Get your email security POPI-ready
Get your email security POPI-ready
Ensuring information security just became more urgent for South African businesses and other institutions, with indications that legislation putting the onus on them for information protection will be enforced in the next year.
It has also become easier with the newly-forged partnership between South Africa's LAWtrust, a specialist online security provider, and Nasdaq-listed email data protection company Zix Corporation (ZixCorp) (Nasdaq: ZIXI).
The urgency comes in because, after promulgating the long-awaited Protection of Personal Information Act (POPI) in 2013, the government has at last appointed the regulator and her staff. POPI looks set to become operational around May next year, says LAWtrust privacy specialist, Advocate Rian Schoeman.
The forecast date is no coincidence as it is set to match the EU's General Data Protection Regulations that are coming into effect then.
Not only does POPI demand that the personal information legal entities handle is protected, but businesses and other institutions have to be able to prove they have protection in place. This is not easily done with common security protocols, such as transport layer security (TLS), traditional user-based or secure/ multipurpose internet email extensions (S/MIME), says LAWtrust's Dr Aleksander Valjarevic.
Valjarevic says TLS is open to various online attacks if poorly implemented, and does not have the ability to automatically scan email and implement encryption if it contains personal information and other sensitive content. Neither TLS nor S/mime can produce the reports needed to prove compliance with POPI.
ZixCorp CEO Dave Wagner says the company's relationship with LAWtrust is primarily a distribution partnership, but LAWtrust will also offer a secure hosting option of ZixGateway, a policy-based email encryption solution, in South Africa for companies that prefer that deployment model. The two companies have collaborated on a POPI lexicon (filter) specific to South Africa.
"We've wanted to offer transparent email security since LAWtrust started almost 11 years ago, and now with Zix we've cracked it. It's not traditionally easy to do," says LAWtrust solutions director Maeson Maherry.
Without encryption, email is the least secure, but most commonly used, online communication method.
In addition to POPI, the King III and the coming King IV governance principles and the Electronic Communications and Transactions Act and even the Constitution regulate dealing with other people's private information. Personal information has to be protected, and the acts and regulations provide fines of up to R5-million for breaches.
Wagner says ZixCorp has been dedicated to email security since 1998 and has grown to own the largest market share in email encryption. The reason for this dominance is the company's focus on security with a simple and convenient user experience. Zix Email Encryption protects some very high-security customers, such as the United States Security and Exchange Commission, one in four US banks and one in five US hospitals.
"With LAWtrust, we have built a POPI lexicon that automatically encrypts email, reducing stress and providing peace of mind to South African organisations that need to comply with the regulation," he says. Importantly, it is not the user who decides whether an email should be encrypted – it is the gateway established for the company using a lexicon determined by experts. On average, more than 70% of emails sent via ZixGateway are encrypted totally transparently to the sender and with no action required from the recipient, says Valjarevic.
ZixCorp is focused on making email encryption easy for its customers and their customers – nearly 15 000 organisations, sending millions of encrypted emails a day, says Wagner. It has a dedicated research centre looking at the design and optimisation of filters for automatic email processing. "Our customers' employees don't have to do a thing, and recipients arenever more than two clicks away on any device to access and reply to encrypted email. The mobile experience is incredibly important," says Wagner.
Maherry says LAWtrust will distribute and implement Zix email security solutions in Africa and provide technical support and a secure hosting option to those entities that prefer such a deployment model.
LAWtrust privacy experts will work with the South African community and ensure further localisation of the Zix protocols.
LAWtrust and ZixCorp's partnership presents three products: ZixGateway the leading solution for automatic encryption and decryption of messages; ZixMail, a desktop application providing end-to-end encryption; and ZixQuarantine, a data loss prevention solution that inspects email traffic and attachments and intelligently quarantines emails when words or patterns of words are in breach of the POPI lexicon and should not leave the customer's network.