ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ZixCorp EMail Encryption

    Scheduled Pinned Locked Moved IT Discussion
    45 Posts 5 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Dashrender
      last edited by

      @Dashrender said in ZixCorp EMail Encryption:

      Most hospitals don't use major email systems (nor do clinics of any size).

      So are you saying....

      • That they run their own and secure it?
      • Are insecure and don't protect patient data?
      • Don't run their own email and use little mom and pop shops?
      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said in ZixCorp EMail Encryption:

        @scottalanmiller said in ZixCorp EMail Encryption:

        I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?

        Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.

        Didn't question that. I asked if you were running something to fix a problem that had not been identified.

        DashrenderD 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said in ZixCorp EMail Encryption:

          I can tell someone until I'm blue in the face, I can't force them to do anything about it.

          Doesn't change the base question... is there anyone out there to tell? I think not. Sounds fanciful to suggest that the hospitals that you are dealing with won't accept secure email. Are you really saying that they would block that? You honestly think that?

          DashrenderD 1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender @scottalanmiller
            last edited by

            @scottalanmiller said in ZixCorp EMail Encryption:

            @Dashrender said in ZixCorp EMail Encryption:

            @scottalanmiller said in ZixCorp EMail Encryption:

            I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?

            Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.

            Didn't question that. I asked if you were running something to fix a problem that had not been identified.

            I guess I don't understand the question -

            The problem as I see it is - HIPAA says you can't transmit PHI over an public connection unencrypted. Email is unencrypted by default. The use of TLS for email is probably 3 or so years old as a common thing. Google didn't even for the use of HTTPS for gmail at the beginning. So yes, there was a problem many years ago. Is it still a problem today? I have no clue.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender @scottalanmiller
              last edited by

              @scottalanmiller said in ZixCorp EMail Encryption:

              @Dashrender said in ZixCorp EMail Encryption:

              I can tell someone until I'm blue in the face, I can't force them to do anything about it.

              Doesn't change the base question... is there anyone out there to tell? I think not. Sounds fanciful to suggest that the hospitals that you are dealing with won't accept secure email. Are you really saying that they would block that? You honestly think that?

              OH, Now I didn't say that - I just said that they aren't using mainstream email services, like O365. At the hospital level, I'm sure they do accept TLS connections to receive email over. But the ones around here ARE using Zix to send outgoing secure email, instead of just turning all of their email server onto TLS only outbound email, which would be just as good, as long as the receiving side accepts TLS connections.

              I have no idea what percentage of email systems today don't accept TLS based email.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said in ZixCorp EMail Encryption:

                @scottalanmiller said in ZixCorp EMail Encryption:

                @Dashrender said in ZixCorp EMail Encryption:

                @scottalanmiller said in ZixCorp EMail Encryption:

                I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?

                Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.

                Didn't question that. I asked if you were running something to fix a problem that had not been identified.

                I guess I don't understand the question -

                The problem as I see it is - HIPAA says you can't transmit PHI over an public connection unencrypted. Email is unencrypted by default. The use of TLS for email is probably 3 or so years old as a common thing. Google didn't even for the use of HTTPS for gmail at the beginning. So yes, there was a problem many years ago. Is it still a problem today? I have no clue.

                TLS for email is pretty old. Google's HTTPS is a red herring.

                The assumption in the industry is that this problem does not exist today or for a while. Your use of Zix is predicated on a security problem that, while totally possible, seems almost implausible, at very least unlikely. All major email hosts and email platforms have this by default. Only a shop making an effort to disable security, a literal effort, would be expected to not have TLS long before today.

                DashrenderD 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said in ZixCorp EMail Encryption:

                  @scottalanmiller said in ZixCorp EMail Encryption:

                  @Dashrender said in ZixCorp EMail Encryption:

                  I can tell someone until I'm blue in the face, I can't force them to do anything about it.

                  Doesn't change the base question... is there anyone out there to tell? I think not. Sounds fanciful to suggest that the hospitals that you are dealing with won't accept secure email. Are you really saying that they would block that? You honestly think that?

                  OH, Now I didn't say that - I just said that they aren't using mainstream email services, like O365. At the hospital level, I'm sure they do accept TLS connections to receive email over. But the ones around here ARE using Zix to send outgoing secure email, instead of just turning all of their email server onto TLS only outbound email, which would be just as good, as long as the receiving side accepts TLS connections.

                  I have no idea what percentage of email systems today don't accept TLS based email.

                  THat they ARE using Zix, though, is a red herring, right? All that you care about is that they have TLS. If they do, you get to save that money. Zix is just there to duplicate what Exchange already does.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    Easy enough to find out...

                    https://www.checktls.com/perl/TestReceiver.pl

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @scottalanmiller
                      last edited by

                      @scottalanmiller said in ZixCorp EMail Encryption:

                      Easy enough to find out...

                      https://www.checktls.com/perl/TestReceiver.pl

                      nice, but that's not what I meant.. that only let's you test one at a time, or buy a subscription to still do it manually.

                      I mean, I wonder if someone has done a scan of the internet to see what percentage of email servers only allow non TLS enabled communications?

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said in ZixCorp EMail Encryption:

                        @Dashrender said in ZixCorp EMail Encryption:

                        @scottalanmiller said in ZixCorp EMail Encryption:

                        @Dashrender said in ZixCorp EMail Encryption:

                        @scottalanmiller said in ZixCorp EMail Encryption:

                        I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?

                        Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.

                        Didn't question that. I asked if you were running something to fix a problem that had not been identified.

                        I guess I don't understand the question -

                        The problem as I see it is - HIPAA says you can't transmit PHI over an public connection unencrypted. Email is unencrypted by default. The use of TLS for email is probably 3 or so years old as a common thing. Google didn't even for the use of HTTPS for gmail at the beginning. So yes, there was a problem many years ago. Is it still a problem today? I have no clue.

                        TLS for email is pretty old. Google's HTTPS is a red herring.

                        Yes I know it's a red herring - but it was an example of how long the technology has been there compared to when it was actually put into service.

                        The assumption in the industry is that this problem does not exist today or for a while. Your use of Zix is predicated on a security problem that, while totally possible, seems almost implausible, at very least unlikely. All major email hosts and email platforms have this by default. Only a shop making an effort to disable security, a literal effort, would be expected to not have TLS long before today.

                        Zix was deployed what it WAS a problem, when there was a 50/50 shot that someone might NOT have TLS enabled. and those customers just continue to use it.

                        scottalanmillerS 2 Replies Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender
                          last edited by

                          What needs to happen is email servers just need to move to a default of not sending unless TLS is enabled - you could have the email system then send a note back to the user who can then decide if they want it sent unencrypted or not.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @Dashrender
                            last edited by

                            @Dashrender said in ZixCorp EMail Encryption:

                            @scottalanmiller said in ZixCorp EMail Encryption:

                            Easy enough to find out...

                            https://www.checktls.com/perl/TestReceiver.pl

                            nice, but that's not what I meant.. that only let's you test one at a time, or buy a subscription to still do it manually.

                            I mean, I wonder if someone has done a scan of the internet to see what percentage of email servers only allow non TLS enabled communications?

                            That's useful too, I'd like to know. But for you personally, you can check your recipients this way to have an idea of how much Zix would be useful to you individually.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said in ZixCorp EMail Encryption:

                              What needs to happen is email servers just need to move to a default of not sending unless TLS is enabled - you could have the email system then send a note back to the user who can then decide if they want it sent unencrypted or not.

                              Could, but what's the point? Having it do it when available works perfectly for most people and only those with HIPAA requirements, like you, need to force it.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Dashrender
                                last edited by

                                @Dashrender said in ZixCorp EMail Encryption:

                                Google didn't even for the use of HTTPS for gmail at the beginning. So yes, there was a problem many years ago. Is it still a problem today? I have no clue.

                                TLS for email is pretty old. Google's HTTPS is a red herring.

                                Yes I know it's a red herring - but it was an example of how long the technology has been there compared to when it was actually put into service.

                                But it is an unrelated one. What does Google using HTTPS for a web interface have to do with the price of milk, or the security of email?

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Dashrender
                                  last edited by

                                  @Dashrender said in ZixCorp EMail Encryption:

                                  Zix was deployed what it WAS a problem, when there was a 50/50 shot that someone might NOT have TLS enabled. and those customers just continue to use it.

                                  Was it tested back then, or just assumed then as well? How long ago was that?

                                  1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender
                                    last edited by

                                    As you're well aware, many places buy things out of fear.

                                    I posted in the past about how Zix sales person actually threatened me when I refused to tell them what I was doing instead when I told them I wasn't buying their product. I would never buy their product unless required to do so by upper management, and even then only after they were fully aware of my disposition.

                                    scottalanmillerS 2 Replies Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @Dashrender said in ZixCorp EMail Encryption:

                                      As you're well aware, many places buy things out of fear.

                                      And fear leads to insecurity.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said in ZixCorp EMail Encryption:

                                        I posted in the past about how Zix sales person actually threatened me when I refused to tell them what I was doing instead when I told them I wasn't buying their product. I would never buy their product unless required to do so by upper management, and even then only after they were fully aware of my disposition.

                                        So you actually know that you have a threat in your midst. Healthy fear should make you ban them. Did he threaten you physically?

                                        They actually paid money to someone threatening you? That sounds like a huge HR nightmare.

                                        DashrenderD 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Well we definitely got to the info that we needed, Zix is a scam that is using extortion to push their product. Avoid at all costs!

                                          1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in ZixCorp EMail Encryption:

                                            @Dashrender said in ZixCorp EMail Encryption:

                                            I posted in the past about how Zix sales person actually threatened me when I refused to tell them what I was doing instead when I told them I wasn't buying their product. I would never buy their product unless required to do so by upper management, and even then only after they were fully aware of my disposition.

                                            So you actually know that you have a threat in your midst. Healthy fear should make you ban them. Did he threaten you physically?

                                            They actually paid money to someone threatening you? That sounds like a huge HR nightmare.

                                            He worded things just right to imply he's report us to whomever because we weren't using a HIPAA compliant solution - again, I think it was nothing more than a scare tactic to get me to sign up... hell Dell did the same thing with my SonicWall renewal - you're firewall will be back to 1998 levels, etc, etc, etc.. I told her to shut the hell up she had no clue what she was talking about and I wasn't going to accept her attempted scare tactics... while she didn't hang up on me.. the call was over quickly after that.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 3 / 3
                                            • First post
                                              Last post