Consolidated Email Hygiene and Encryption Service E-Hub Slide 1
Agenda E-Hub Service Overview E-Hub Benefits & Features E-Hub Rates and Implementation Microsoft FOPE Overview Demo Questions Slide 2 2
OTECH E-HUB SERVICE OVERVIEW Slide 3
Current Environment E-mail hygiene a variety of solutions are in production throughout the state Inter-departmental e-mail is exposed to the public Internet (sent clear text) E-mail is scanned as potential spam at each department No consistent e-mail audit capabilities exist to monitor confidential and inappropriate e-mail transmissions by state employees (i.e. SSN, HIPPA & credit card data) No consistent e-mail encryption solution in the state for sending confidential information to citizens, businesses and partners Slide 4
E-Hub Purpose Secure and protect the State s inbound, outbound, and inter-departmental e-mail by implementing a highly available e-mail hygiene solution with a rich tool set and additional capabilities including e-mail encryption and content filtering while preserving departmental autonomy to create and manage email security and compliance policies. Slide 5
E-Hub Workshop Participants Slide 6 6
E-HUB BENEFITS AND FEATURES Slide 7
E-Hub Benefits Establish base level e-mail security settings to protect all state e-mail systems Consistent security practices that will improve incident response Compliance with regulations such as HIPPA, FTI, and PCI-DSS Statewide reporting capabilities on e-mail volume as well as agency level reporting Slide 8
E-Hub Functions E-mail Hygiene (anti-spam & anti-virus) Inter-departmental e-mail no longer traverses the public Internet in clear text E-mail content filtering capability Outbound e-mail encryption service as an option Slide 9
E-HUB RATES AND IMPLEMENTATION Slide 10
E-Hub Rates Hygiene $0.56 Hygiene with ECAL * $0.13 Encryption (optional) $1.08 Rates are per mailbox per month Encryption is an add on to Hygiene * Rate if agency holds a Microsoft Enterprise Client Access License (ECAL) Slide 11 11
OTech Internal Process for Customer Migration to E-Hub Slide 12
MICROSOFT FOPE OVERVIEW Slide 13
Messaging Environment What our customers are telling us Protect against external threats Over 90% of e-mail is junk Many companies struggle to stay ahead of threats Meet organizational governance requirements Avoid penalties for breach of compliance Legal discovery increasingly used as a weapon Focus on strategic IT initiatives Competency in anti-malware does not create a competitive advantage
Online Services Help Meet Email Challenges it is time for organizations to explore how a software-plus-services strategy can help them be better at and smarter about running their businesses. IDC, Microsoft Online Services: Giving Businesses a New Choice for Productivity Tools, July 2008 15
Microsoft Exchange Hosted Services Real-time threat prevention Layered anti-spam and antivirus Customized policy enforcement Gateway, policy-based e-mail encryption No public and private key management Full e-mail encryption
Forefront Online Protection for Exchange Multilayer spam and virus protection and policy enforcement External Senders / Recipients Legitimate E-mail Edge Blocking Antivirus Policy * Encryption Anti-spam Inbound Filtered E-mail Corporate Network Exchange Server EHS Directory Synchronization Tool Active Directory Junk E-mail Outbound Filtered E-mail About 90% of E-mail is junk Administrator Console End User Quarantine Messaging Administrator Employees * Requires additional Exchange Hosted Encryption License Also incorporates technology from
FOPE Encryption Policy-based e-mail encryption for the enterprise: Corporate Network TLS Encrypted E- mail Global Data Center Network Filtering Managed Anti-Virus Managed Anti-Spam Policy Enforcement Encrypt Rule Gateway Encryption Server Key Server Secure Reply via ZDM I N T E R N E T Recipient Network Policy-based encryption from sender to recipient - Policy-based encryption consistently and automatically encrypts messages at the gateway based on policy rules. IBE Technology uses a common ID for Public Key Web-based decryption and encrypted replies - The Zero Download Messenger enables Web-based decryption and encrypted replies for any recipient of encrypted messages with no end user training or software installation.
Identity-Based Encryption (IBE) Breakthrough in Cryptography IBE - proposed 20 years ago as next generation encryption In 1984 Adi Shamir, co-inventor of the RSA Algorithm, challenged cryptographers to invent IBE IBE solution is created 2 decades later in 2001 Research funded by DARPA (DoD research) Boneh-Franklin Algorithm published at Crypto 2001 An award-winning breakthrough in security and usability Industry acceptance Over 1000 scientific publications on IBE/Pairings Dan Boneh awarded 2005 RSA Conference Award for Mathematics Standardization Efforts IBE being standardized by IEEE 1363.3 Invited by IETF to form new extension to S/MIME Voltage Toolkit FIPS 140-2 certified; Common Criteria EAL2 certified (one of the only secure email solutions to have this)
The Secret Sauce : Identity-Based Encryption Basic Idea: Public-key Encryption where Identities are Public Keys IBE Public Key: alice@corp.com RSA Public Key: Public exponent=0x10001 Modulus=13506641086599522334960321627880596993888147 560566702752448514385152651060485953383394028715 057190944179820728216447155137368041970396419174 304649658927425623934102086438320211037295872576 235850964311056407350150818751067659462920556368 552947521350085287941637732853390610975054433499 9811150056977236890927563
How IBE Works in Practice: Alice Sends a File or Message to Bob Key Server key request + authenticate bob@corp.com alice@corp.com bob@agency.gov
Forefront Online Protection for Exchange SLAs FOPE provides a comprehensive set of SLAs covering network performance and spam and virus filtering effectiveness Each SLA is backed by a financial commitment from Microsoft Spam and Virus Filtering Effectiveness 100% Virus Protection 98% Spam Detection 1:250,000 False Positive Ratio Against all known e-mail viruses Of all inbound e-mails Filtering Network Performance 99.999% Network Uptime Rapid E-mail Delivery (Average delivery commitment of less than 1 minute) *Terms and conditions apply. Please visit http://go.microsoft.com/fwlink/?linkid=138884 Please contact your reseller or Microsoft Account Manager if you wish to view terms or have questions prior to signing up for the service.
Global Network Infrastructure Network infrastructure helps deliver reliability and scalability Services provisioned across a global network infrastructure Fully redundant and load-balanced architecture Scalability to handle all message volume variations Processes 2-4 billion e-mails on average per day E-Hub traffic routed through US data centers only
E-Hub Statewide Policies
E-Hub Statewide Service Settings
So How Well Does It Work? Total Messages Inbound: 10,218,225 Delivered: 1,576,010 (15%) Spam: 8,642,215 (85%) Blocked at Edge (DirSynch): 278,334 File Scanned: 1,587,726 Virus: 3,047 (.03%) Quarantined: 1,221 (.01%) Total Message Volume in GB s: 263 GB s
Lessons Learned Make sure you work with your IPM to implement your initial policies Do bring your policies from existing on premise email hygiene systems Don t bring your white & black lists, let the service work first and then determine if you need to add allow or reject exceptions If you have Microsoft Premier Support make sure you notify your TAM that you re moving to EHUB
Slide 28
Questions? For answers to additional questions related to the E-Hub contact your OTech Customer Service Representative to schedule a meeting. Customer Delivery Division info@state.ca.gov (916) 454-7225 Slide 29