ZixCorp EMail Encryption
-
@scottalanmiller said in ZixCorp EMail Encryption:
I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?
Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.
-
@Dashrender said in ZixCorp EMail Encryption:
Most hospitals don't use major email systems (nor do clinics of any size).
So are you saying....
- That they run their own and secure it?
- Are insecure and don't protect patient data?
- Don't run their own email and use little mom and pop shops?
-
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?
Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.
Didn't question that. I asked if you were running something to fix a problem that had not been identified.
-
@Dashrender said in ZixCorp EMail Encryption:
I can tell someone until I'm blue in the face, I can't force them to do anything about it.
Doesn't change the base question... is there anyone out there to tell? I think not. Sounds fanciful to suggest that the hospitals that you are dealing with won't accept secure email. Are you really saying that they would block that? You honestly think that?
-
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?
Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.
Didn't question that. I asked if you were running something to fix a problem that had not been identified.
I guess I don't understand the question -
The problem as I see it is - HIPAA says you can't transmit PHI over an public connection unencrypted. Email is unencrypted by default. The use of TLS for email is probably 3 or so years old as a common thing. Google didn't even for the use of HTTPS for gmail at the beginning. So yes, there was a problem many years ago. Is it still a problem today? I have no clue.
-
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
I can tell someone until I'm blue in the face, I can't force them to do anything about it.
Doesn't change the base question... is there anyone out there to tell? I think not. Sounds fanciful to suggest that the hospitals that you are dealing with won't accept secure email. Are you really saying that they would block that? You honestly think that?
OH, Now I didn't say that - I just said that they aren't using mainstream email services, like O365. At the hospital level, I'm sure they do accept TLS connections to receive email over. But the ones around here ARE using Zix to send outgoing secure email, instead of just turning all of their email server onto TLS only outbound email, which would be just as good, as long as the receiving side accepts TLS connections.
I have no idea what percentage of email systems today don't accept TLS based email.
-
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?
Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.
Didn't question that. I asked if you were running something to fix a problem that had not been identified.
I guess I don't understand the question -
The problem as I see it is - HIPAA says you can't transmit PHI over an public connection unencrypted. Email is unencrypted by default. The use of TLS for email is probably 3 or so years old as a common thing. Google didn't even for the use of HTTPS for gmail at the beginning. So yes, there was a problem many years ago. Is it still a problem today? I have no clue.
TLS for email is pretty old. Google's HTTPS is a red herring.
The assumption in the industry is that this problem does not exist today or for a while. Your use of Zix is predicated on a security problem that, while totally possible, seems almost implausible, at very least unlikely. All major email hosts and email platforms have this by default. Only a shop making an effort to disable security, a literal effort, would be expected to not have TLS long before today.
-
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
I can tell someone until I'm blue in the face, I can't force them to do anything about it.
Doesn't change the base question... is there anyone out there to tell? I think not. Sounds fanciful to suggest that the hospitals that you are dealing with won't accept secure email. Are you really saying that they would block that? You honestly think that?
OH, Now I didn't say that - I just said that they aren't using mainstream email services, like O365. At the hospital level, I'm sure they do accept TLS connections to receive email over. But the ones around here ARE using Zix to send outgoing secure email, instead of just turning all of their email server onto TLS only outbound email, which would be just as good, as long as the receiving side accepts TLS connections.
I have no idea what percentage of email systems today don't accept TLS based email.
THat they ARE using Zix, though, is a red herring, right? All that you care about is that they have TLS. If they do, you get to save that money. Zix is just there to duplicate what Exchange already does.
-
Easy enough to find out...
-
@scottalanmiller said in ZixCorp EMail Encryption:
Easy enough to find out...
nice, but that's not what I meant.. that only let's you test one at a time, or buy a subscription to still do it manually.
I mean, I wonder if someone has done a scan of the internet to see what percentage of email servers only allow non TLS enabled communications?
-
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?
Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.
Didn't question that. I asked if you were running something to fix a problem that had not been identified.
I guess I don't understand the question -
The problem as I see it is - HIPAA says you can't transmit PHI over an public connection unencrypted. Email is unencrypted by default. The use of TLS for email is probably 3 or so years old as a common thing. Google didn't even for the use of HTTPS for gmail at the beginning. So yes, there was a problem many years ago. Is it still a problem today? I have no clue.
TLS for email is pretty old. Google's HTTPS is a red herring.
Yes I know it's a red herring - but it was an example of how long the technology has been there compared to when it was actually put into service.
The assumption in the industry is that this problem does not exist today or for a while. Your use of Zix is predicated on a security problem that, while totally possible, seems almost implausible, at very least unlikely. All major email hosts and email platforms have this by default. Only a shop making an effort to disable security, a literal effort, would be expected to not have TLS long before today.
Zix was deployed what it WAS a problem, when there was a 50/50 shot that someone might NOT have TLS enabled. and those customers just continue to use it.
-
What needs to happen is email servers just need to move to a default of not sending unless TLS is enabled - you could have the email system then send a note back to the user who can then decide if they want it sent unencrypted or not.
-
@Dashrender said in ZixCorp EMail Encryption:
@scottalanmiller said in ZixCorp EMail Encryption:
Easy enough to find out...
nice, but that's not what I meant.. that only let's you test one at a time, or buy a subscription to still do it manually.
I mean, I wonder if someone has done a scan of the internet to see what percentage of email servers only allow non TLS enabled communications?
That's useful too, I'd like to know. But for you personally, you can check your recipients this way to have an idea of how much Zix would be useful to you individually.
-
@Dashrender said in ZixCorp EMail Encryption:
What needs to happen is email servers just need to move to a default of not sending unless TLS is enabled - you could have the email system then send a note back to the user who can then decide if they want it sent unencrypted or not.
Could, but what's the point? Having it do it when available works perfectly for most people and only those with HIPAA requirements, like you, need to force it.
-
@Dashrender said in ZixCorp EMail Encryption:
Google didn't even for the use of HTTPS for gmail at the beginning. So yes, there was a problem many years ago. Is it still a problem today? I have no clue.
TLS for email is pretty old. Google's HTTPS is a red herring.
Yes I know it's a red herring - but it was an example of how long the technology has been there compared to when it was actually put into service.
But it is an unrelated one. What does Google using HTTPS for a web interface have to do with the price of milk, or the security of email?
-
@Dashrender said in ZixCorp EMail Encryption:
Zix was deployed what it WAS a problem, when there was a 50/50 shot that someone might NOT have TLS enabled. and those customers just continue to use it.
Was it tested back then, or just assumed then as well? How long ago was that?
-
As you're well aware, many places buy things out of fear.
I posted in the past about how Zix sales person actually threatened me when I refused to tell them what I was doing instead when I told them I wasn't buying their product. I would never buy their product unless required to do so by upper management, and even then only after they were fully aware of my disposition.
-
@Dashrender said in ZixCorp EMail Encryption:
As you're well aware, many places buy things out of fear.
And fear leads to insecurity.
-
@Dashrender said in ZixCorp EMail Encryption:
I posted in the past about how Zix sales person actually threatened me when I refused to tell them what I was doing instead when I told them I wasn't buying their product. I would never buy their product unless required to do so by upper management, and even then only after they were fully aware of my disposition.
So you actually know that you have a threat in your midst. Healthy fear should make you ban them. Did he threaten you physically?
They actually paid money to someone threatening you? That sounds like a huge HR nightmare.
-
Well we definitely got to the info that we needed, Zix is a scam that is using extortion to push their product. Avoid at all costs!