Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 168
  • Last Modified:

secure external email with information rights management

We have a client requesting email protection to prohibit copying, printing, forwarding of message content for messages sent to external destinations. They are using a rights management solution that works only internal to their organization and want this protection for external mail as well.  

We understand this is a difficult problem and that there is no complete solution, ie no real protection against third-party screen captures, imaging devices, etc, .  We are simply hoping for some feedback on some of the better solutions or partial solutions for external email protection available  at this time.

Thank You,
kc
0
CGNET-TE
Asked:
CGNET-TE
  • 3
  • 3
  • 2
2 Solutions
 
Sean JacksonInformation Security AnalystCommented:
The best solution I would suggest would be to encrypt the messages before they're sent out, and then make sure the public keys are shared only with the intended recipient.  It's not possible to completely lock this down.
0
 
Dave BaldwinFixer of ProblemsCommented:
I don't think what they want is even possible much less available.  If they send a message to an email client that isn't controlled their software, then they can't prevent anything at all.  If you send me a message, you can't stop me from doing whatever I want with it because I'm not using your software.  

As a matter of fact, if you send me a message and then try to 'reach' into my computer to control what I do with it without my express permission, you have broken at least one and probably several federal laws.
0
 
CGNET-TEAuthor Commented:
I appreciate your comments and understand that the problem is impossible to solve.  What I’m hoping is to find a solution which will make the unwanted copying or forwarding of the content more difficult, enough, for instance, to protect from careless or unintentional forwarding of the data.  It might be a web-based solution, such that the intended recipient of the encrypted message can only open it from a secured portal which tracked the viewing as well as made the sharing of the content more difficult.  If anyone has had any experience with any of these kind of solutions, we would appreciate some feedback.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Sean JacksonInformation Security AnalystCommented:
We're trying to tell you there is no solution that will do what you're asking. Should I employ some supposed technique and send you an email, what could stop you from copying the data to another medium (text pad as the simplest example)? Once done, what would stop you from sending the data to whomever you wished? You wouldn't have to say it was from me, you could claim authorship.

What could make any of the above more difficult? If you can read it, you can do whatever you want. Even if there was something preventing the copying, you could do a screen shot. Or use a cell phone camera.

If you were to use a secured portal, and not email as the vehicle, again there is nothing that is preventing the reader from doing any of the above.

Again, the best I can suggest is to encrypt and try to control the sharing of the public keys. Perhaps change the keys often.  But still, if a third party has the keys, gets the message, once they decrypt it back to plain text, what's to stop them from sharing?
0
 
Dave BaldwinFixer of ProblemsCommented:
If you put it on my screen, I can copy it and you can't stop me.  Variations of this question have been asked many times before.  Nope.  Can't do that.
0
 
CGNET-TEAuthor Commented:
Thanks Sean and Dave.  I understand there's no stopping that kind of sharing.  To gain at least some minimal level of management of encrypted mail I'll suggest our client trial a couple of the document security services I've seen online.  I'll go ahead and close this case.
0
 
Sean JacksonInformation Security AnalystCommented:
Glad to help, CGNET-TE. Let me know if I can help with anything in the future.
0
 
CGNET-TEAuthor Commented:
Ok, thanks Sean
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now