ZixCorp EMail Encryption
-
My bank uses them.
-
yeah, As Scott says, it's not really email. It's a notification service for their secure website. Those who buy into the product can integrate it with their email system, but those they are sending to who do not subscribe, those people just get a link to the paying customer's website to create a logon so they can retrieve a secure message. What's completely broken in this situation - the first message sent to the non subscribing receiver, it's sent completely in the clear, and anyone intercepting it can create the logon themselves. System admins of the receivers can impersonate their corporate employees and send password resets and then gain access.
I suppose it's better than nothing, but it's really not that good.
If you want real security, you have to use something like GPG or PGP or an end to end secure chat like Telegram CAN offer, but isn't the default.
-
@aaronstuder said in ZixCorp EMail Encryption:
My bank uses them.
I suppose it's one step up from faxing.
-
@Dashrender said in ZixCorp EMail Encryption:
@aaronstuder said in ZixCorp EMail Encryption:
My bank uses them.
I suppose it's one step up from faxing.
Definitely at least one step better than fax.
-
@Dashrender said in ZixCorp EMail Encryption:
If you want real security, you have to use something like GPG or PGP or an end to end secure chat like Telegram CAN offer, but isn't the default.
The security on Zix is good, the ease of use is not.
-
But, I did not get a link.
I just get something that says "secured by..." which makes it seem like it is something it is not.
-
@BRRABill said in ZixCorp EMail Encryption:
But, I did not get a link.
I just get something that says "secured by..." which makes it seem like it is something it is not.
did you see the actual contents of the email?
-
@BRRABill said in ZixCorp EMail Encryption:
But, I did not get a link.
I just get something that says "secured by..." which makes it seem like it is something it is not.
Huh? You got an "email" that was secured? Can you forward that to me? What are you opening it in?
-
Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.
-
@Dashrender said in ZixCorp EMail Encryption:
Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.
So the email is unsecured? What's the point?
-
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.
So the email is unsecured? What's the point?
This just depends on how you look at it.
Let's assume both sender and receiver have Exchange. Assuming both are using secure connections between their email client and the Exchange server (default for Outlook). The email is send securely to Exchange, which is sent securely to the local/sender Zix black box, which is sent securely to the receiver's Zix black box, which is sent securely to the receiver's Exchange server, which is send securely to the receiver's Outlook.
Of course, the admin of either side can normally see all of the email on their own systems if needed - so is that what you mean by not secure?
-
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.
So the email is unsecured? What's the point?
This just depends on how you look at it.
Let's assume both sender and receiver have Exchange. Assuming both are using secure connections between their email client and the Exchange server (default for Outlook). The email is send securely to Exchange, which is sent securely to the local/sender Zix black box, which is sent securely to the receiver's Zix black box, which is sent securely to the receiver's Exchange server, which is send securely to the receiver's Outlook.
Of course, the admin of either side can normally see all of the email on their own systems if needed - so is that what you mean by not secure?
Right, Exchange has X security to begin with. We presume that the goal of Zix is to add more security. But nothing more is added. The places where Exchange is secure remain secure and the places where it is not, remain insecure (the resting mailbox storage.) So other than milking the coffers, what is Zix even doing here? It appears to do literally nothing. In any situation where you have Exchange and Zix, you have end to end encryption of the transport as an option already without Zix.
-
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.
So the email is unsecured? What's the point?
This just depends on how you look at it.
Let's assume both sender and receiver have Exchange. Assuming both are using secure connections between their email client and the Exchange server (default for Outlook). The email is send securely to Exchange, which is sent securely to the local/sender Zix black box, which is sent securely to the receiver's Zix black box, which is sent securely to the receiver's Exchange server, which is send securely to the receiver's Outlook.
Of course, the admin of either side can normally see all of the email on their own systems if needed - so is that what you mean by not secure?
Right, Exchange has X security to begin with. We presume that the goal of Zix is to add more security. But nothing more is added. The places where Exchange is secure remain secure and the places where it is not, remain insecure (the resting mailbox storage.) So other than milking the coffers, what is Zix even doing here? It appears to do literally nothing. In any situation where you have Exchange and Zix, you have end to end encryption of the transport as an option already without Zix.
Well it doesn't do litterally nothing - it scans the out going messages and prevents data that is identified as protected from being transmitted over an unencrypted line to an outside party (i.e. another email server). If both parties have Zix, there is 'nothing' to worry about the data is sent between the two customers through Zix encryption over the internet, but, if one side doesn't have Zix, then it sends the receiptiant an email telling them to log into the web portal for delivery of the message.
-
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.
So the email is unsecured? What's the point?
This just depends on how you look at it.
Let's assume both sender and receiver have Exchange. Assuming both are using secure connections between their email client and the Exchange server (default for Outlook). The email is send securely to Exchange, which is sent securely to the local/sender Zix black box, which is sent securely to the receiver's Zix black box, which is sent securely to the receiver's Exchange server, which is send securely to the receiver's Outlook.
Of course, the admin of either side can normally see all of the email on their own systems if needed - so is that what you mean by not secure?
Right, Exchange has X security to begin with. We presume that the goal of Zix is to add more security. But nothing more is added. The places where Exchange is secure remain secure and the places where it is not, remain insecure (the resting mailbox storage.) So other than milking the coffers, what is Zix even doing here? It appears to do literally nothing. In any situation where you have Exchange and Zix, you have end to end encryption of the transport as an option already without Zix.
Well it doesn't do litterally nothing - it scans the out going messages and prevents data that is identified as protected from being transmitted over an unencrypted line to an outside party (i.e. another email server). If both parties have Zix, there is 'nothing' to worry about the data is sent between the two customers through Zix encryption over the internet, but, if one side doesn't have Zix, then it sends the receiptiant an email telling them to log into the web portal for delivery of the message.
Okay, but you should not rely on Zix to determine what needs to be secure, right? Just make everything secure and then the Zix appliance is pointless. Seems like a lot of money (it's not cheap, right?) and effort and cumbersome when just setting Exchange to TLS only will do a better job more reliably?
-
Yes making Exchange only send via TLS would be one option to make Zix pointless. The only thing of concern is what about any email domains you send to that don't support TLS connections - this might be a non issue, it might be a huge one, no way to know until you try I guess.
-
@Dashrender said in ZixCorp EMail Encryption:
Yes making Exchange only send via TLS would be one option to make Zix pointless. The only thing of concern is what about any email domains you send to that don't support TLS connections - this might be a non issue, it might be a huge one, no way to know until you try I guess.
Well a couple of things there...
- If you run into issues, tell those people to turn on security as it is obviously an issue.
- Do you want to be communicating with people when things are not secure?
- Generally this is not a problem at all; all major email systems are secure.
-
I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?
-
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
Yes making Exchange only send via TLS would be one option to make Zix pointless. The only thing of concern is what about any email domains you send to that don't support TLS connections - this might be a non issue, it might be a huge one, no way to know until you try I guess.
Well a couple of things there...
- If you run into issues, tell those people to turn on security as it is obviously an issue.
- Do you want to be communicating with people when things are not secure?
- Generally this is not a problem at all; all major email systems are secure.
Most hospitals don't use major email systems (nor do clinics of any size).
Do I want to be communicating with people when they aren't secure? I'm faxing so I guess the answer is, yes, yes I do want to communicate when it's not secure.
I can tell someone until I'm blue in the face, I can't force them to do anything about it. -
@scottalanmiller said in ZixCorp EMail Encryption:
I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?
Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.
-
@Dashrender said in ZixCorp EMail Encryption:
Most hospitals don't use major email systems (nor do clinics of any size).
So are you saying....
- That they run their own and secure it?
- Are insecure and don't protect patient data?
- Don't run their own email and use little mom and pop shops?