Stop the LeakWhat Google Apps Admins Need to Know

About Email Encryption

Will Ackerly

Co-Founder & CTO

Introduction

Pulling Back the Covers: What You Need to Know

Alternative Approaches to Encryption

Virtru Demo

Point to Point (SSL)• Nice if your provider uses it, but can’t guarantee your recipient uses it

• Just because there is a green lock doesn’t mean it’s a secure communication

What Is Email Encryption? Point-to-Point

Encrypted

Content

Sender RecipientMail Client Google Server

Encrypted

Content Unencrypted

ContentUnencrypted

ContentUnencrypted

Content

Unencrypted

Content

Recipient’s

Mail Server

Mail Client

Encrypted

Pipe

? ?

May be

Encrypted

May be

Encrypted

Zix and Google Apps Message Encryption• Helps enforce point-to-point encryption

• Requires new account on a new system with distinct user name/password

What Is Email Encryption? Portal-based

Sender

Encrypted

Content

Mail Client

Plain Text

Content

Google Server

Plain Text

Content

Plain Text

Content

GAME Content

Server

Encrypted

Content

Mail Client

GAME Portal

Plain Text

Content

Encrypted

ContentLink to Portal

Recipient1st Interaction

Recipient2nd Interaction

Register Account

or Login

Virtru, PGP, S/MIME• Protection at rest and protection in transit

• Protects against compromised servers or lost clients

• Recipient must have access to encryption keys

What Is Email Encryption? End-to-End

Sender Recipient(Only Interaction)

Encrypted

Content

Stays Encrypted the Entire Time

Encrypted

Content

Encrypted

Content

Mail Client

Encrypted

Content

Google Server

Encrypted

Content

Encrypted

Content

Encrypted

Content

6

Tin Foil Hat Not Required

encryption becoming mainstream

Mainstream Encryption Requirements 7

Corporate Risk

CybersecurityRegulations

Regulatory Requirements 8

Doctor

Specialist

Hospital / Clinic

Health Records/PII Patient

Information Leaks 9

Customer List

Competitor

Sales Repbill@yourcompany.com

Sales Repbill@gmail.com

Threat is that unprotected copies proliferate• Senders “Sent Items” on all your computers

• Recipients “Inbox” on all their computers

• Sender ISP/Company Servers

• Recipient ISP/Company Servers

Hacking and Surveillance 10

Identity Thief

Hacker

Sender Recipient

Cyber Criminal

Doesn’t Google Already do This for Me? 11

What Capabilities Are Required 12

Super Easy To Use

Anyone Must Be Able to Read

Give Senders Control of their Content

13

Virtru: Simple Email Privacy

As easy as Gmail

Protects emails and files

Send to anyone anywhere

Revoke, expire, control forwards

Control for Google Apps admins

DEMO OF VIRTRU FOR BUSINESS

What to do next 15

Try Virtru for Yourself

www.virtru.com

Try Virtru for Your Company

www.virtru.com/business

APPENDIX

17

Simple Email Privacy

Sender Recipient

(Only Interaction)

Mail

Client

Mail

ClientEncrypted

Content

Google SSL Connection

Google

Server

Virtru Key Server

Encrypted

Content

KeyKey