. To: "[email protected]" <[email protected]> I understand from xxx that there has been a request from xxxxxxxxxxx that the landlord schedules are not sent as .exe files, unfortunately we are unable to send any information out externally relating to xxxxxxxxxxxxxxxxxxxx unless it has been encrypted. This is xxxxxxxxxxx policy I'm afraid, we did used to zip the files and password protect them but this has been deemed not secure enough. Apologies for any inconvenience this may cause to yourselves when you receive the file but as stated previously the current way we send the files is now standard xxxxxx practice. Thanks. CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
