Académique Documents
Professionnel Documents
Culture Documents
Compliance
Best Practices of Email Security for Regulatory Compliance
Page 1
Content
1 INTRODUCTION ........................................................................................................................ 4
1.1 WHY IS OUTBOUND CONTENT COMPLIANCE AN ISSUE? ....................................................................... 4
1.2 COMPANIES MUST COMPLY TO LAWS AND REGULATIONS .................................................................... 5
1.3 RECENT EXAMPLES OF DATA LEAKS................................................................................................... 6
1.4 COSTS OF A DATA BREACH .............................................................................................................. 7
2 SECURED EMAIL – CLIENT APPLICATION OF THE SIMPLE ENCRYPTION PLATFORM .................. 8
2.1 SECURED EMAIL - END POINT SECURITY FOR EMAIL ENCRYPTION.......................................................... 8
2.2 SECURED ECONTROL - INTEGRATES WITH SECURED EMAIL FOR ENFORCED ACTIONS .................................. 8
2.3 SECURED EFILE - ENCRYPT NETWORK FILES/FOLDERS FOR AUTOMATIC AUTHENTICATION ........................... 8
2.4 SECURED EDISK PROTECT - WHOLE DRIVE ENCRYPTION – ENTERPRISE MANAGEMENT .............................. 9
2.5 SECURED EUSB – ENCRYPTS ANY USB FLASH DRIVE IN THE MARKET TODAY! .......................................... 9
2.6 SECURED EGUARD - END POINT SECURITY - CONTROL, MONITOR AND LOG ENDPOINT ACCESS..................... 9
3 SECURED EMAIL ...................................................................................................................... 10
3.1 SENDING SECURED EMAILS - USER PERSPECTIVE............................................................................... 10
3.1.1 Establishment of a Secured Channel – Identification of the receiver ........................... 10
3.2 CHOICES WHEN OPENING A SECURED EMAIL – A USER PERSPECTIVE ................................... 12
3.3 SECURITY PERSPECTIVE – SKG - STRONGEST LINK IN ENCRYPTION ....................................................... 13
3.3.1 Encryption .................................................................................................................... 14
3.3.2 The encryption procedure step by step ........................................................................ 14
3.3.3 Centrally managed keys ............................................................................................... 15
3.4 ENTERPRISE PERSPECTIVE ............................................................................................................ 17
3.4.1 Central Management ................................................................................................... 17
3.4.2 Global Object Synchronization ..................................................................................... 17
3.4.3 Role based administration ............................................................................................ 18
3.4.4 System Access Rules and Procedures ........................................................................... 18
3.4.5 Seamless integration with existing infrastructure ........................................................ 18
3.4.6 Flexible Deployment ..................................................................................................... 19
3.4.7 Policy Management...................................................................................................... 19
3.4.8 License Management ................................................................................................... 19
3.4.9 Central Password Management ................................................................................... 20
3.4.10 Education management ............................................................................................... 20
4 SEP ENTERPRISE DEPLOYMENT AND SCALING ......................................................................... 21
4.1 OVERVIEW OF SEP COMPONENTS ................................................................................................. 21
4.1.1 SEP Database................................................................................................................ 21
4.1.2 SEP Server ..................................................................................................................... 21
4.1.3 SEP Clients .................................................................................................................... 21
4.2 SCALABILITY AND FAILOVER .......................................................................................................... 22
4.2.1 SEP Database................................................................................................................ 22
4.2.2 SEP Server ..................................................................................................................... 22
4.2.3 SEP Management Console ............................................................................................ 22
4.3 PERFORMANCE AND STORAGE ...................................................................................................... 23
4.3.1 SQL Database Size ........................................................................................................ 23
4.3.2 Load on SEP Server ....................................................................................................... 23
4.3.3 Load on SQL Server ....................................................................................................... 24
4.3.4 Load on Network .......................................................................................................... 24
4.3.5 Load on Active Directory .............................................................................................. 24
Page 2
4.4 DEPLOYMENT STRATEGIES ........................................................................................................... 25
4.4.1 Single Region / Small Medium Enterprise .................................................................... 25
4.4.2 Single Region / Small Medium Enterprise with Failover ............................................... 26
4.4.3 Multi Region / Large Enterprise.................................................................................... 27
4.5 RECOMMENDATIONS .................................................................................................................. 28
4.5.1 Number of Endpoints per Server .................................................................................. 28
4.5.2 Hardware for SEP Server .............................................................................................. 28
4.5.3 Number of SEP Servers ................................................................................................. 29
4.5.4 SQL Database ............................................................................................................... 30
4.6 POTENTIAL BOTTLENECKS ............................................................................................................ 31
4.6.1 Active Directory Synchronization .................................................................................. 31
4.6.2 Connection Congestion ................................................................................................. 31
4.6.3 Secured eUSB Log Synchronization............................................................................... 31
5 SUMMARY .............................................................................................................................. 32
Page 3
1 Introduction
What is Outbound Content Compliance? Outbound Content Compliance (also
outbound content security or OCC) is a new segment of the computer security field,
which aims to detect and prevent outbound content that violates policy of the
organization and/or government regulations. OCC deals with internal threats either
malicious or accidental as oppose to more traditional security solutions (firewall, anti-
virus, anti-spam etc.) that are dealing with external threats. Therefore, it is sometimes
called inside-out security. These systems are designed to prevent and detect the
accidental sending of sensitive and confidential information outside of the
organization at the same time – educating information workers on the organizations‟
security policies, industry and/or regulatory compliance.
Page 4
sales manager sends a customer database and the “agreed to” marketing plan to
an outside marketing company for the first activity in the marketing plan. Some are
accidents waiting to happen; while others are malicious attempts to deceive the
company.
Many organizations now fall under oversight of government and industry regulations
that mandate control over private information, including HIPAA in health and
benefits, GLBA and BASEL II in finance, Payment Card Industry DSS standards,
Sarbanes-Oxley, and more than 42 states in United States have passed data privacy
or breach notification laws that require organizations to notify consumers when their
information may have been exposed. One high-profile example is California SB 1386.
The EU Data Protection Directive was first introduced 1995 and have since then been
updated and implemented by all member countries.
Most recently as September 24, 2009, the United States announced the HIPAA Hitech
Act that provides a "safe harbor" for Protected Health Information and that safe
harbor is achieved through the use of encryption technology to achieve the goals of
protecting sensitive and confidential information.
The Health Insurance Portability and Accountability Act of 1996, was passed by
United States Congress to improve the efficiency and effectiveness of the health care
system, and reduce the incidence of fraud. There are three basic component of the
basic security rule - confidentiality, integrity and availability of electronic protected
health information. The focus of this policy requires increasing the secure automation
of patient records and electronic health care information transfers. With the advent
of automated health systems there are increasing number of transfers of information
between users which poses more new security and privacy risks that have never
existed before. In recognition of this increased risk, the drafters of this legislation
included provisions for the regulation of information privacy and information systems
security. Access Control provides users with rights and privileges to access and
perform functions using information systems, applications, programs and files.
The EU Data Protection Directive (Directive 95/46/EC) has been implemented by all
member states and the purpose is that “Everyone has the right to respect for his
private and family life, his home and his correspondence.” This regulation applies to
any operation involving personal data including collection and storing of the data.
The directive is requiring organizations to handle all personal data in a manner that is
secure and appropriate. More info can be found at the following link;
http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm
Page 5
1.3 Recent examples of data leaks
August 3, 2009
National Finance Center – 27,000 via unencrypted email
An employee with the National Finance Center mistakenly sent an Excel spreadsheet
containing the employees' personal information to a co-worker via e-mail in an
unencrypted form. The names and Social Security numbers of at least 27,000
Commerce Department employees were exposed.
……………………………………………………………………………………………………………
August 4, 2009
US Army National Guard sends email w/131,000 sensitive data
A individual sends an unencrypted email with the personal information of
soldiers enrolled in the Army National Guard Bonus and Incentive Program.
The data includes the names, social security numbers incentive payment
amounts and payment dates. The soldiers will be notified by letter.
…………………………………………………………………………………………
August 6, 2009
Department of Corrections – Email breach – 1,084 people
Social Security Numbers of 1,084 Department of Corrections Employees
Emailed Out
…………………………………………………………………………………………
July 31, 2009
Jackson Memorial Hospital – Via email
A Miami man was charged with buying confidential patient records from a Jackson
Memorial Hospital employee over the past two years, and sending them through
email and selling them to a lawyer suspected of soliciting the patients to file personal-
injury claims.
……………………………………………………………………………………………………………
July 16, 2009
Broadridge Financial Solution,Inc. – 10,000 Customers Proxy emailed
Broadridge Financial Solution, Inc. emailed proxy services for clients, including the
processing, distribution and tabulation of Annual Meeting Proxy materials for
registered shareholders of publically traded companies. The firm inadvertently
disclosed Dynegy shareholder information including name, address, Social Security
number and other account information to another client.
.……………………………………………………………………………………………………………
June 6, 2009
Ohio State Dining Services – 150 students Sensitive Information breached
Student employees had their social security numbers accidentally leaked in an e-
mail. The hiring coordinator for Dining Services, and OSU student, received an e-mail
with an attachment that included students' names and social security numbers. He
accidentally sent the attachment in an e-mail reminding student employees to sign
their waivers for the Ohio Employees Retirement System. Sent
.……………………………………………………………………………………………………………
Page 6
1.4 Costs of a data breach
The exact cost of a data breach can be debated but the bottom line that all
business managers agree that it is expensive and can affective the overall value of
an organization.
Page 7
2 Secured eMail – Client Application of
the Simple Encryption Platform
The Simple Encryption Platform, SEP, provides an organization with the possibility to
achieve full DLP through one platform. SEP is a strategic framework that enables an
organization to be able to manage all of its data as well as all of its members.
Protecting intellectual property and customer data are top security concerns for any
business today. Whether in transit over a network or at rest on your system, encryption
helps secure information, minimizing the risk of being altered or accessed by
unauthorized internal and external users. Secured eFile enables organizations, teams,
and information workers to easily share files and folders securely with individuals and
groups. Today customers, business partners, and regulators require stronger and
Page 8
additional verifiable measures for protecting sensitive information. At the same time,
data access is more distributed causing suppliers and partners to become deeply
integrated into many organizations‟ business processes and IT infrastructures.
Continuous sharing of critical data internally and externally creates new security
challenges for controlling access to data. Without strong data protection, enterprises
may be exposed to significant financial and intellectual property loss, legal penalties,
and damage to the brand.
Secured eDisk Protect offers full hard drive encryption for laptops, workstations, and
servers to ensure the ultimate protection against unauthorized disclosure of data and
sensitive information. Today, common threats include the misplacement of mobile
devices, theft of PCs, laptops, and servers, as well as data theft when systems are
discarded. Organizations need privacy management solutions that ensure sensitive
information is protected from unauthorized access as well as eliminate the risks
associated with losing mobile storage device.
Secured eUSB is a software solution that converts and upgrades standard USB flash
drives to encrypted and secure USB flash drives with strong central policies. The
storage capacity of USB flash drives have grown tremendously, with costs ever
decreasing. The facts of life with most organizations are that employees are using
more and more of these devices with or without approval of IT management. With
employees using their own flash drives, traveling with data to customers, and/or
taking work home, organizations are constantly at risk from unprotected data on an
unsecured flash drive. The consequences can be devastating - lost reputations, lost
profits, lost jobs. In short: all the horrors you read about in the daily news.
Secured eGuard is our enterprise-grade solution for portable device control that
proactively secures your most important corporate information. It controls, monitors
and logs how your data is downloaded and uploaded to the endpoints and allows
users to create enforceable security policies, view real-time activity and results, and
centrally manage any type of removable media, portable storage device and
communication interface. Secured eGuard‟s policy-based control of endpoint
access to portable storage devices and removable media effectively prevents
unauthorized use of enterprise data and enforces endpoint security policies, which
comply with regulatory requirements, such as Sarbanes-Oxley, California SB1386 or
the Health Insurance Portability and Accountability Act (HIPAA). Secured eGuard is
deployed and managed centrally allowing security administrators to define policies
that are automatically distributed to the endpoints using so called Endpoint Agents.
These policies are enforced and all relevant events are communicated back to the
Management Server. Close integration with enterprise directories and enterprise
management systems enables easy deployment and extensive monitoring and
reporting.
Page 9
3 Secured eMail
Secured eMail is email security software that provides powerful end to end, easy to
use email encryption. Email is commonly used to transmit sensitive or confidential
information - including operational data, trade secrets, and legal documents. Thanks
to the Secured eMail Reader, recipients of secured emails do not need to purchase a
license in order to read or reply secured.
Figure 2 - The Send secured button – When Secured eMail is installed the user will get
a new button, Send secured that enables the user to send secured emails.
The optional Secured eControl application delivers Data Leak Prevention (DLP)
beyond encryption. Deployed on the client, you can control the flow of information
to any degree you wish. Ready-made policies for federal as well as state laws such as
HIPAA, SOX, GLBA etc, make it easy for customers worldwide to deploy a solution for
content encryption. When Secured eControl is installed and integrated with the
Secured eMail application, security policies can be applied to enforce securing an
email when user clicks the „send‟ button in his mail client, without the need to press
the Send Secured button. The Secured eControl polices are highly customizable rules
that controls the outcome of a user action. The policies can for example be set to
react on recipient email addresses, or the very content of the sensitive information
itself, such as detection of social security numbers, credit card information and other
items of sensitive information.
The shared secret can be provided to the application in two ways; manually by the
user, or automatically with the use of an Enterprise Server.
In the first example, the user is prompted to create a custom shared secret. The bit-
strength of the shared secret created by the user can be controlled with the use of
Page 10
password policies. These policies control the number of characters of the secret, as
well as what kind of characters that needs to be used.
In the second scenario, the client will retrieve the shared secret from the Enterprise
Server. If the Enterprise Server cannot deliver a stored shared secret, the user will be
prompted to create the secret himself.
Once the secured channel has been established, the client application maintains the
trusted relationship. This means that once an email has been secured, there will be no
need to define a shared secret again. The next email will be sent securely through
the channel, with automatic authentication, without the need of a password –
forever.
During the process of sending a secured email, the sender has the option to provide
a custom unencrypted message that gets embedded with the wrap-mail. The
unencrypted message is a valuable option for communicating per-message
information in a plain form, readable by the recipient.
Once an email has been created and sent to an external recipient, the sender is
responsible to provide the means for the shared secret exchange. The shared secret
is an authentication tool to verify that only the correct receiver can read the secured
email. The exchange of the shared secret will only be done once and it will only be
entered once by the receiver. When the verification is done the sender and the
receiver can continue to send secured emails to each other forever without being
asked for any new verifications. It is possible to set up a policy so the receiver will
have to verify again every month if those requirements exists.
The shared secret can be a combination of information that is known by both parties.
For example, a shared secret may be a customer number, the last six digits of their
social security number, initials plus last four digits of the social security number,
anything that the recipient would know without forgetting the information. There is a
multitude of agreed upon shared secrets that provides a high level of security and
can be easy of remembered by the sender and the recipient. Additional methods of
communicating the shared secret can be done by built-in functionalities such as
using fax-printouts, email-drafts or verbally by the user himself. As for inbound
communication the server will handle all key-exchange.
It is our belief that sending a secured email is an end to end-point based process
which can be done without the use, need and cost of a gateway. The Secured eMail
and Secured eControl application can be used in an offline or online environment, as
if they are still connected to the Internet. When a user sends an email in an offline
state, the user will see their secured email “become encrypted” and end up in his
outbox - at the time of sending the email. When the user connects to the Internet,
the email will be automatically sent out of the “outbox” and deposited in the sent
folder.
One key differentiator of the Secured eMail application is the recipient accessibility of
the secured content. As Secured eMail‟s secured content is sent using the MIME layer,
as an attachment to the wrap-mail, which allows the user to access their emails from
anywhere, including public mail-services such as gmail, hotmail etc.
Required components when sending secured emails are Outlook or Lotus Notes in
conjunction with the Secured eMail Client, which is a Windows Application.
Page 11
3.2 Choices when Opening a Secured eMail –
A User Perspective
A recipient of an encrypted email will first experience the deliver of the wrap-mail,
which is a notification to the recipient that they have received an encrypted email
and special instructions on how to read the encrypted email. Within the content of
the wrap-mail, the user is provided an option to download either the Full Reader
Application or the Reader Lite, which will be required to open the secured email. The
user must have administrative rights in order to install the Full Reader.
For users that don‟t have administrative rights, the Reader Lite application is a perfect
solution. The Reader Lite does not require administrative rights, though JAVA is
required on the recipient computer.
In Outlook and Lotus notes, the user will simply double click the email to open it. The
preview pane will display the content of the wrap-mail. As for users with other mail-
clients in-conjunction with Secured eMail client will simply be required to open the
secured content as an attachment to the wrap-mail. The email will then be displayed
as created by the sender “within the local-machine web-browser”.
Once the software is installed, and the user wants to open a secured email, the
content has to be decrypted with the key used at the time of encryption. The
instructions on the wrap-mail will provide a way to communicate the means to
retrieve the secret used. Many implementations currently do this favorably using
already established ways to communicate to the customers, such as profile-driven
forums or by fax, postal mail or even verbally.
Page 12
In enterprise scenarios, and inbound messaging, the key is retrieved automatically
and seamlessly from the Enterprise server.
Once a secured channel has been established, our client software maintains‟ the
secure channel and will never have to be recreated. The next time an email is
received from the sender, the encrypted email is automatically opened without the
use of the shared secret. The client software, if used in conjunction with Outlook or
Lotus Notes allows the recipient to reply securely to the recipient without the need of
software license.
Secured eMail is based on pure end to end-point encryption concepts. The key used
to uphold a secured channel for email communication is discarded and does no
longer physically exist on the client side once an email has been sent or opened.
Only a hashed version of the key exists locally on the client and centrally on the SEP
Enterprise server and it will become the channel key to use when sending or opening
an email next time.
Secured emails are encrypted using AES 256 PHM (padded hashed message). Any
key provided are prior to encryption brute force-protected using SHA2. Since Secured
eMail uses pure symmetric encryption concepts, there is no need for PKI
management;, certificate enrollment; maintenance; and disaster-recovery; etc. An
email can be sent securely to anyone, at any given time. The Secured eMail client
protects all locally stored profile data in a secured database using AES256 and a
policy defined protection method.
Page 13
3.3.1 Encryption
For secure client communication SEP uses SSL, implemented through the industry
standard Open SSL library. Encryption of databases, profiles and on client is done
using AES 256 encryption. The example shows how a client encrypts a file, the same
approach and module is used by SEP, but then the result is stored as database tables.
Pl
a
in
te
tx
SEP - Data Layer Key
Ke
Pla
Key
in
SEP – Interface Layer
tex
t
Secured Data
Keyslot
Secured Content Layer Key GUID, non- Cipher of Randomized
Cipher of Content
sensitive attributes 256 bit Key
The process starts with a client getting instructions to encrypt a plaintext file.
Page 14
3.3.3 Centrally managed keys
The Enterprise Server is managed with the use of a powerful management console.
The server‟s main task is to manage the company entities related to the Secured
eMail implementation, such as member-structures, secrets and policies. Furthermore
the Management Console hosts “services for helpdesk applications” such as lost
passwords and deployment tool creation.
With the use of the server, all client behavior can be centrally managed by a rich
policy system. The policy system provides a way to apply rules regarding a specific
user action to users or the user-group it belongs to. This provides the tools necessary
for an administrator to apply secure messaging in a controllable way.
When a user sends a secured email to a new contact, the Secured eMail client will
perform a server-request to retrieve a secret to use with the contact. The server will
resolve the client-request, and provide the secret with the help of predefined
Secured Groups. The user will never see this secret in plain text, and is only visible to
the administrator at the company at any given time. The actual seed provided to
client is not stored at the client machines, but mainly used to establish a secured
channel with the recipient as one of the channel‟s key generation factors. Using the
shared secret of a Secured Group it is possible to access any email that has been
sent or received through the group.
Figure 5 Secured Group Properties – It is possible to change shared secret for a group and
also ask the system to generate unique seeds for each individual user in a secured group.
Page 15
connectivity to the Enterprise Server during the decryption phase to be able to
automatically retrieve the secret. This means that while external contacts can take
part of secured groups they will not be able to open the email unless this requirement
is fulfilled. As for external communication, the system relies on user to user
communication of the shared secret, and that shared secrets are created by the
users themselves rather than managed with the help of Secured groups.
The wrap-mail that gets sent to a recipient is a central policy and the IT administrator
can design several different wrap-mail templates and deploy them to the enterprise.
The secured email can then carry information about the company‟s policy to secure
information, as well as instructions how to access the secured content.
Page 16
3.4 Enterprise Perspective
The SEP Management Console has been empowered greatly to fit larger enterprises
with 100 thousand users plus. Focus has been at enhancing the member- and policy-
systems, as well as a high-end security role system. MSI deployment features and a
template design system.
Figure 7 SEP Management Console – Here the IT Administrator can manage users, groups,
licenses, policies, security roles and secured groups.
The Enterprise Server centrally manages and enforces security policies for all
Cryptzone products. It has the ability to create custom environments, specific settings
and permissions for different groups as well as specific users and then deploy this
across an entire network. This managed system allows users to log in to an
environment that is appropriate to their needs and consistent from one client to the
next.
A Global object is a piece of data that is synchronized between server and clients.
The data can be anything from policies, licenses, passwords to templates and
enables synchronization for a single user between laptops, desktops and even a Citrix
login. This technology makes sure that no matter what computer a user logs into, the
user will be able to use the technology they are licensed for, regardless if the user is
online or offline. Global Object Synchronization allows the power of the technology to
be in the hands of the user, as well as the IT administrator. For the IT administrator ‐ this
Page 17
means that encryption keys, policies, licenses and passwords are always
automatically archived for backup. In the case of a computer crash or a regulatory
audit ‐ incident logging files and audit reports are close at hand.
The platform allows for permissions to be defined for individuals and groups, enabling
a flexible, multi‐tiered administration system with effective delegation of access rights
and responsibilities through dedicated user‐roles.
Figure 8 Security Roles – The picture shows the Security Roles feature where it is possible to
create different security roles for users in the SEP Management Console.
Client authentication can be customized depending on the need for user identity
verification. From single sign‐on (SSO) using windows authentication, down to
authenticating users every time a secured email is opened. SEP Server authentication
can be either Windows® authentication or user name and password. The roles
assigned to the user then dictate what is possible to view, edit and create.
Page 18
3.4.6 Flexible Deployment
SEP Management Console offers an easy and scalable way to deploy security
policies and monitor security to ensure compliance with corporate security policies.
Centrally define, enforce and monitor information policies from a single,
enterprise‐wide console, ensuring a consistent policy across all users in the
organization, or customized policies for groups within the organization.
Figure 9 Policy management – It is possible to create one or several polices and then deploy
to users, groups and/or entire ADs. The system comes with ready to go polcies created by
Cryptzone Professional Services team.
The SEP license management system makes it possible to add, remove and
exchange licenses between users, groups and active directories. Licenses can also
be issued on a temporary basis to external parties or consultants and then withdrawn
upon demand. Depending on which license the user profile has included, the client
will enable or disable the products dynamically.
Page 19
3.4.9 Central Password Management
Synchronizing user profiles to a SEP client also means giving access to secure groups,
secure channels and policy settings for passwords, which can be controlled through
policies. Users can use Window® Authentication or their SEP Password to access all
encrypted data. The SEP Management Console will manage user rights and access
to secured data using the infrastructure you already invested in – Active Directory. If
you don‟t have your own structure you can easily use the SEP Management Console
to create your own structure.
For a successful deployment of a security solution it is important that end users get the
right understanding on how to use the new security solution. The SEP solutions offer
centralized templates where it is possible for the administrator to customize end user
messages. The SEP solution also includes a multitude of different education tools.
Page 20
4 SEP Enterprise Deployment and Scaling
This section is aimed to give system administrators an overview of the SEP Enterprise
solution from a scalability and performance perspective. It discusses deployment
strategies, hardware recommendations, potential bottlenecks and how to overcome
them.
There are three main components to take into account when considering scaling for
SEP.
4.1.1 SEP Database
The SEP Database holds all the central information relating to SEP. This includes user
information, user profiles, licenses, groups, policies, security roles etc. It goes without
saying that it is the most critical part of SEP.
SEP Database runs on SQL Server 2000 or later and is supported for Express editions of
SQL Server as well.
SEP Server processes requests from SEP Client and is managed through SEP
Management Console. SEP Server also performs periodic synchronization with Active
Directory to keep the SEP Database up to date. The SEP Server uses the SEP Database
to store data.
SEP Server runs on .NET Framework 2.0 and is supported on all Windows versions
supporting .NET Framework 2.0.
SEP Clients provide functionality to the user and synchronize with the SEP Server in
intervals which are dependent on user action. A USB stick that is secured using
Secured eUSB also will act as a standalone client. It will connect to the server and
synchronize with the server independently from the SEP Client which was used to
secure the stick.
The Desktop SEP Client provides functionality to the user for all the SEP products and
performs profile synchronization with the SEP Server
The Secured eUSB client is a secured area on a USB memory device that is created
with the Secured eUSB product. It is used to protect the sensitive information on a USB
device. An endpoint refers to the SEP Client or to the Secured eUSB client throughout
this document.
Page 21
4.2 Scalability and Failover
The most common methods for SQL Server scaling are the following:
SQL Server Clustering involves clustering two or more servers on the same location
together as one database server, usually attached to the same SAN (Storage Area
Network) . This method provides both failover and load balancing possibilities. SQL
Server Clustering is suitable for use with the SEP Database.
SQL Server Mirroring makes it possible to create read only copies of a database in a
different location. This does not provide any load balancing possibility as the mirror
databases are read only, however it can be used for failover.
SQL Server Replication allows replicating a database against multiple regions and it
allows data to be updated in all replicates. However this requires data on the
database to be partitioned to avoid conflicts in the database. This is not supported
by default by the SEP Server, however can be achieved with a special configuration.
The SEP Server only performs business logic and does not store any kind of business
data. This makes it easily replaceable and scalable. An unlimited number of SEP
Servers can be setup to communicate against the same SEP database. Due to this,
we recommend that a SEP Server is installed for each region and that a fast line is
available to the central SEP Database from the servers.
SEP server also performs periodic synchronization against the Active Directory and
having each individual server to synchronize separately would be redundant. It is
enough to use one server as the synchronization server and let the other servers only
handle client requests.
SEP Management Console has large memory requirements when managing a server
with very large numbers of entities (100,000+). Although the Management Console is
highly optimized to work with large number of entities, it is recommended that it is run
from a machine with a lot of spare memory for managing a database with large
number of endpoints.
Page 22
4.3 Performance and Storage
In general, when not using Secured eUSB logging features, SEP Enterprise has
considerably lower database size requirements. A 4GB database, which is the
maximum size supported by SQL Server Express will be able to accommodate up to
5000 users.
Secured eUSB however requires more space as the number of devices grows. Log
files are kept indefinitely in the database until the device itself is deleted through the
management console. Even though log files are stored in compressed form, the size
will grow over time as more and more devices are added. There are considerations
to add options to be able to delete older log files automatically.
For more information about database size requirements, see the section on
databases in “Recommendations”.
There are three main areas where the server uses processing power:
a) Active Directory Synchronization: During this process, the server will retrieve a
copy of the remote AD and compare it with the locally stored copy. Any
changes detected in the remote AD will be reflected through database
updates to the local copy. Depending on AD size, this process can have large
memory requirements. The frequency of the synchronization can be
configured.
b) Processing client requests: The clients will ask to retrieve any changes to their
profile during synchronization to the server. The clients use “lazy
synchronization”, which means they will only synchronize when the user is
using the client. This means that synchronization won‟t happen during
Windows startup, for example.
Some possible cases where synchronization or contact with the server will
happen from the client:
c) Analyzing Secured eUSB logs: The Secured eUSB client will save its logs. After
the Secured eUSB logs are synchronized with the server; they‟re put on a
queue to be processed. The server will then build a list of changes since the
last revision of the stick.
Each log file contains information about the changes on the sticks. Changes
Page 23
on the stick are events such as deletion, copying, moving or editing of files.
Only the changes since the last synchronization will be sent to the server.
Bulk of the load on the SQL server will be during Active Directory synchronization and
SEP Client synchronization.
An Active Directory source is added and the server is synchronizing with the
directory. In this case, the information in the Active Directory will be imported
in to the database.
A secured eUSB client synchronizes its logs which will be saved and processed
in the database.
The SEP Server and Clients communicate through a compressed SSL stream, and as
such the bandwidth used for each synchronization is minimal.
The amount of data transferred for a simple client synchronization where there are no
changes in the user profile (the most common scenario) is around 3KB. Depending on
how often the client is used (see section Load on SEP Server), on average 5 to 10
synchronizations a day can be expected. Thus each client can be expected to use
around 15KB to 30KB of bandwidth on average per day.
A compressed secured eUSB log is on average 700 bytes. An active Secured eUSB
thus might log around 20 to 30 events a day, which will result in 14-21KB of logs being
transferred per Secured eUSB device each day.
The SEP Server performs a number of queries to the Active Directory during its
synchronization process. Depending on if partial synchronization or full
synchronization is selected, the SEP Server will query the various parts of the Active
Directory and retrieve objects such as Organizational Units, Users and Groups. The
synchronization interval can be configured to longer intervals (default is every 30
minutes) reduce the number of queries per day on the Active Directory.
For small directories, the synchronization takes seconds, for larger ones (100,000+
objects) it might take a few minutes. The first synchronization to Active Directory when
it is first added to the SEP Server always takes the longest.
Page 24
4.4 Deployment Strategies
For deployments of this size, a single SEP Server and a single SEP Database running on
an SQL database is sufficient. A single SEP server can handle as many endpoints (SEP
Client + Secured eUSB) as 50,000. The single SEP server will perform all the duties
including Active Directory synchronization and synchronization with the clients.
` `
SEP Clients
SEP Database
Page 25
4.4.2 Single Region / Small Medium Enterprise with Failover
In the cases where the operation of SEP Server is business critical, it is recommended
that there are two SEP Servers deployed for failover purposes. The SQL Server should
also have some failover capability, either through SQL Server Mirroring or Clustering.
In this case the clients would be configured to connect to a primary server and
secondary server in case the first one goes down. It is enough that only the primary
server performs synchronization with Active Directory.
Page 26
4.4.3 Multi Region / Large Enterprise
For very large number of users on multiple regions (50,000+), a different deployment
strategy is recommended. The recommended strategy is to use a SEP Server for each
region, combined with a common high performance clustered SQL Server. Each
region can also have other SEP Server for failover purposes, as in the Single Region
example. Only one of the SEP Server would be designated to synchronize with Active
Directory while the rest would only provide functionality for the clients.
` ` ` ` ` `
SEP Clients
SEP Clients SEP Clients
Page 27
4.5 Recommendations
An endpoint is either a SEP Client or a Secured eUSB device. The total number of
endpoints would be number of SEP Clients installed + number of Secured eUSB
devices.
In general, SEP Server‟s hardware and memory requirements depend on the number
of endpoints and size of the AD used. It is recommended for the servers that are
performing synchronization with very large Active Directories that the server has
plenty of free memory.
* 1 CPU unit is equivalent to a 1.5GHz single core Intel Xeon or Opteron processor.
SEP Server does not have any storage requirements outside of what is required to
install the software.
SEP server is supported on all 32 and 64-bit Windows versions that have support for
.NET Framework 2.0.
Page 28
4.5.3 Number of SEP Servers
In general, more than one SEP Server are only necessary if the operation of the SEP
Server is business critical or if there will be a very large number of endpoints. The SEP
Client is designed to be run offline and should operate very well in the conditions
where the SEP Server is not available.
For a company in multiple regions, the company can choose to have multiple SEP
Servers covering different regions for load balancing purposes and to avoid traffic
across different regions.
Each SEP Server has a limit on the number of simultaneous connections it can handle.
This limit controls the number of SEP Clients that can be connected to the server at
the same time. This option is configurable through the SEP Management Console. It is
calculated that at most 1% of the available endpoints will be connected to the server
at the same time.
Page 29
4.5.4 SQL Database
The SQL Database size is related to the number of user profiles stores on the server
and the number of eUSB endpoints that will be used actively by the users. Secured
eUSB log data is kept indefinitely in the database until the device is deleted. In that
case the log data will be wiped.
We have calculated the footprint of a single Secured eUSB log file on the database
to be around 512 bytes. An active eUSB device might be calculated to have around
20 events per day on average. For a single user this will result in 10KB of per day of
storage.
For storing eUSB log data for at least 3 years, we would recommend the following
minimum database sizes:
For Secured eUSB users that are using the logging features, SQL Server Express is not
recommended due to database size limits.
Page 30
4.6 Potential Bottlenecks
In a large Active Directory, if only a small portion of the users are going to be using
the SEP software, only parts of the AD should be synchronized to reduce the load on
the Active Directory and on the SEP Server. As more and more users are deployed,
the parts of Active Directory that are synchronized can be dynamically expanded.
It is possible in a company deploying Secured eUSB that not all the users need the
logging feature for Secured eUSB. It can easily be controlled through central policies
which parts of Active Directory will have logging enabled or disabled. Reducing the
number of users that use Secured eUSB logging will ease the requirements on the
server and database hardware.
Page 31
5 Summary
The intent of this document is to give the reader a thorough understanding of
Cryptzone‟s current Secured eMail Enterprise version, as well a view of our upcoming
release of v4.5 (Announced GA is spring 2010). The Secured eMail solution is today
used by over 1000 organizations helping them to keep sensitive and private data
secured.
Cryptzone´s approach is to create a solution that fits for any size of company. The
basis of Secured eMail is that the application creates an end to end – virtual channel
between the sender and the receiver. It doesn‟t matter how the recipient receives
their email – Outlook, Microsoft OWA, Gmail, Yahoo, Thunderbird – any method.
Most important is that our technology helps our customers to meet world wide
regulatory compliance of sensitive information laws as well as HIPAA Hitech, Sarbanes
Oxley, HIPAA, Payment Card Industry DSS standards, the EU Data Protection Directive
and GBLA. We use the strongest encryption method – AES 256 as well as system SKG,
which generates dynamic one time encryption keys for every email sent. It is virtually
impossible for somebody to hack your emails when they are secured. All the sender
has to do it simply press a button “send secured” and everything else is taken care of.
Who can access our mail servers and all the emails located on them?
In what region and country is the mail server located? Is personal information
stored in another country? What laws and regulations are then applied?
Who can access our archiving system and all emails stored there? What laws
and regulations are applied to emails containing sensitive information in an
archiving system?
How do we protect the locally stored email on laptops and desktops?
Is it ok that IT administrators can access sensitive information?
If it is ok that IT administrators access sensitive information do we make them
sign agreements of silence?
How do we track what users that have accessed unsecured sensitive
information?
Whatever the answers are to these very difficult questions, Cryptzone´s Secured eMail
application can protect an organizations sensitive data sent by email no matter its
location and restrict access to only the sender, the receiver and the organizations
most trusted information workers.
Page 32