official publication of the washington bankers association - Media ...

Serving The Needs Of Washington Bankers Since 1889
Information Privacy and Legal Compliance for Your Email Communications
What You Need to Know About
Email Encryption and Archiving
by John Pelley, CISSP, ISSAP, MBCI, Redhawk Network Engineering, Inc.
Build Trust in Your Email Communications with
Email Encryption
Assure your clients, partners, and employees that emails tagged to contain
sensitive data will not be visible to prying eyes. Today’s email encryption
technology provides an easy-to-use secure communication channel to
encrypt both outgoing email and replies, even if your recipient doesn’t have
an encryption strategy in place.
Email encryption in the market today includes onsite appliances that
your organization can self-manage. The latest industry direction involves
outsourced, cloud-based solutions or Software-as-a-Service (SaaS) email
encryption. Cloud-based services make sense, because email is carried on
the Internet while in transit. A cloud service can provide multiple email
services from high availability facilities with professional 24/7/365 administration,
monitoring and support.
• Protect Your Assets with Encryption - Defined policies will shield
sensitive company data from open Internet exposure. email encryption
protects your sensitive email data from being transmitted
outside the network.
• Comply with Data Privacy and Security Regulations with Encryption
- Use email encryption to comply with GLBA, Sarbanes-Oxley
and PCI guidelines.
for archiving. The documented email archiving policy and procedure
must be adhered to. Your retention period could be from one
to seven years. Management will need to decide the time period and
include it in the policy.
• An email archiving and storage solution utilizing either selfmanaged
or outsourced technology. Email data must be archived
to write-once media with the stated retention policy.
With a reasonably priced solution and a documented policy, your organization
can reach an improved level of privacy compliance and improve its
legal position.
For more information and compliance questions, please contact John Pelley , CISSP,
ISSAP, MBCI - Redhawk Network Engineering, Inc. 541-382-4360 extension 102,
email:john@redhawksecurity.com. For more about email security solutions please visit
the Redhawk website at www.redhawksecurity.com
Improve Your Security and Legal Posture with Hosted
Email Archiving
Email archiving works with your email system to enable you to store, search
and recover email when needed.Why archive email
• To secure mission critical data with offsite storage for disaster
recovery – Offsite storage of your business communications is a
necessary component of a disaster recovery plan. A hosted archive
solution will mitigate the risk of losing critical communications.
• Establish an email archiving program and improve your legal
posture – if your organization does not meet the legal criteria for archiving,
email may not be admissible in court. Your defense against
email content brought into litigation may also be compromised.
Elements of an Effective Email Archiving Program
Email is legally admissible as a business record when a consistently applied
method is utilized for archiving and storage. This approach complies with
the chain of custody and rules of evidence legal precedents. A strong legal
posture is achieved by:
• A documented policy with stated retention period and procedures
23
July/August 2011 ⏐