SecuRmail Encryption

Overview

As new privacy laws and requirements are put in place, many companies are looking at adding encryption or upgrading their current encryption products. Most products on the market today are complex and resource-intensive, adding extra steps for users and requiring more time from employees and clients... time that is simply no longer available in today's tight economic environment. That is why businesses are increasingly turning to RPost’s Secu(R)mail™ encrypted email service. Not only does the service help protect them from newly expanded HIPAA enforcement reach and actions, but it is proven consistently to cut costs and improve client satisfaction.

RPost's SecuRmail™ service offers a unique combination of features, including:

» Straight-through encrypted delivery. No storage in the middle, click-throughs or downloads
» Legal Proof® records of compliance and transmission
» No end-user encryption keys; option to auto-deliver decryption passwords 
» One-click optional encrypted replies back to the sender

RPost has conducted extensive customer research to identify the most common pitfalls of encrypted email deployments. The SecuRmail service was designed with these issues in mind, resulting in a user-friendly solution that resolves all of these pitfalls and more.

Listed below are the top seven pitfalls to avoid: 

1. Avoid Store-and-Forward Systems. Most service providers store-and-forward the sender's data, with storage on web servers that replicate across the Internet "cloud" for high availability and low cost operations. Most users do not realize that this causes complexity when trying to control against HIPAA defined security breaches, with the customer ultimately liable for reporting breaches of their providers due to the expanded HIPAA enforcement rules enacted by Obama's "Stimulus Bill".

2. Retain Proof of Compliance. Most service providers do not provide a court-admissible record of the encrypted email transmission -- proving not only content and time sent and legally received, but also that the data transmitted was done so end-to-end encrypted.

3. Recipients Don't Click-through Links to Retrieve Email. Encrypted email senders have overwhelmingly concluded that services that require the recipient to click-through to a website to collect their email are virtually worthless.

4. Avoid Encryption Keys. Encryption schemes that require end-user digital keys to encrypt and decrypt generally are too complex -- for the sender to manage keys and for the receiver to install keys. Further, these systems don't work with many recipient web-based email programs.

5. Ensure Secure Feedback Loop. Without the ability for your recipient to easily reply "encrypted", you are losing half of the power and value of email communications. Don't force your recipient to revert to paper-based snail mail replies.

6. Ensure Legal Opinion of HIPAA Compliance. Don't trust your business reputation to easily made vendor claims of compliance. Require review of a written legal opinion that asserts HIPAA compliance.

7. Ensure Simplicity for End-Users. RPost provides the sender the option to auto-deliver to the recipient, the decryption password. This capability gives the recipient the assurance of a secure encrypted email delivery with the ease to decrypt that they require or desire.

 Read Product Update Announcement.

Sender's View

Step 1: Compose a new message and add any attachments.

Step 2: Press the "Send Registered" button on the compose page.
 
send registered

 

Step 3: When the Registered Email feature pop-up appears, select the sending feature "Secu(R)mail encryption", choose any password that you want the receiver to know in order to open the encrypted email and press "Send" on the pop-up.

NOTE: The password can be any number or letter combination.
 
registered email encryption 

Receiver's View

Step 1: (Optional) If this option was selected by the sender, the receiver of an encrypted Registered Email will first receive an email alert with the password for the encrypted mail.
 
 receivers view


Step 2:  Open the Registered Email with the viewing instructions.

registered email open

 

Step 3: Doubleclick on the 128-bit encrypted PDF attachment.

Step 4: Insert the opening password.
 
 password
 
Step 5: View the message and attachments. 

- Email body is in the body of the PDF
- Attachments are viewed by clicking the paperclip shortcut
- Reply securely by clicking top-right button
 
 reply securely

Comparison

Feature Standard Encrypted Email Service RPost’s SecuRmail™ Encrypted Email Service Benefit

How does receiver open message?

Standard "store-and-forward" systems require receiver to click on a link, set up an account, enter passwords, and download to retrieve the message

No links to click, accounts to create, or software to download for receiver. Straight-through 128-bit end-to-end encrypted delivery directly to the receiver’s inbox.
Advantage RPost
RPost is highly secure, available, practical and user-friendly service which leads to:
a) higher open rate by receiver
b) higher adoption rate by sender, reducing likelihood of a breach

 
Can the sender prove compliance? The sender may have problems proving compliance as they would need to re-assemble text server logs and prove chain of custody access to those logs, then associate encrypted content with the logs Auditable proof of compliance with encryption requirements on a message-by-message basis. Advantage RPost
RPost provides sender organization with proof that the information was transmitted in an encrypted manner to ensure sender is not fined in the case of a breach by the receiver.
How is password delivered? Sender and receiver have to manage end-user encryption keys or account log-in information to retrieve information Sender has option for auto-delivery of decryption passwords to receiver Advantage RPost
RPost service has lower cost, less complexity, and is more user-friendly
Is there an e-discovery process for password retrieval and decryption? Most systems may not save decryption passwords in a manner that is easily associated with the content, yet stored on separate systems as required under HIPAA rules Auto-delivery of master decryption password spreadsheet to company for retention on separate system than company’s retention of encrypted content embedded in Registered Receipt email Advantage RPost
RPost permits the sending organization to decrypt messages as required by courts when subject to litigation e-discovery
Is sender protected in case of dispute regarding the email? No legally verifiable proof of delivery, content or time of the message. Some 'open' tracking if the recipient goes through process to download encrypted information Legal Proof® records of delivery, content and time regardless of whether the receiver chooses to open the message

Advantage RPost
RPost eliminates denial of receipt and minimizes disputes about email content or timing
Can the receiver easily send back an encrypted reply? One-click optional encrypted replies back to sender One-click optional encrypted replies back to sender

Even
Both offer secure, encrypted communications loop between sender and receiver without any software or complexity for receiver
How is the service deployed? Some are deployed as software as  a service, some are deployed with appliances/hardware Deployed as software as a service

Even
Both are scalable and inexpensive to deploy with no hardware or server settings
Does it permit sending by policy? Includes filters for sending encrypted emails based on policies built-in Outbound mail filters available via RPost partners such as Sendmail

Even
Both have means to send email encrypted by policy via filtering rules

Final Score
RPost: 5 Standard: 0

See Animation