Sending secure emails

I spent this week training on Fasoo’s Enterprise Digital Rights Management products.  Each product helps protect documents at rest, in transit and in use.  The last one is the most important since most organizations don’t know what happens to a document once it leaves their four walls.  The class had a great time trying to come up with real world scenarios to test out; we also tried to break things.

One scenario that most people can understand is sending a price list securely to a distributor.  To do this, I used Fasoo Secure Exchange (FSE).  This product has a plug-in for Outlook that let me package the price list with permissions and certain restrictions.  I created a normal email message in Outlook and attached the price list.  When I hit Send, a dialog box popped up asking me if I want to secure the attachment or body of the message.  I clicked Yes and selected a time that I want the price list to remain valid.  I picked one month from today.  By default the recipient can View the document; I could also let them edit or print it, if I want.  I clicked OK and that’s it.  The email sends a secured price list to my distributor; one of us had to play distributor for this to work.

When they received the email, they clicked on the attachment to open it.  They were prompted to download the DRM agent, if they didn’t have it.  It then prompted them to enter their email address to validate they are the intended recipient.   The agent communicated with the FSE server with validation credentials and sent an email to their email address.  They clicked on a link to complete the final validation and then opened the document.  This whole process took less than a minute.

If they try to open the price list after one month, they can’t do it, since it expires.  Of course everyone in the class tried to fake the system out by renaming the document or printing it to a PDF.  The system is too smart for that since it puts information into the document header that prevents those shenanigans.  We all thought this was a great tool to send secure, encrypted documents to customers and partners.  And if the recipient sends it to someone who is not on the original recipient list, that person can’t decrypt the document.  It becomes useless to them.

How do you ensure your documents are safe?



Leave a Reply