Who are the recipients? What is the state committe looking at, exactly? What kind of committee is it, is it legislative looking to create a law?
My opinion is this, if your requirements are to be defined by this state committe, you're jumping the gun a bit. Our experience was that secure email to a diverse group of recipients in our case would've been difficult in the least, and likely just not possible given our resources. Ultimately, we went with a portal that allowed clients to authenticate with their email address and a self-defined password for their credentials, accessing only the information we provide. That may or may not work in your case. On Fri, Mar 4, 2011 at 12:30 PM, Tom Miller <[email protected]> wrote: > Good points. The message contents need to be encrypted since they will > house patient/clinical/financial information. Not sure about signed. If we > do TLS on the gateway, then server-to-server communications would be > encrypted. > > I can't say too much else about requirements, since there is a state > committee looking into this and I thought I'd ask your opinions. But we do > need something that will be fairly easy for the sender and recipient, fairly > easy to configure and manage. And something that isn't "Exchange-centric", > for example. > > Tom > > >>> "Andrew S. Baker" <[email protected]> 3/4/2011 12:10 PM >>> > Please define "secure email". > > Does individual messages need to be encrypted? Do messages just need to be > signed? Does server-to-server communications need to be encrypted? > > There are lots of ways to do this, and depending on your requirement, this > can be a breeze (use TLS between servers) or ridiculously complicated (PGP > between clients) or somewhere in between (TLS + S/MIME) > > > *ASB *(Find me online via About.Me <http://about.me/Andrew.S.Baker/bio>) > *Exploiting Technology for Business Advantage... > > * > > > > On Fri, Mar 4, 2011 at 8:35 AM, Tom Miller <[email protected]> wrote: > >> I'm looking for suggestions on secure e-mail. I have a Barracuda which can >> do some sort of verification, but I don't think that's what is needed. Like >> agencies in my state are looking for secure e-mail options so we can send >> clinical data to each other. I'd prefer something that is autonomous to >> whatever e-mail system is used, since other agencies may be Exchange or >> other e-mail products. We don't use Exchange here. >> >> Suggestions appreciated. >> >> Tom >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > Confidentiality Notice: This e-mail message, including attachments, is > for the sole use of the intended recipient(s) and may contain confidential > and privileged information. Any unauthorized review, use, disclosure, or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
