acs email encryption
DESCRIPTION
ACS Email Encryption. Project Sponsors. Chris Leach, Chief Information Security Officer Kevin R. Mitchell , Director of Encryption Services David McLaughlin , Manager Boundary Services Joan Burns , Program Manager for Encryption Services Business Information Security Officer. Slide 2. - PowerPoint PPT PresentationTRANSCRIPT
© Affiliated Computer Services, Inc. (ACS) 2009Slide 2
Project Sponsors
Chris Leach, Chief Information Security Officer Kevin R. Mitchell, Director of Encryption Services David McLaughlin, Manager Boundary Services Joan Burns, Program Manager for Encryption Services Business Information Security Officer
© Affiliated Computer Services, Inc. (ACS) 2009Slide 3
Agenda
Overview of ACS Email Encryption Automated Email Encryption Rollout Examples of how Email Encryption Works Now Example of how Email Encryption Works After What business units need to do Impact to clients
© Affiliated Computer Services, Inc. (ACS) 2009Slide 4
ACS Email Encryption Overview
Encryption of email is currently a manual process Users must place [PGP] in subject line ACS employees are sending 5.4 Million messages per week
Consequences of Unencrypted Email Sent as plain text over the internet
– Anyone who can sniff network traffic can read it causing the data to be at risk
If accidentally sent to incorrect person could constitute a reportable breach
© Affiliated Computer Services, Inc. (ACS) 2009Slide 5
Unencrypted Email Consequences
Below is an example of several Credit Card numbers which were accidentally sent unencrypted.
The average data breach cost is continuing to rise, growing 43% since 2005 to an average $197 per data record compromised. This is a cost on average of $6.3 million per breach. – Ponemon Institute
© Affiliated Computer Services, Inc. (ACS) 2009Slide 6
ACS Encryption Services
What has already been done to help? Implemented a solution to encrypt email using [PGP] in subject
line What are we doing to make things easier?
Implementing scanning of sensitive data to reduce risk Added Secure PDF delivery feature
© Affiliated Computer Services, Inc. (ACS) 2009Slide 7
How Encrypted Email works now…
Email is sent with [pgp] in the subject line
© Affiliated Computer Services, Inc. (ACS) 2009
How Encrypted Email works now…
Email is received by Client
© Affiliated Computer Services, Inc. (ACS) 2009
How Encrypted Email works now…
Email contains a link to the Web portal
© Affiliated Computer Services, Inc. (ACS) 2009
How Encrypted Email works now…
Client logs onto the Web Portal and creates a passphrase
© Affiliated Computer Services, Inc. (ACS) 2009
How Encrypted Email works now…
Email is reviewed on the Web Portal
© Affiliated Computer Services, Inc. (ACS) 2009Slide 12
How Encrypted Email will work after the Rollout of Automated Email Encryption
ACS user will continue to send email with sensitive information using [PGP] in the subject line
Initially customer will receive an email with link to set up a passphrase so they may receive the email sent from ACS
– After the client receives their first email they will not be required to setup a passphrase again
After Customer enters passphrase they will receive the original email that was sent by ACS, as a secure PDF. The PDF will be encrypted and can be opened using the passphrase they entered.
Any subsequent emails with [PGP] in the subject line will go directly to the customer as encrypted PDF which the customer can open using the passphrase they set up.
© Affiliated Computer Services, Inc. (ACS) 2009
How Encrypted Email will work after
Email is sent but the ACS Employee forgets to put [pgp] in the subject line
© Affiliated Computer Services, Inc. (ACS) 2009
How Encrypted Email will work after
Client receives the email
© Affiliated Computer Services, Inc. (ACS) 2009
How Encrypted Email will work after
Client clicks on the pdf to view the email
© Affiliated Computer Services, Inc. (ACS) 2009
Client enters their previously defined passphrase
How Encrypted Email will work after
© Affiliated Computer Services, Inc. (ACS) 2009
How Encrypted Email will work after
The email message is displayed along with any attachments
© Affiliated Computer Services, Inc. (ACS) 2009Slide 18
Advantages to the new delivery method
Secure PDF delivery will allow our customers to get their email locally to their mailbox
This allows each client to keep a copy of the encrypted email on their local computer for review each time they need to refer back to it.
Only login once to setup passphrase Once the initial passphrase has been setup they will not need to
login to the web portal unless they need to respond to the email securely.
© Affiliated Computer Services, Inc. (ACS) 2009Slide 19
What Business Units Need To Do
The appropriate ACS representative for each client, vendor, or business partner must:
Inform clients, vendors, or business partners of the upcoming change
Communicate any rollout exceptions (client domains or ACS email addresses) to Pat Elledge including:
– Clients, vendors, or business partners who do not want to receive encrypted email from ACS
– Any ACS email addresses that need to be exempted from the encryption rollout (ex: system automated process)
© Affiliated Computer Services, Inc. (ACS) 2009Slide 20
Impact to Clients
Minimal impact as follows:
First Time Users:
First time Clients simply need to click on a link in the secured email and initially set up a passphrase on the web portal.
Existing Users
The encrypted email appears in their mailbox as a pdf attachment. The user will click on the attachment and enter their previously created passphrase.
Note: There is a detailed Recipient Guide available for reference.