© Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and...
-
date post
19-Dec-2015 -
Category
Documents
-
view
215 -
download
2
Transcript of © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and...
![Page 1: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/1.jpg)
© Copyright 2004 PostX. All rights reserved.
Ruth Colombo
April 29, 2004
New Developments and Opportunities in Secure Messaging
![Page 2: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/2.jpg)
w h y s e c u r e m e s s a g i n g ?
![Page 3: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/3.jpg)
t h e i n i t i a l p r o b l e m
» the challenge• secure individual emails• limited set of recipients
» the solution• s/mime and pki
![Page 4: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/4.jpg)
s / m i m e
» the promise – one set of credentials• send encrypted messages• authenticate sender• verify message integrity
» the problems• complicated• cumbersome• interoperability problems• not built into web-based email
» yahoo!, hotmail, aol
» the net effect• limited adoption
![Page 5: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/5.jpg)
Cathy Graeber, Forrester
…every time we’ve asked consumers this question, and then as CheckFree asked it again, when we say “Where do you want to receive your bills?” we only have 6% of consumers that pick the bank, and we listed a lot of options for them. And over 75% say they prefer email delivery.
where consumers want to view their statements and bills
Source: Bank Technology News April 2002
a n d t h e p r o b l e m g r e w
web site16%
email76%
bank aggregation
6%
other2%
![Page 6: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/6.jpg)
a n d p r i v a c y m a t t e r e d
» hippa
» gramm-leech-bliley
» california sb-1386
» pipeda
» european data directive
![Page 7: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/7.jpg)
a l t e r n a t i v e : p r o p r i e t a r y ‘ p u s h ’
» advantages• less complicated• no certificate problems
» problems• required software at recipient• limited client support
» operating systems» email platforms
• too cumbersome» net effect
• limited adoption
![Page 8: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/8.jpg)
a l t e r n a t i v e : w e b - b a s e d ‘ p u l l ’
» advantages• reach anyone with a web-browser
» problems• usability on recipient side
» receive
• resource burden on host side» storage and bandwidth capacity» 24x7 availability
» net effect• limited adoption
![Page 9: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/9.jpg)
w e b - b a s e d ‘ p u l l ’ t h e e x p o s u r e
![Page 10: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/10.jpg)
s e c u r e e m a i l : t h e n e x t g e n e r a t i o n
» recipient requirements• no recipient software• 100% reach• easy to use
» sender requirements• easy to manage• message types
» point-to-point ad hoc» automatically generated
• security model alternatives• authentication model choices• scalable enterprise solution
![Page 11: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/11.jpg)
c r e a t e , m a n a g e , & d e l i v e r s e c u r e l y
![Page 12: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/12.jpg)
» compose content-rich communications• statements, invoices, notifications• source data from multiple sources
» integrate with customer-communication applications
» insert targeted marketing messages» provide image and print fidelity
• offline & on-line» use flexible templating engine
c r e a t i o n c a p a b i l i t i e s
![Page 13: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/13.jpg)
d e l i v e r y c a p a b i l i t i e s
» no client software required» all platforms
• windows, mac, unix, linux» all email systems
• exchange, notes, yahoo!, hotmail, aol, etc.
» online and offline
![Page 14: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/14.jpg)
u n i q u e d e l i v e r y m e t h o d s
» push delivery• postx envelope™
» postx offline envelope» postx registered envelope
• s/mime» pull delivery
» postx websafe
» secure reply™
![Page 15: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/15.jpg)
m a n a g e m e n t c a p a b i l i t i e s
» server administration• communications• web-facing components• policy engine rules• tracking levels
» message management• manual or rules-based message locking• rules-base response to delivery failure or
bounce-back• tracking and reporting engine
» s/mime• automated certificate harvesting and
distribution
![Page 16: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/16.jpg)
c a s e s t u d y – c h a r l e s s c h w a b
challenge
» satisfy customers » reduce costs» differentiate service
requirements
» 100% reach» no client software required» offline viewing» high-value content
alternatives
» website “pull”» pdf “push”» postx activeSTATEMENTS
results
» savings: $120 / customer / yr
» profit: $275 / customer / yr
» net $395 / customer / yr
![Page 17: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/17.jpg)
c a s e s t u d y – c h a r l e s s c h w a b
1. Pull 401k data from internal systems
3. Retrieve advice data from Morningstar
4. Create personalized, dynamic statements
6. Track and manage secure statement delivery
5. Secure in PostX envelope
6. Deliver offline statements with image and print fidelity
2. Combine with print stream data
![Page 18: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/18.jpg)
c a s e s t u d y – j p m o r g a n c h a s e
challenge
» satisfy customers» coordinate 7 lobs » reduce phone costs» comply with legislation
requirements
» online message center» single sign-on integration» dynamic inquiry forms» accurate routing
resultsalternatives
» internal development» custom contract» postx activeENTERPRISE
» faster response» reduced cost» “gold standard”
livermore research» “#1 reuse application”
JPMC CIO
![Page 19: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/19.jpg)
c a s e s t u d y – j p m o r g a n c h a s e
2. Integration with the bank’s single sign-on system provides ease-of-use and ensures security.
6. All secure communication is tracked and managed through PostX Platform
4. CSRs receive inquiry and respond via WebSafe
5. Responses are delivered and stored in customers secure inbox
1. Customers initiate a secure account inquiry to any of the 7 retail banking lines of business.
3. PostX pulls customer data from multiple systems and routes completed query to correct line of business.
![Page 20: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/20.jpg)
c a s e s t u d y – j p m o r g a n c h a s e
» secure online message center• provides “yahoo-like”
functionality
» message retrieval activity tracking
» manual or rules-based message expiry
• e.g., after 6 weeks
» customer-initiated secure inquiry support
![Page 21: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/21.jpg)
c a s e s t u d y – m a y o c l i n i c
challenge
» comply with hipaa» secure point-to-point email» satisfy patients, providers,
researchers, payors
requirements
» no client software required» seamless email integration» automated enrollment
process
resultsalternatives
» s/mime » asp hosted solution» postx trustedMESSAGING
» automated ‘standard’ encryption
» one-click ‘designated’ encryption
» secure external replies
![Page 22: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/22.jpg)
c a s e s t u d y – m a y o c l i n i c
2. PostX integrates with Mayo’s existing Outlook email infrastructure
1. Mayo healthcare professionals use SecureDirect to pro-actively encrypt sensitive documents
5. PostX manages and tracks delivery of secure messages
3. Encrypted messages are secured and delivered in PostX envelopes
4. Recipients can open and view encrypted messages without installing software
![Page 23: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/23.jpg)
c a s e s t u d y – a t & t w i r e l e s s
challenge
» reduce costs» drive top-line revenue» differentiate service
requirements
» 100% reach» no client software required» offline viewing» targeted upsell offers
resultsalternatives
» website “pull”» pdf “push”» postx activestatements
» rapid customer adoption» reduced billing costs» fast ROI
![Page 24: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/24.jpg)
c a s e s t u d y – a t & t w i r e l e s s
1. Pull customer data
4. Create personalized statements with embedded links to website.
7. Manage and track delivery of secure statements
5. Encrypt and secure statements in PostX envelopes
6. Deliver offline statements with image and print fidelity
2. Billing data
3. And marketing data
![Page 25: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/25.jpg)
t h e n e x t c h a l l e n g e :
s p o o f i n g & p h i s h i n g
![Page 26: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/26.jpg)
s i z e o f t h e p r o b l e m
number description source
$50 billion yearly cost of identity theft in the us ftc
600 hoursindividual time spent recovering
from identity theftidentity theft resource
center
500% identity theft growth in 3 years public interest research
group
50%financial services consumers
fearing identity theftforrester research
3%estimated number of people who
actually report fraud to ftcftc
![Page 27: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/27.jpg)
2 0 0 3 U S A c o s t s
Source: FTC, Top 10 Fraud 2003
new accounts & other frauds
misuse of existing accounts (both credit card & non-credit card)
all id theft
number of people 3.23 million 6.68 million 9.91 million
average loss per victim
$10,200 $2,100 $4,800
total losses $32.9 billion $14 billion $47.6 billion
hours spent resolving per victim
60 hours 15 hours 30 hours
total hours spent resolving
194 million hours
100 million hours297 million
hours
![Page 28: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/28.jpg)
t h e b a i t
http://205.214.89.85/ebay.htmlwww.citibank.com:ac%398HAAA9UWDTYAZJWVWAAAA9pYWwgc2l6ZT00PjxTVgc2l6ZT00PjxT3Aac%398HAAA9UWDTYAZJWVWAAAA9pYWwgc2l6ZT00PjxTVgc2l6ZT00PjxT@211.155.234.84
» spoofing the email headers» stealing the enterprise brand» compelling event
![Page 29: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/29.jpg)
t h e h o o k
fraudulent sitelegitimate site
» cloned web site» stealing the enterprise brand
![Page 30: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/30.jpg)
e n t e r p r i s e a l e r t i n g s e r v i c e s
examples
» brightmail
» cyota
» cyveillance
» envisional
valueserves as an early warning system by monitoring web sites and e-mail traffic
drawbacks» reactive – doesn’t actually stop phishing, just helps you
know that it’s happening early in the attack cycle
» only notifies target organizations, not their customers
![Page 31: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/31.jpg)
examples » postx
value
» allows e-mail gateway and client to determine whether message is from purported sender
» framework can be potentially expanded to provide message privacy (encryption)
drawbacks» customer’s email client needs to support it
» customers must be trained to look for validation
e m a i l v e r i f i c a t i o n
![Page 32: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/32.jpg)
examples
» spf: dns registration (aol)
» caller-id: dns registration (microsoft)
» lmap: (ietf)
» domain keys: yahoo!
valueallows e-mail gateway to determine whether message is from purported sender
drawbacks
» customer’s gateway needs to support it and provide mechanism for passing status to customer
» timeframe for adoption and standardization
» no industry agreement on which method to use
» potential incompatibility with e-mail forwarding services
s e n d e r v a l i d a t i o n
![Page 33: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/33.jpg)
examples» passmark
» geotrust
valueallows customer to determine whether web site is registered
drawbacks
» customers must be trained to look for validation
» customers must maintain records or knowledge of what is an authentic validation versus a spoofed validation
» isn’t proactive to prevent spoofed email forms and customer knowledge of the risks
w e b s i t e v e r i f i c a t i o n
![Page 34: © Copyright 2004 PostX. All rights reserved. Ruth Colombo April 29, 2004 New Developments and Opportunities in Secure Messaging.](https://reader035.fdocuments.in/reader035/viewer/2022062714/56649d365503460f94a0ec84/html5/thumbnails/34.jpg)
© Copyright 2004 PostX. All rights reserved.
Ruth ColomboPostX Corporation408-861-3567 (office)415-595-6643 (cell)[email protected]