Category: Customer Experience

16 Nov 2018
TLS encrypted delivery

Is TLS good enough for secure email?

When it comes to collecting sensitive customer data, you simply cannot afford to take any chances. Your customers trust you and you need to protect them – and their most-personal details. But, while protecting your digital perimeter is important, your organization also needs to ensure sensitive data stays secure during transit.

One way to do this is to leverage a TLS encryption solution. But what exactly is TLS? How does it work? And when is it good enough for secure email?

Here’s what you need to know about TLS:

What is TLS?

In layman’s terms, TLS, short for ‘Transport Layer Security, is a method of encrypting the connection between two parties communicating over the Internet – think of an encrypted tunnel. TLS can be applied to email to prevent unwanted eyes from viewing messages in transit – or from accessing data transmitted between a user and a website. The ease of this type of message encryption makes it one of the more popular types of delivery methods.

When is more message security needed?

TLS is one of the most primary and simple methods of delivering secure messages. But is it secure enough? It depends – you tell us.

Do you have access to alternative encryption methods if a TLS connection is not available? What exactly are your security needs? Are you worried about third-parties, like Google via Gmail, scanning your correspondence? Are you worried about man-in-the-middle attacks, where a secure connection is compromised? These are just a few of the questions you need to address when determining whether TLS is secure enough for you.

How do you get more message security?

While regular TLS-encrypted messages do have their benefits, this delivery method doesn’t always meet every one of your customers’ needs. That’s why Echoworx OneWorld goes further, automatically offering more encryption delivery methods. OneWorld also offers flexibility within the TLS environment – with the ability to create specific policies for using TLS and branded email footers highlighting that a message was delivered securely.

Are there secure alternatives to TLS?

In instances where TLS is not desireable you need to have other options – to ensure no message goes out unencrypted or to a compromised environment. And there are a variety of other secure delivery options available, from public key encryption methods, like S/MIME and PGP, to Secure Web Portals.

Echoworx’s OneWorld encryption platform offers all these options, as well as encrypted attachments. And, since OneWorld checks to see if TLS is available before transit, sensitive messages are never sent unencrypted.

See more secure message delivery methods.

By Christian Peel, VP Engineering, Echoworx

09 Nov 2018
Encryption shouldnt be cryptic

Encryption Shouldn’t Be a Cryptic Experience!

Encryption, encryption and more encryption – the security buzz word on the tip of everyone’s tongue. In an increasingly treacherous digital landscape, protecting your data with airtight algorithms seems like a logical strategy, yes?


But making the decision to encrypt confidential emails that are leaving your secure network is about more than just encryption.  The algorithms are not the differentiator when comparing various secure email solutions.  You can find 2048-bit RSA encryption, 256-bit AES encryption, in SHA2 signatures in almost all modern security products.

The component of the solution that does the encryption and decryption is (most of the time at least) solid and predictable.  But sitting on top of that core security is the more interesting topic.  Controlling which emails need encryption, the different types of delivery, the simplicity of registration, the look and feel (known as “branding”) of the emails and web site, are the real differentiators of a 1st class secure email solution.

As Director of Client Engagement at Echoworx, a recognized leader in secure digital communication, it is my job to help enterprise-level organizations understand how email encryption fits into their business model. And for me, this starts with helping them create a seamless end-to-end experience for their clients.

When I work with a new enterprise, a little time is always necessary to cover the basic security aspects of the platform.  However, you may be surprised to learn that much more time is spent on fine-tuning the customer experience to align with the enterprises goals and expectations.  Secure email becomes an integral part of the communications strategy for the entire business.  It needs to look authentic, and use phrases and terminology that match the company’s web site and advertising.

Also important to consider is how varied the recipients of secure email will be.  A grandmother at home with minimal computer experience who needs everything explained in detail, versus a tech-savvy millennial that expects efficiency and automation.  The same secure email experience is used for both, so it had better not alienate anyone!

Your clients are unique, but they all need to trust you with their most personal data, and they will leave you if you lose it. A recent Echoworx survey, for example, found a full 80 per cent of customers consider leaving a brand after a data breach. That’s no small figure.

So how do we achieve this perfect blend of secure email that is still easy to read and send?

For the employees of your company, they don’t want any extra steps or separate systems.  If it’s inconvenient, they won’t use it.  Fortunately, your corporate network is already secure with firewalls, access controls, and native security in your mail server.  So let the encryption happen as the email is about to leave your network (commonly called the “gateway” or “boundary”).

It is the recipient who needs to work with the encrypted version of that email, and the best way to make them happy is to send it in the format they understand. A business partner should receive transparent encryption (called TLS); while a customer receiving a monthly statement should have a secure PDF attachment.  A European bank may demand PGP emails since the employees have PGP software running on their desktops.  The secure email platform should figure this out based on policies you define during initial customization of the service.

If you’re doing business internationally, you also want to be aware of local jurisdictional laws and regulations. In our post-GDPR world, you know where and how you store your clients’ data matters. But don’t forget to consider how your communications will reach people in many non-English speaking countries.  Here’s another example of that usability layer that lives above the actual encryption.

You want your clients to feel at home with you and comfortable sending sensitive information through encrypted channels. A confused customer is likely to second guess the validity of a secure message and may be more susceptible to scams. Investing in data privacy is not only good for your brand – it’s good customer service.

When done right, it’s “plain and simple!”

By Sarah Happé, Director of Client Engagement, Echoworx

25 Oct 2018
Moving PGP to the cloud

Moving Your PGP to the Cloud? Here’s What You Need to Know

Is PGP encryption part of your secure messaging strategy? Are you currently hosting this system on-premise? Ever thought about moving your PGP email encryption to the cloud? It may sound daunting, but, with the right tools and services, moving to the cloud is an investment to consider for you and your customers.

An on-premise PGP system is resource intensive, and requires software installed on your workstation and servers. The demand on your IT department can be considerable – migrating it to the cloud can take a lot of strain off your staff.

Here are a few points to consider if you are thinking of making the move:

Email encryption should be more than just adequate

We have a responsibility to protect the sensitive messages that we send, and we need to do it in a way that doesn’t get in the way of doing business.

An effective email encryption solution has five main qualities:

  • It is easy to implement
  • It can scale to keep up with growing demands and sudden bursts in email volumes
  • It is feature rich, standards-based and current, supporting encryption technologies widely used today
  • It is jurisdictionally aware, so messages sent from the EU, for example, aren’t stored in or sent through the U.S. or other jurisdictions which might compromise compliance with GDPR rules
  • It is operated securely by a trusted vendor which is dedicated to security

Legacy systems shouldn’t stop you moving to the cloud

Moving an on-premise PGP system to the cloud is not only possible, these legacy systems can actually be migrated without disruption, a critical business consideration if your organization sends large numbers of secure messages daily. And you gain access to additional secure delivery methods, like the ability to send messages via web portal, and additional features, like the ability to custom brand encrypted messages.

Key management without the management

According to the thirteenth encryption study commissioned by Thales to the Ponemon Institute, key management continues to be a major pain-point for 57 per cent of organizations. And many of these organizations report they continue to manually manage their key process. This is not a new stat. In fact, key management has remained a consistent pain-point year over year! Moving to the cloud allows you to simplify your key management process – and automate it.

Why use Security as a Service?

In today’s climate, businesses must scale quickly to meet everchanging demands. Security threats are always evolving, and technology continues to transform at a rapid pace. New developments such as mobile computing, the Internet of Things, Software as a Service and Infrastructure as a Service are leading to fundamental changes in the way businesses operate.

Working with a cloud Security as a Service provider can bring many benefits. Sheila Jordan, CIO at Symantec, for example, points out that while IT and technology investments can be used to operate and grow a company, the list of tasks to be performed will always be greater than the resources and funds available. IT is often seen as an easy place to cut costs, and in response, CIOs “must prioritize the demands that most directly affect the profitability and financial goals of the company.” CIOs are responsible not only for protecting data, but also for helping companies use that data to generate actionable insights. Moving to the cloud lets organizations track and report in real time.[1]

Thinking about Security as a Service? Here are some questions to consider:

  • What is your risk profile?
  • Is there a specific crisis you’re responding to?
  • Do you have a clear plan in place?


Once the decision to move to the cloud has been made, choose your vendor carefully. Don’t look for a single point solution: if you do, you might find that the solution you’ve chosen has quickly become obsolete or is not the sole focus of a bigger product. Look to your new partner to educate and train your teams and guide your company through the process. Most importantly, get to know the team you’ll be working with, as good relationships can make the difference when dealing with a crisis.

Sheila Jordan from Symantec puts it best: “When you work with a partner that understands your business and where you are headed, they can offer global support and solutions that will grow with your organization. The right partners will always be customer-focused, doing everything in their power to drive your company forward.”

See how easy it is to migrate your PGP to the cloud.

By Christian Peel, VP Engineering, Echoworx


[1] Sheila Jordan, “Security as a Service,” in Canadian Cybersecurity 2018: An Anthology of CIO/CISO Enterprise-Level Perspectives, ed. Ajay K. Sood (Toronto: CLX Forum, 2018), 23-45.

12 Jun 2018
privacy protection

One Hot Mess: Encryption, Dating and the Betterment of Privacy Protection

Would you feel comfortable sending personal information over email without encryption? Feel shy answering ‘Yes?’ You’re not alone. In fact, nearly 50 per cent of people choose to share sensitive personal information online. And our trust on the people and companies we send them to is often taken for granted.

You might be surprised to learn just how exposed your customers really are.

In a recent survey of IT professionals and IT decision-makers, conducted by Echoworx, a clear vein of importance attributed to encryption emerged, with 75 per cent of respondents answering ‘yes’ to whether their organization has an encryption strategy. But, as less than half these same respondents answered in the affirmative that their organizations are indeed using encryption extensively, the actual application of it is questionable.

In other words: That personal information your customers are providing to a whole motley crew of banks, healthcare professionals and government bodies? There’s a chance their recipients, who might even be your own staff, are storing it unfiltered, accessible, and unprotected on their servers.

Barriers that are Preventing More Extensive Use of EncryptionShocking, right?

To help understand the other side of the coin, we posed questions to consumers on their willingness to provide personal information both digitally and on first dates. The results were startling – with respondents more than willing to provide personal info, from their full name to their SIN card in both situations.

Encryption is hot infograph
What the findings from our Encryption Survey reveal
about our perspective on data privacy. Learn more.

So what?

When blended together, we are left with two narratives telling a tale of two cities. And it’s messy, but not as cryptic as it seems. Rather there appears to be more a disconnect between our willingness to adopt encryption and our actual application of it in our working lives.

Over half the IT professionals surveyed, for example, responded favourably to adopting encryption – outlining the privacy technology as very important or crucial to their organizations. And nearly three quarters of this group indicated that are actively building encryption strategies. Seems progressive?

And then the reality hits: only half of them are in it for the betterment of information privacy. The other half, almost a clear-cut 50 per cent, admit they advocate for encryption to satisfy privacy regulations and avoid expensive breaches – not because they are actually concerned about protecting sensitive customer data.

The lack of enthusiasm for encryption application permeates through their entire organizations – with only 40 per cent of organizations using their existing encryption technology extensively. And the area they do emphasize encryption, in external communications, is seemingly not enough given that many organizations are now moving their email servers to the cloud – which makes even internal communications external in nature.

And yet customers continue to trust you without encryption

While three quarters of customers know what encryption means and why it exists, 45 per cent of them continue to send personal details via open email – and they put a lot of trust into the people they send them to. Take the safety of an email, for example. Despite the rise in spear phishing, and other email-related attacks mining for personal data, the average person evaluates the safety of an email in under thirty seconds.

Would you give up your personal data to someone in the street in under 30 seconds? Sounds crazy, but according to survey data, the average person might. Did you know, for example, that nearly a quarter of people are likely to share their real birth date, email address, full name and phone number on the first date? And these concerning figures are even more pronounced with men – 12 per cent of whom are just as likely to disclose their SIN card number on a first date as they are to brag about their salary.

And it doesn’t stop there.

When it comes to online forms, over three quarters of your customers admit to providing sensitive personal information. And, considering they take half a minute to inspect the safety of an online form, the amount of details they provide is startling.

Did you know, for example, that over 10 per cent of your customers are comfortable providing their bank PIN number through an online form? Or that a further 34 per cent of them have given their SIN card number? And that a small, but more trusting, 5 per cent willingly disclose their passport number when prompted by faceless forms?

But, at the end of the day, why does this matter to your business?

Data breaches are expensive messes to clean up and they happen more often than you think – with nearly a quarter of people admitting to having had their personal information stolen. In addition to massive fines pushing into the tens of millions of dollars, and drawn out class action lawsuits, a high-profile breach can cause irreparable damage to your brand trust.

Providing your customers and employees with a concise yet complex high-performing encryption solution can help alleviate some privacy woes in your organization – especially for mobile. Newer encryption platforms integrate easily with existing IT systems and offer multiple flexible methods of protecting information in transit.

In summary, encryption matters, and IT professionals get this – even if their reasons lie primarily in the bottom line of compliancy. But actually applying encryption throughout your organization is a different issue altogether and relies on making your privacy process more streamlined and less of a hassle for users. But the payoffs of preparing for privacy are huge – and your efforts will be noticed.

Check out some of the creative ways organizations are using our Echoworx OneWorld encryption platform to help ensure the safe transit of everything from bulk delivery of millions of e-statements to sensitive onboarding documents for new clients. The proactive applications of encryption are endless, and can be automated, for when your employees’ behaviour can’t be.

By Nicholas Sawarna, ‎Sr. Content Marketing Specialist, Echoworx

23 Nov 2017
Echoworx | Email Encryption Solutions | Trust Me: Be the Good Bank 2

Trust Me: Be the Good Bank

Hey banks, millennials have trust issues. Yup, these sophisticated, well-travelled, highly educated people have conflicted relationships with personal information.

A new OnePoll survey commissioned by Echoworx revealed that millennials are more careful with romantic partners than they are with financial institutions. Almost 50 percent of respondents age 18 to 35 would not give a partner their home address until after at least five dates. Yet, 56 percent had shared sensitive information by email with their bankers and brokers, not realizing that email can be easily hacked and sifted to steal identities and key information. And not to put too fine a point on it, but less than 60 percent of the surveyed millennials could accurately define “encryption.”

All of your customers expect you to treat them well, so your ability to make them trust you lies in how well you do it. And a big part of that is having strong cybersecurity so they don’t have to worry about having their data lost or stolen.

Information culture shift

Millennials’ contradictions around personal information make sense when you think about how human interactions have changed. Today, dating isn’t only about meeting someone through hobbies, work or friends – you can do it through apps, too. But with apps, the community relationships aren’t there, so millennials are naturally careful about revealing their home addresses. On the other hand, they’re so used to the continued refinement of tech, especially in business, that they trust it to work for them.

People born in the 1980s and ‘90s grew up as handheld devices morphed into the multimedia portals that they are now. They take digital convenience for granted in the same way they take their own hands and feet for granted, and because of that, they don’t have their parents’ suspicion of devices and software. But they also don’t have the media-savviness of the generation following them, who started learning about privacy and internet safety as early as grade school.

The good, the bad and the non-committal

Millennials expect financial institutions to integrate their processes seamlessly into mobile, and that’s created a classic battle between good and evil.

On the evil side, there are people doing whatever they can to steal information. On the good side are businesses who use the highest security protocols in all their communications. But between good and evil, you’ll find others who are simply hoping they won’t get burned when things go wrong.

Millennials are now your primary workforce and client base, and the bad side will exploit every opportunity you leave open. All workplace communications are targets, so strong encryption is critical for front-lines, back-end and all internal media tools.

Business relationships, like romantic relationships, thrive on trust, and it’s much harder to rebuild than it is to behave responsibly from the get-go. Be the good side –secure communications, encrypt everything at the highest level, and don’t ever ask for info through unsecured email or apps.

22 Aug 2017
Echoworx | Email Encryption Solutions | Method-Agnostic Encryption Delivery

Method-Agnostic Encryption Delivery

Encryption until very recently was considered as a niche market with an inconsequential prospect to emerge as a global industry. There was a time when small and medium-sized data security service providers around the world started using homegrown cryptographic systems to encrypt emails and secure vulnerable information. As more solution providers surfaced with varied styles of cryptographic systems, the data security space began to clutter, causing incongruity in encryption delivery formats and user interfaces even within the same organization. Comprehending this predicament early, and looking to break siloed cryptographic systems, Echoworx developed OneWorld, a method-agnostic email encryption platform designed to decipher the unique encryption requirements of a company and offer an appropriate solution.

What sets OneWorld apart from its peers in the market, is its flexible delivery approach for policy-based encryption. The platform can automatically utilize up to six push encryption methods (TLS, PGP, S/MIME, Encrypted PDF, and Encrypted ZIP) or web portal pull encryption method based on the sensitivity of the content. OneWorld allows administrators to effortlessly define and facilitate email policies to reduce the risk of data loss. “We don’t believe in maintaining a particular style of encryption, and our flexible platform intelligently deciphers the requirements of the clients and molds itself to suit their specific needs,” says Mike Ginsberg, CEO of Echoworx. The firm has penetrated deep into the dynamics of the software to build a platform that is agnostic to any particular style or delivery method.

Ginsberg explains how a top global banking institution found it cumbersome to support multiple data security service platforms to achieve different encryption delivery methods in their enterprise. The diversity of UIs and UXs coming from the various providers also brought inconsistency to the overall standard of the financial institution. More so, the legacy solutions were capable of encrypting only an approximate 1.5 million messages a month. After implementing Echoworx’s OneWorld, the bank instantaneously stepped up their delivery to 100,000 encryptions in less than an hour. Echoworx’s global presence also helped the banking institution to provide the solution in 22 different languages to suit their customers’ specific needs.

When it comes to data protection, however, the tenets go far beyond just providing a software solution; an organization has to ensure that the software complies with the data protection laws or the privacy legislation system of the country it is operating under. To ensure protection from territorial leakage of sensitive information, such as financial statements, credit card data, or personal information, Echoworx has set up multiple data centers in various geographic locations worldwide. “When we started working for a bank in Mexico, the client made it clear that none of their data should leave the periphery of the country, and hence we had to establish a data center in that location,” states Ginsberg. Likewise, Echoworx has two data centers in Canada, one each in the U.S. and UK, and two facilities in Dublin. The firm’s SaaS solution can easily migrate databases to another data center, making it possible to setup in any geographic location in a very short deadline. With the help of Echoworx’s global cloud solutions, one of the world’s largest insurers was able to start its operation in a ne w country overnight.

Echoworx has plans to add authentication services, such as biometric scanning, face and voice recognition, etc. to its suite of offerings in the future. Apart from product expansion, the firm has sights to expand geographically to Asia within 12 months. Echoworx has already established substantial grounds for encryption in the banking and healthcare industries and intends to broaden its horizon to include the airline industry in the years to come.

In fact, Echoworx was selected by CIOReview as one of this year’s Top 20 Most Promising
Banking Technology Solutions Providers

“We are glad to announce Echoworx in our annual ranking list of 20 Most Promising Banking Technology Solution Providers 2017,” said Jeevan George, Managing Editor of CIOReview  “The company’s encryption platform is designed to address the diverse secure communication requirements of the banking and financial services industry.

Echoworx will be demonstrating it’s solution to the industry in Miami, Florida – at the largest Latin America technology and innovation event – the 17th Annual CL@B 2017 Conference. You can get the details here:

This article originally appeared in CIOReview Banking Technology Special

16 Jun 2017
Echoworx | Email Encryption Solutions | If You’re Not the Customer, You’re the Product

If You’re Not the Customer, You’re the Product

Does anybody actually care?!

Last month, we had the chance to speak with security and privacy expert Bruce Schneier on mass surveillance and the hidden battles happening behind the scenes to collect our data  …  all kinds of data!

Wasting no time, Bruce jump started the conversation reminding us all that everything we do that involves a computer, creates a transactional record of what we did.  And I do mean ‘everything’ . Browsing the Internet, carrying a cellphone, making a purchase, using any IoT sensor, or passing a security camera creates data about us. Any socializing we do online – phone calls, emails, text messages, online chats, creates data about us.

A lot of this data that’s being produced and stored is called metadata, basically it’s data about the data. Bruce’s explanation really put it into context for me: I make a cellphone call – the data would be the conversation that we’re having and the metadata would be my cell number, your cell number, the date, time, duration, and location of our call.

Following is a teaser of part one of our thought provoking discussion on:
The Business of Surveillance.

In many contexts, metadata is actually much more important than conversation data. Metadata tracks our relationships and associations, it captures what we’re interested in, what’s important to us – metadata reveals who we are. As Bruce so vividly pointed out, we’re living under constant surveillance and this surveillance is incidental. It’s a side effect of using all those computerized services that we have become so dependent on. It’s covert.

When we browse the internet, we don’t see the dozens of companies silently tracking us. It’s not like there are 12 people behind us looking over our shoulder. We don’t see the cookies. We don’t see most of the security cameras. It’s hard to avoid them because we have to use things like a credit card, we have to have an email address. Sure we can choose to not have a GMail account if we don’t want Google to store all of our emails but Google would still get our email because while we don’t use GMail somebody else that we know does. It’s what Bruce called ubiquitous surveillance. What makes ubiquitous surveillance different – why should we care? Here’s a great example. It’s not follow that car- it’s follow every car. And when you can follow every car, there are things you can now do that you couldn’t have done otherwise.

What was most interesting to me is that, this data, is also collected and used by corporations of all sizes. There are corporate systems built to basically spy on us in exchange for our services. How and why did this come about? Blame it on the Internet. With no obvious way for companies to charge for the many things on the Internet and people expecting the Internet to be free, advertising as a business model was all that remained. All this data web sites collect on us is sliced and diced by agencies into small targeted segments that companies can then buy and use at a premium price

Remember the title of this : If you’re not the customer, you’re the product. So I ask, “do you care?”

17 May 2017
Echoworx | Email Encryption Solutions | Healthcare Security in Critical Condition

Healthcare Security in Critical Condition

Are healthcare organizations more vulnerable to data breaches than other industries?

Healthcare organizations (69 percent) and their third-party business associate (BA) partners (63 percent) certainly seem to feel they have a target on their backs, according to Ponemon’s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data.  However, knowledge hasn’t necessarily led to preventative action in many healthcare firms or the BAs that support them. Data breaches in healthcare continue to put patient data at risk and are becoming increasingly costly and frequent. According to Ponemon estimates, data breaches could have already costed the healthcare industry $6.2 billion.

Patients at risk for financial identity theft

While many of the breaches reported by survey respondents were small, containing fewer than 500 records, nearly 90 percent of healthcare organizations taking part in the study reported they were victim to a data breach over the past two years, and 45 percent had more than five data breaches during that same period. Ponemon estimates that the average cost of a data breach for healthcare organizations over the past two years was more than $2.2 million, while the costs to BAs was more than $1 million. The top stolen files: medical files, billing and insurance records, and payment details, putting patients not only at risk for exposing personal details, but also for financial identity theft.

Employee negligence, cause for concern

What’s evident from the data is that employee negligence and mishandling of sensitive patient data is still a huge cause for concern; according to Verizon’s Data Breach Digest, 23 percent of data beaches reported in healthcare are from inside privilege and misuses. In the Ponemon report, 69 percent of health organization respondents cited “negligent or careless employees” as the type of security incident that worries them the most, compared with 45 percent for cyber attackers and 30 percent for insecure mobile devices.

At BAs, negligent or careless employees was cited by 53 percent of respondents as their most feared security incident. Healthcare organizations may be overly worried, as only 36 percent of healthcare organizations named unintentional employee action as a breach cause.  However, the numbers aligned as well for BAs, as 55 percent of BAs named unintentional employee action as a breach cause.

Health data, least encrypted

According to a second report from Ponemon and Thales, which tracked extensive usage of encryption solutions for 10 industry sectors over three years, healthcare and pharmaceutical organizations have seen the largest jump in use of encryption solutions, with 40 percent of organizations now reporting encryption use. However, the same report also shows that the least likely data type organizations overall encrypt (at 21 percent) is health-related information, quite a surprising result given the regulatory requirements, sensitivity of the data, and the recent high-profile data breaches in healthcare.

Fingers point to funding and resources

Despite the increased frequency of breaches, and the rising costs to deal with the aftermath, half of these organizations still feel they lack the funding and resources to manage data breaches. The intent is there, as most companies have reevaluated their security practices and have implemented policies and procedures designed to curtail breaches. Those practices—however well intentioned—seem to be doing little to stop breaches from occurring.

For many organizations, it comes down to budget restraints; the majority of both healthcare organizations and BAs feel their organization:

  • Has not invested in the technologies necessary to mitigate a data breach
  • Has not hired enough skilled IT security practitioners
  • Has not adequately funded or provided resources for the incident response process

Healthcare organizations report budgets have decreased since last year (10 percent of respondents) or stayed the same (52 percent). The scenario is similar for BAs: 11 percent reported decreases and 50 percent the budget stayed the same.

Healthcare security is in critical condition

Based on these reports, healthcare security is in critical condition. Breaches are happening frequently and are costing both healthcare organizations and BAs more. According to the Ponemon report, accountability for the data breach incident response process is dispersed throughout the organization, however, both healthcare organizations (30 percent) and business associates (41 percent) say IT is the function most accountable for the data breach response process. But who is responsible for stopping these breaches before a response is required?

CIOs and CISOs need to continue to push the envelope in their organization on breach prevention, escalating it to become a key business priority. They can start by putting their policies and procedures under a microscope, and locating where the black hole is when it comes to putting those policies and procedures into practice with employees. The next step is investing in encryption technology to prevent breaches, not just in insurance policies for when they occur.


By Chris Peel, ‎VP Customer Engineering, Echoworx

16 May 2017
Echoworx | Email Encryption Solutions | What Role Does Privacy Play in Your Digital Transformation Strategy?

What Role Does Privacy Play in Your Digital Transformation Strategy?

If you are a senior leader in an organization, I am sure you have been asked the question – “What is your digital strategy?” You may also be getting tired of people telling you that new market entrants (especially millennials) are disrupting traditional business models and are forcing you to redefine the end to end customer experience. And here is another good one- “Have you hired a digital transformation executive yet?”  While I make light of all the digital hype, this transformation is not a joke – it is a survival necessity.

In my view, there are two approaches that an organization can take to modernize digitally – ‘internal business process out’ or ‘customer experience in.’ While it is beneficial to do both, prioritizing one is pragmatic. If you are one of those esteemed organizations which have prioritized their digital presence around customer experience, you must have thought how you can protect the privacy of your customers or you are thinking about it right now.

Tracking and analyzing customer data and behaviour is a vital part of any digital strategy. It reveals possible opportunities by providing customer experience insights and helps maintain rapport with your client base. You can obtain information about your customers from many sources apart from the traditional online or mobile interaction. You can collect sensor data from homes, cars, wearables, and potentially implants as well.  But how will this data be used?  Will it be shared?  I am going to assume that customer data will be shared within and outside the organization- be it driving patterns tracked by P&C Insurance companies, health data procured by Life Insurance Companies and investment patterns followed by Wealth Management firms. Currently, the easiest way to communicate or share information is to use existing and familiar tools such as email or text messaging applications. When using these applications to send/share customer information, how are you ensuring it is kept confidential? I will come back to this later, but first, let’s consider the consequences of leaked client information and the possible opportunities that exist if customer privacy is properly managed.

Making privacy, priority

As customer interaction with organizations becomes more digital, the risk of sensitive information ending up in the wrong hands has dramatically increased.  We have seen a myriad of brand names in the news around privacy breaches where customer information was compromised. What does this do to the relationship you have with your customers that are affected, as well as prospective clients?  When confidence is lost between an organization and its customers, there is a direct negative impact on profitability and reputation. Alternatively, if your customers understand that you are making their privacy a top priority, there is a new level of affinity resulting and in turn a positive impact on profitability can be realized. A reliable relationship makes it much easier to increase one’s wallet share of existing customers and capture new customers through word of mouth – I’m showing my age – I should have said through social media!

Let’s come back to the question of how to ensure that customer data stays confidential when sending this information with traditional communication tools.  Most tech savvy people would say “that’s easy – encrypt it.”  The problem is, it’s not easy. We face complex interaction between user experience, manageable infrastructure, and security. If you are a large organization, consider the myriad of encryption delivery methods- TLS, SMIME, PGP, Portal, ZIP, PDF and the list goes on. Each method has its own value depending on the use. Also, the recipients you are communicating to and the local privacy standards must be taken into account. Alas, it’s tough to simplify your infrastructure when dealing with the multiple flavours of encryption delivery alternatives. It doesn’t stop there – this complexity tends to expose itself to the user or recipient. This causes problems when a big part of your digital strategy is based on simplifying processes and the entire user experience.  Why do so many organizations have one or more encryption solutions and none is used to the extent it should or must be? Complexity of the solution!  And who wants to invest in on-premise infrastructure and the resources to manage this encryption complexity. This problem cannot be ignored, although many try to do just that.

Securing, Mobile experience

Another issue that must be addressed as part of a digital strategy is the mobile experience. How do you ensure mobile users enjoy a risk-free experience while sending and receiving secure information using encryption technology? Some might say through Javascript or an external app. But who wants another mobile app? The mobile experience must be natively inherent in the solution you deploy.

I would say that there are only a few solutions that can enable you to share sensitive information in a simple way that will enhance the effectiveness of your digital transformation strategy. Even fewer that can in turn alleviate infrastructure complexity, enable you to confidently manage privacy, allow you to deal easily with numerous encrypted messaging alternatives, enable a seamless mobile experience and ensure the ability to create unique branding based on a business unit or market segment.

Email communication makes it easy for your customers and partners to receive and send information and is a key element of digital communications. It’s time for a solution that makes it simple to secure confidential information through this pervasive communications mechanism.

Reach out to the experts at Echoworx for further insights and visit the links below to additional content that may be of interest.

By Randy Lenaghan, VP Sales, Echoworx

This article originally appeared in InfoSecurity Magazine

28 Apr 2017
Echoworx | Email Encryption Solutions | How to Protect Company Email From Attacks

How to Protect Company Email From Attacks

Email is one of the most common ways attackers use to infiltrate an organization’s systems and gain access to sensitive data. Email is built into smart phones, tablets, gaming devices and desktop computers … yet not designed to protect privacy or security.

Without protections in place, “email is a postcard, not a sealed letter,” cautions Jacob Ginsberg, senior director of products for Echoworx. He says people often don’t understand the permanence of data and how it can exist on servers long after they’ve forgotten about it.

“Email is one of the most common ways hackers infiltrate a company’s system,” says Sam Elsharif, vice president of software development at Echoworx. “They often use phishing scams, sending out emails that appear to come from a legitimate source that ask recipients to click on a link that directs them to provide credit card or password information.”

How can you protect your email communications?
Ginsberg says encryption is a logical solution and provides effective protection. Even small and medium size businesses should consider encryption, especially if they deal with data such as intellectual property and customer credit card information.

“There are old holdover misconceptions about encryption – it must be difficult to use, only IT experts can understand it, it slow things down – but those are no longer valid,” says Ginsberg. “The tools are simple to use and I strongly encourage encryption.”

Ginsberg says with encryption only users and intended recipients can see the data. For added security – and a tool that addresses phishing – users might want to add a digital signature (a coded message associated with a specific person).

Educating staff about email use is critical.
Hold regular training to make employees aware of the rules and practices surrounding email, suggests Elsharif. Do your due diligence: research threats and solutions, and review how your organization stores data, how you email data and how you deal with credit card information. Ensure your company is complying with current regulations.

Elsharif says to consult more than one vendor, depending on your needs. “Everyone needs firewalls and anti-virus software. Do you allow employees to access your network from the outside? You may have to look at a VPN (Virtual Private Network). Don’t be afraid to check with multiple providers. No one company can do it all.”

Technology can be effective in mitigating email threats, but don’t rely solely on it.

“Nothing beats human common sense,” Elsharif says. “As a user, try to follow best practices and don’t be sloppy when dealing with your data.”

Seeing is Believing
See for yourself how our latest encryption technology is easy to install, highly customizable and, most essential, simple for anyone to use.

By Greg Aligiannis, Senior Director Security, Echoworx

19 Apr 2017
Echoworx | Email Encryption Solutions | Closing the Paperless Billing Gap

Closing the Paperless Billing Gap

In today’s real-time, always-on culture, users want to receive important documents faster than ever. Whether bank statements, healthcare records, or even legal documents, consumers want information at their fingertips. As a result, electronic, or paperless, billing has emerged as a viable solution to the need for speed in information delivery.

When introduced more than a decade ago, paperless billing was touted as not only a way to “go green,” cut mailing costs, and get instant access to billing and account information, it was also positioned as a way to keep your information more secure. Paper bills were known for presenting opportunities for confidential information to fall into the wrong hands, whether by human error like incorrect mail delivery or even a user misplacing the document. Paperless billing emerged as a way to minimize security risks and give greater control to the consumer.

But in today’s cybersecurity landscape, paperless billing comes with a new set of security challenges for businesses and consumers alike. For consumers, there may be security concerns of leaving confidential information vulnerable when checking billing online at work or on public Wi-Fi networks. As today’s cybercriminals continue to become more advanced, tactics such as phishing emails are also a risk. Phishing emails are fraudulent messages disguised as official business correspondence that aim to steal personal information such as bank account passwords or credit card numbers. For businesses, there are certain compliance standards needed for paperless billing, but addressing these needs may cause access to documents to be cumbersome for users, inhibiting paperless adoption growth.

Not only do these security concerns create a barrier to a simple paperless experience, it also impacts a business’ bottom line. Closing the paperless billing gap could mean a savings of $2.2 billion industry-wide over the next five years, according to a JAVELIN report. In order to close this gap, organizations need the ability to deliver confidential statements, invoices, and bills directly to customers’ inboxes with full security and confidence – and encryption is one way to do so.

Encryption solutions like secure electronic document delivery can help businesses transmit confidential documents across networks with a seamless, secure user experience. Whether accessing paperless billing statements on a public or private network, secure electronic document delivery enables customers to receive sensitive documents encrypted from a company directly to their inbox. The documents can then be viewed securely on any device without leaving an email system. For businesses, secure electronic document delivery helps organizations deliver bulk statements via email, eliminating the need for the costs associated with paper-based billing while increasing security. Encryption solutions can also integrate with existing business infrastructure to match the look and feel of a company’s correspondence and continue a seamless user experience. And, for consumers, encryption delivers their information securely without adding on cumbersome extra steps to access documents.

Consumer demand for information on demand is not going away. In order to cut the paper trail and close the paperless billing gap, businesses need to provide more options to deliver a better, more secure paperless experience across all the communications they send to customers. By utilizing encryption technology, businesses can reach consumers securely, help reduce time and costs, and maintain regulatory compliance for information security.

By Sam Elsharif, VP of Software Development, Echoworx

This article originally appeared on TMCNet, InfoTech Spotlight

28 Feb 2017
Echoworx | Email Encryption Solutions | Digital Document Delivery - Push Forward or Fall Behind 2

Digital Document Delivery – Push Forward or Fall Behind

Your customers and partners want to receive their important documents and emails faster than ever before. They want them delivered in a way they can trust and are easy for them to access. And you’re the lucky one who needs to deliver on this.

The objective for e-statements, also known as Secure Document Delivery is to push statements, documents, and bills directly to your customers. The problem is you need to deliver a cost-effective solution that seamlessly integrates into your distinct environment while driving performance and customer service. With OneWorld Encryption, organizations finally have the ability to securely deliver confidential and business critical statements, invoices, and bills directly to customers’ inboxes with full security and confidence. There are a number of reasons why there is a great demand for secure e-statements in the market today.

Reach Today’s Customers Through Multichannel Communication

Organizations must increase customer satisfaction by providing their customers’ documents and important information through their preferred channel of communication. Because your customers’ expectations regarding communication with you are being shaped outside of your industry alone, you need a strategy that meets your customers’ wide array of communication and servicing needs, while working within the realities of your internal systems.\



And, in today’s always connected world, customers want the freedom to choose how companies communicate with them, whether it’s through email or an app on a phone or tablet via a secure web portal. Echoworx provides solutions that meet these diverse multichannel communication needs. OneWorld can deliver encrypted messages over TLS, using encrypted PDF’s, PGP or  S/MIME keys, encrypted ZIP attachments or to a secure web portal.

Using OneWorld encryption, you can now send customers their bills, invoices and statements in a robust, interactive and most importantly encrypted PDFs that have the look, feel and functionality corresponding to your website. The encrypted PDFs can be delivered and read on any desktop or mobile device including tablets.

The benefits of Echoworx’ encrypted documents include fully branded PDFs, customer account self-servicing within the PDF, and highly secure communication delivery pushed to your customer’s inbox. Messages can be routed into the system via SMTP or API to accept both end user generated email and system generated mail.

Secure Document Delivery For Regulatory Compliance

To reduce mailing costs and increase efficiencies in document processing, many organizations are migrating to secure e-statements instead of traditional paper forms.  In order for e-statements to be an effective means of communications and data collection, organizations must ensure the security and confidentiality of these statements as they are transmitted across the public networks.

Securing e-statements can be a challenge for organizations unless they look at solutions like the OneWorld encryption platform. Customers can have all statements generated in an universally accepted secure PDF format and send via e-mail for easy collection. Statements are automatically encrypted and sent to your customers’ e-mail inbox. Statements are decrypted with simple, but secure, password protection.

With the implementation of encrypted e-statements, organizations must ensure they meet the strict mandates of various regulations.  Regulatory compliance is expensive and time consuming. Requirements change frequently however security of information is always at the forefront of all major regulations. OneWorld Encryption ensures your organization is taking the right steps to conform to all major regulations including HIPAA, PCI, GLBA, and others.

Reduce Communications & Servicing Costs 

For all companies, producing and maintaining customer paper communications is a costly, disorganized process that adds very little to the bottom line. What is needed is a solution that will lower document delivery costs and yet scale dynamically as e-mail demand on the system fluctuates to handle the bulk e-statements – and all in a secure fashion. Customers prefer documents, statements, and bills delivered right to their inbox but do not want to sacrifice the security and ease of use. With OneWorld, you get the best of both worlds: an easy to deploy, highly scalable statement delivery platform with unparalleled encryption technology.

Leverage Existing Investments

OneWorld Encryption isn’t a replacement for your core billing and fulfillment systems. It’s not a software tool you have to install, integrate and continuously manage as all of your systems morph and change. Rather, it interfaces seamlessly with the multiple systems your company uses for document delivery and enables a security layer to it.

Empower Business Owner Control

Instead of making customers log into a portal, remember a unique PIN, and then view their statement, the OneWorld encryption platform allows you to directly deliver encrypted PDFs converted from your statements right into their inbox. This keeps you from having to store and retain all of that data and at the same time simplifies the process for the business and customer.

For more information on how you can send millions of encrypted statements a month, using a single encryption platform as both a secure email gateway and an encrypted bulk documents transmission engine:

  • Download our  WHITE PAPER  | Embracing High Volume Digital Communications

By Greg Aligiannis, Senior Director Security, Echoworx

15 Feb 2017

What is SAML?

Today, enterprise employees use a vast number of applications. These applications can be domestic in-house hosted applications or external partner/vendor cloud web applications. Seemingly, the use of the latter is growing day by day.

71% of organizations will be using cloud by end of 2017.

Security access to the in-house hosted applications is straightforward since all users and applications are in the same security domain, a central Identity Management system (IdM), that can identify and authenticate users. You just type your password and login. However, access to the external Software as a Service (SaaS) applications, such as a cloud-cased encryption solution, is more challenging. Since these SaaS applications do not have access to the organization’s IdM system, they need to maintain their own user credentials.

As the number of external SaaS applications grows, memorizing different user ids and passwords for different applications becomes the main risk of security breaches as the user often chooses the same password for multiple applications. It isn’t the user’s fault.

63% of organizations identify security and privacy as the top inhibitors to public cloud adoption.

So, what can Enterprises do?

The answer is Identity Federation; It solves these challenges by using standard-based policies and protocols to manage and enforce users’ access to cross domains applications. It enables business partners to allow secure access to internal resources without having to assume the burden of maintaining users’ credentials that belong to their business partners. Keys to successful implementation of identity federation are standardized mechanisms, and formats for the communication of identity information between the domains – The Security Assertion Markup Language (SAML) defines just such a standard. SAML offers a number of advantages:

  • Eliminates the need to maintain multiple credentials in multiple locations;
  • Reduces the opportunity for identity theft – eliminates multiple credentials;
  • Diminishes phishing opportunities – users don’t have to login over the internet using login forms;
  • Increases application access by removing usage barrier. Users can simply click on a link to login, and there’s no need to type passwords;
  • Increases efficiency and reduces costs of administration by eliminating help desk calls to recover, reset passwords and efforts to remove duplicate credentials;
  • Enhances user experience – users are happy since they can get direct access to the application without the hassle of remembering multiple passwords.

Single sign-on is key to successful user adoption. Echoworx’s secure messaging solution, OneWorld Enterprise Encryption, leverages industry standard protocols such as Security Assertion Markup Language (SAML) and OAuth for full support of Single Sign On (SSO), creating seamless customer experiences and driving encryption adoption.

For a more detailed explanation of what SAML is, how it works, why it’s important, and a look at some of the most common business use case scenarios, our White Paper “SAML 101: What, Why, How” may be of interest to you.

By Paul Jong, Application Architect at Echoworx

08 Feb 2017
Echoworx | Email Encryption Solutions | Email Encryption: Better Protect Office 365

Email Encryption: Better Protect Office 365

Are you one of the many organizations that have decided to move on to Office 365? If so then you must have made this decision for a variety of comprehensive business ins and outs including cost savings, infrastructure simplification, and flexibility. While there is no doubt that such a decision is sound and will quickly provide a noticeable return on the investment, given the nature of the cyberspace, it also makes your company susceptible to cyber exploits.

Although I imagine and understand that privacy may not be a top priority for your deployment, but I believe that it soon will be. It is needless to mention the reasons to secure sensitive communications, whether that is with your customers, employees within your organization or with other organizations you deal with. Securing Personally Identifiable Information (PII) is something that every organization is required to be concerned about, especially when communicating via email.

Regardless the industry, there are many rules that govern the use of PII across the globe such as HIPPA (the Health Insurance Portability and Accountability Act), PIPEDA (the Personal Information Protection and Electronic Data Act), as well as the EU’s Data Protection Directive. These rules mandate companies to protect the personal information of its users/customers.

Now the question is, can Office 365 provide the appropriate level of protection for sensitive email communication? The answer is yes.

However, there is a “but” and the “but” is – the encryption capability within Office 365 is neither robust nor easy to use. Ease of use has a direct correlation to the willingness of the sender and recipient to readily adopt encryption in communications. Ultimately, the frustration caused by the complexity and inflexibility of encryption technology, leads to user to giving up on it. Unfortunately, this is a reality in many organizations.

Trusting Office 365 with my sensitive data
But, there is a silver lining. There are robust (and simple) ways to handle sensitive communication which don’t include having to rely upon what comes with the standard versions of Office 365. I encourage you to examine whether Microsoft’s native capabilities are sufficient for your company’s security and privacy. If you do, you will determine that there are indeed security gaps in the software. You should then examine third-party alternatives. This will help ensure the capability to effectively implement policies that are required to strengthen your business processes.

I regularly hear from IT professionals and business leaders that securing communications through encryption is a complicated and inflexible process. Imagine having a simplified option for a sender and recipient to facilitate sensitive email communications. Isn’t that an ideal image?

Simplicity equates to adoption; adoption equates to compliance, and compliance eliminates the potential of your organization’s name appearing in the news for all the wrong reasons. Can your Office 365 environment give you the simplicity and the flexibility to ensure the adoption and adherence of encryption protocols in multiple use case scenarios?

I assume you wouldn’t be reading this article if it didn’t have any limitations.

Some of the things that you should consider when evaluating the encryption capability within Office 365 include:

  1. New recipients must provide sensitive information to create a Microsoft account to then read an encrypted message, or receive a one-time password sent in clear text;
  2. When encrypted messages are sent via the Office Message Encryption (OME) Viewer app or the encryption portal, the sending email address is;
  3. Encryption options do not include S/MIME, PGP, Ad hoc encryption or Portal-based encryption;
  4. Users cannot track the usage of documents;
  5. Users cannot revoke access to documents;
  6. Android and IOS devices require access via a downloadable viewer (OME viewer app).

The registration process for new recipients (referenced in point 1 above) involves a 9 step process in order to get an account, and if you don’t want a Microsoft account, your options are even more limited. The only real alternative is to ask for a one-time password that is sent in clear text, which is not something I would call secure. There has to be a better alternative, and preferably one which would also seamlessly integrate the encryption solution with the mobile experience, because do we really need another app to view an encrypted email?

Now, if privacy is a priority within your organization, I comprehend that you need an enhanced encryption capability as an add-on to Office365 – one that makes encryption easy. That is to say, an encryption platform that gives you the flexibility to vary the encryption process for differing use case scenarios – a platform that comes with policy templates that are industry specific.

When sending an encrypted email there may be a need, based on the type of information and the needs of the recipient, to have a shared passphrase, a system generated verification code or even no password. How about leveraging open authentication to have the recipient use passwords they already trust from sites such as Linkedin, Facebook or Twitter? Think about having the capability to use text messaging to create a two-factor authentication process for communications.

When you look at the many use case scenarios that you will implement to send specific information to specific recipients, the limitations within Office 365 become clear. What happens when you need to enable an encryption delivery method not supported through Office 365? Encrypted Portal and PDF and two delivery methods that are being used a great deal by companies across many industry verticals – will you just ignore these?

And what about branding? There is very little flexibility to brand your encrypted communications with Office 365. As with any communication outside of your organization, it should represent your brand. Again, you must look to an add-on capability to ensure you have the ability to reinforce the brand of your company.

When addressing the secure email communications requirement, many organizations will need something more than what comes standard with Office 365 and flexibility will ensure your encryption compliance processes are adopted and adhered to.

You have deployed Office 365 and now it is the time to think about how you will secure communications. This is one area where it is critical to be proactive and not reactive, for, a reactive approach could lead to undesirable outcomes. Why not think about an email encryption solution that is cloud based, pervasive across the web, mobile, and desktop, policy template driven and fully integrated with Office 365?

Hopefully my article has provided you with substantial knowledge and provoked some ideas on how to enhance your Office 365 deployment to effectively deal with the ongoing need to secure sensitive email communications.

If you would like to find out more about how to avoid missteps in the implementation of your compliance process and sure ways encryption can better protect Office 365, the additional content listed below may be of interest.

  • Watch our VIDEO    Office 365 | Securing Mobile and Desktop
  • Read our BLOG Making it Easier to Secure Office 365, From Anywhere

By Randy Lenaghan, VP Sales Echoworx

10 Jan 2017
Echoworx | Email Encryption Solutions | Making it Easier to Secure Office 365, From Anywhere 1

Making it Easier to Secure Office 365, From Anywhere

We’re excited to announce the full integration of OneWorld Encryption for Office 365 Users!

For years, OneWorld customers have been trusting the OneWorld Encrypt button in Microsoft Outlook on the desktop to provide their employees with a quick and obvious way to encrypt their emails.  While the Office 365 Outlook on the web Add-in is not a requirement to use OneWorld, it is often preferred over asking remote employees to type a keyword like “secure” in the subject line. OneWorld Encryption for Office 365 Outlook on the web is also an excellent way to offer multiple encryption methods to your employees.

That’s why we are so proud of our new OneWorld Encrypt Add-in for Office 365 Outlook on the web!  Integrating into Office 365 Outlook on the web allows enterprise senders to select “Encrypt” from anywhere!  They simply login to Office 365 Outlook on the web from a mobile device, or from any desktop web browser (Windows, MAC OS X, even Linux).

Let’s dig in to the full story by answering some common questions.

What does the OneWorld Encrypt Add-in for Office 365 Outlook on the web offer?

The OneWorld Add-in for Office 365 Outlook on the web offers advanced user encryption options right where you need them. You can use the add-in to:

  •  Encrypt messages in a variety of formats including TLS, PDF, PGP, S/MIME, and Web portal;
  • Track and recall your web portal messages;
  • Request delivery and read-receipts;
  • Set custom expiry dates for Web Portal messages;
  • Retrieve the password you set on your Shared Passphrase messages;
  • Categorize encrypted messages for easy searching.

How does it work?

Encrypting a message is as simple as clicking on the Encrypt slider.  OneWorld Encrypt will add special flags (or for the more technical folk – email x-headers) that tell OneWorld to encrypt the message.

The options displayed in the Add-in for Office 365 Outlook on the web will match your company’s encryption policies, which govern how the message is to be encrypted and delivered. You can also override certain settings like notification preferences and message expiration periods.

Encrypted emails will have a category added onto them so you can instantly see which messages were secured.  And when you open encrypted messages in your Sent Items folder, the Add-in will display useful information like the shared passphrase, or a link to recall the Web Portal message.

What does it look like?

Here’s a sample message that I sent to an external customer.  As you can see, I have the ability to choose my encryption method directly within the OneWorld Encrypt Add-in for Office 365 Outlook on the web.  The options available to me depend on what my administrators have allowed.

How do we install it?

Echoworx is hosting a few versions of the OneWorld Encrypt Add-in for Office 365 Outlook on the web that match the majority of our customers’ requirements.  Alternatively, any customer can deploy the Add-in code as a Web App to Azure Active Directory or to a traditional IIS Web Server.  Detailed instructions can be provided for customers that want their own deployment.

Once the deployment decision is made, the Office 365 Administrator (logging into the Exchange Portal) can push out OneWorld Encryption for Office 365 Outlook on the web to everyone, or to certain groups, in a matter of minutes using the Add-in manifest file.  Individual users can also add OneWorld Encryption for Office 365 Outlook on the web to their own mailbox if they have the manifest file URL.

Where does this work exactly?

We’ve made sure OneWorld Encryption for Office 365 Outlook on the web will run in all the same browsers and platforms that Outlook Web is supported on (by Microsoft).  For a list, see

For Outlook on the desktop, we continue to support and recommend the traditional OneWorld Encryption Add-in.  Both the Desktop and Web Add-ins are completely interoperable –  if you start composing a message on the web, you can finish on the desktop, or vice versa.

There is so much to see in version 1.0 that we invite you to give it a try!  More exciting features are coming soon as we continue to develop on Office 365 to make OneWorld Encrypt an Add-in you can’t live without.

I recommend you also:

Watch our DEMO | Office 365, Secure Desktop & Mobile

By Sarah Happé, Director of Client Engagement, Echoworx