Audience: technical

Why ZSentry?

Because information will out.
NMA ZSentry adds regulatory compliance, including HIPAA & HITECH Safe Harbor, mobility, functionality and usability without changing your current solutions and providers. You can send securely to anyone with an email address, and receive their secure reply on first contact without requiring registration.

ZSentry includes three distinct ways to communicate securely, your way:

ZSentry AppZSentry App: the web-based way to send, read and store secure email & files with your own choice of email provider, whether or not web-based. No installation or plugin. Works in Windows, Mac, and Linux, for desktop, cloud, and phone. No setup. Also provides self-management functions, including service personalization and password reset 24/7.

ZSentry ClientZSentry Client: if you’re not using ZSentry with a mail or cloud client you’re missing the full picture! ZSentry Client is the app-less way to send, read and store secure email & files with your own choice of mail / cloud clients. No installation or plugin. Works in Windows, Mac, and Linux, for desktop, cloud, and phone. Flexible setup options, mashing mail and cloud clients for worry-free regulatory compliance according to your environment needs.

ZSentry APIZSentry API: you can easily access the ZSentry “bare metal” for maximum flexibility & performance. ZSentry API is the server-side way to send, read and store secure email & files with your own choice of email server. Also works client-side. No installation or plugin. Works in Windows, Mac, and Linux, with .NET, C#, Java, PHP, PowerBuilder, and more. Works with Exchange Server and Postfix.

Sender and recipients can use one or all three ways, in any location or device (Anywhere, Anyway). ZSentry automatically creates a matched secure connection path, according to choices of both sender and recipients. ZSentry is provided online and is always current, with the latest updates in compliance, mobility, functionality and usability. No cost of deployment or update, and no technical support required on your site. HIPAA compliance requires the ZSentry Premium service.

Highest Security and Usability

In any way that email may be used as an information transfer system for business, the two most important requirements usually are security and usability. For example, your organization should not expose data and customers to security breaches online which, together with impersonation fraud ("identity theft"), spam, and email spoofing, can include hefty HIPAA fines of $10,000 up to $1.5 million per violation, mandatory and costly breach notification to customers, and ensuing loss of reputation.

Even though conventional PGP and PKI/X.509 solutions are notoriously far too difficult to use, a number of providers use servers to automate some of the tasks that were previously done manually. While this does improve ease-of-use, it may compromise HIPAA/HITECH Safe Harbor conformance, and still has to deal with several limitations of the underlying technologies PGP and X.509/PKI.

For example, the lack of first-contact capability in PGP and X.509/PKI has been countered by server-solutions that set and request passwords, which reduces usability for first contact, creates online targets for username and password lists, and sharply reduces security.

Security and Usability Chart, © E. Gerck, 2008The security and usability ranges of each technology can be evaluated from a point-by-point comparison using diverse performance criteria to evaluate different implementations of the same technology.

The graph provides a visualization of the relative positions of each information security technology in terms of security and usability, measured using secure email as an application example. The bubbles represent uncertainty due to implementation differences. The graph uses data from Gerck, E. (2007), who applied scientific, peer-reviewed metrics to measure Usability and Security.

NMA ZSentry Mail (Zmail) solves the quest for email security and usability in that ZSentry is qualitatively better in both security and usability than PGP, PKI/X.509, IBE and other technologies [*].

Moreover, ZSentry also supports PKI/X.509 and PGP, and extends these standards in significant ways. An important issue solved, of course, is the problem of initial contact. ZSentry allows secure first contact and reply without previous interaction (e.g., exchanging passwords, requiring registration) or work (e.g., searching a directory, solving puzzles), and provides a number of life-cycle control functions, including release and expiration. ZSentry also supports SAML and SSO, so that it can be part of a federated-identity ecosystem.

In addition to protecting your business information, and satisfy HIPAA, SOA and other regulatory obligations, ZSentry can become a key enabler to enhance functionality, maintain a competitive advantage, grow your business, reduce costs, improve cash flow, and use your existing infrastructure while taking you forward.

Disconnected business processes and applications, and apparently limited software, can now become key assets in a renewed IT environment and generate higher returns on existing investments. Moreover, your staff need not learn anything new, or a new paradigm. After account setup, they continue to work using a familiar office application such as Outlook and Word, while ZSentry reduces to a minimum the demands on what users must learn and have to be trusted with.

See why ZSentry redefines ease-of-use while improving security: Try ZSentry NowClick to Try

Security and Usability of Available Email Security Solutions

Some email security solutions use PKI management for encryption/decryption but do not use PKI for user authentication, even after first contact. For example, ZixCorp uses PKI management in the background as part of the hosted service but users are authenticated using what PKI/X.509 classifies as "weak authentication" (ie, username/password).

While PKI/X.509 and PGP server-solutions potentially increase usability, they also decrease security when compared with conventional PKI and PGP solutions. In particular, the combination username/password is notoriously easy to guess and hard to protect in servers. It is security-wise inadequate in general, in spite of all access-control assurances and audit procedures.

Uniquely, with NMA ZSentry you have no targets online. Your login credentials and your keys are not stored anywhere, so that there is no password or user key list that could be attacked online. Without a key anywhere to be found, all your files, which are encrypted, are just gibberish if captured by an attacker. ZSentry further protects your identity, with name and email address authentication provided by cryptographic challenge-response with two-factor authentication and anti-spoofing.

The table below shows the major information security technologies that are available today, with secure email solution examples categorized by their dominant technology use.
PGP PKI/X.509 IBE ZSENTRY
Echoworx
HushMail
PGP
 Axway/Tumbleweed
Echoworx
Entrust
Cryptzone
Outlook
Postini*
Rpost*
RSA
Verisign
ZixCorp* 		MessageGuard
Voltage
 Zmail Basic
ZSentry App
ZSentry Client
ZSentry API
Product and company names cited may be copyrighted and trademarked by their owners.

NOTES: Email solutions marked with * may only provide password-based encryption and, thus, fall short as secure email solutions.

Mobility & Regulatory Convergence

Read how NMA ZSentry adds regulatory compliance including HIPAA & HITECH Safe Harbor, mobility, functionality and usability to your applications without changing them. Click for technical diagram and articleGo

References

Gerck, E. (2007). Secure email technologies X.509/PKI, PGP, IBE and Zmail. In Corporate Email Management, Chapter 12, Edited by Krishna SJ, Raju E., pp.171-196, Hyderabad, India, ICFAI University Press. Available online at http://email-security.net/papers/pki-pgp-ibe-zmail.pdf.

Neppe, V. M. (2008). The email security-usability dichotomy: Necessary antinomy or potential synergism?. In Telicom, 21:3, May-June, pp.15-31. Available online at http://email-security.net/papers/usable-secure-email.pdf.

Whitten, A. and Tygar, J. D. (1999). Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium. Available online at http://www.gaudior.net/alma/johnny.pdf

See also: Red FlagsLearn more

Main Technical Notes
Overview   Key Features   ZSentry App   ZSentry Client   API   Smart IT   SAML & SSO
  Security   Usability   HIPAA & HITECH   Experience   Why ZSentry?   Red Flags   SUMMARY

Development and © by NMA

Trademarks and Copyrights as described in our Legal Statement. We protect Your Privacy.