be Smart.
be Secure.
Phone: 800-441-6612

Next Generation Data Loss Prevention (DLP) with LuxSci Secure Email

Data Loss Prevention (DLP) describes a plan for companies to control the sending of sensitive data.  E.g. this can include controls to stop the flow of sensitive data or to ensure that sensitive data is always well-encrypted (for compliance) when sent.

In the context of email, DLP is usually achieved through the following formula:

  1. Construct a list of words, phrases, or patterns that, if they are present in an email, signify an email message that may contain sensitive information.
  2. Have all outbound email scanned for these words, phrases, or patterns
  3. For messages that match, take action:
    1. Block: Refuse to send the message, or
    2. Encrypt: Ensure that the message is encrypted
    3. Audit: (and maybe send a copy of the message to an “auditor”)

This classic DLP system is available through many email providers and has been available at LuxSci for many years as well. However, it does have a glaring limitation — no matter how complete and complex your DLP pattern list is, it is almost certain that some messages containing sensitive information will not quite match (or the information will be embedded in attachments that can’t be searched properly).  If they do not match, then they will escape in a way that may be considered a breach.

For example, consider a medical organization whose communications fall under the umbrella of HIPAA. With HIPAA, messages that contain sensitive information (ePHI) must be encrypted in transit from the sender to the recipient (of course — they must also only go to appropriate recipients… but that is a separate issue) and it is best if they can also be encrypted at rest.  Organizations seeking HIPAA compliance for email often “solve” this requirement by (a) allowing senders to manually “opt in” to encryption for sensitive messages and (b) setting up DLP lists to also automatically encrypt messages that seem to contain ePHI, but which the sender didn’t select encryption.

Unfortunately, if a message with ePHI doesn’t match your DLP list and is not actively “tagged” by the sender for encryption, then that message can go out insecurely and that is an automatic breach of HIPAA.

In the same way that standard “opt in” email encryption is too risky for compliance, relying on a DLP list to trigger encryption is also very risky.

The Better Solution for DLP is via Email Encryption

The problem for DLP via encryption is the same as the problem with standard “opt in” email encryption.  The choice is only between encryption vs no encryption (or encryption vs opportunistic/hopeful encryption).

At LuxSci, we believe that the solution should instead be between strong encryption and a basic level of standard encryption (e.g. enforced TLS Only).  That means that every message will be encrypted, at least with TLS (and for those unfortunate few recipients whose email providers still do not support TLS, another method will be used – Escrow).  Messages that are suspected of containing ePHI based on the fact that they match your DLP list will be encrypted using stronger encryption (PGP, S/MIME, or Escrow) which provides both transport and at rest encryption … AND will also be transmitted using TLS if possible.

From this arrangement, you get excellent protection for all sensitive messages.  You also get a basic but acceptable level of protection for all other messages … including messages that are ePHI but which fell through the cracks.

What does this mean?

It means that your risk of breach is significantly reduced with minimal impact on the usability of your secure email system.

LuxSci’s “Email Scanning” tool supports exactly this type of DLP email encryption:

  1. If you have Email Encryption enabled for your users with TLS Only delivery of email allowed, and
  2. You enable Email Content Scanning and provide a keyword/phrase/pattern list for DLP
  3. Then you can have a DLP-match disable use of “TLS Only” email encryption for that message … so that some other, stronger method will automatically be used

This can be combined with LuxSci’s next generation “Opt In” email encryption — where senders can include custom text in the message subject to similarly disable the simple “TLS Only” encryption option on a per-message basis.

Move on from the risk of the old way of Data Loss Prevention to LuxSci’s next generation method of “encrypt everything — but encrypt sensitive information more”.

 Try LuxSci Free.

Comments are closed.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries