In E-Mail We Trust
Baptist Health Care has confidence that it's safely transmitting patient data and other sensitive information through CipherTrust's secure messaging gateway appliances.
Can patients' health data be transmitted over the wire safely within
the rules of regulatory compliance? According to Alex Hernandez, director
of advanced product development at Alpharetta, Ga.-based CipherTrust,
it's entirely possible. Headed by CEO Jay Chaudry, CipherTrust developed
the IronMail secure messaging appliance, which Baptist Health Care, a
Florida health care provider and customer, has been using since 2001.
BHC then turned to them again when it needed to be able to safely e-mail
patient data. CipherTrust came through, with the Secure Web Delivery appliance,
which allows the health care provider to send out patient data via e-mail
and other methods without having that data compromised. MCPmag.com
editor Michael Domingo interviewed Hernandez about the company's efforts
in helping BHC secure patients' health data on the Web over the years.
What went into the development of the IronMail appliance and what
compelled Baptist Health Care to deploy it back in 2001?
|CipherTrust director of advanced product development
Alex Hernandez: BHC deployed their original product for what we
started doing development for, for security. And, then providing protection
from attacks and attackers from the Internet was our first device for
e-mail. Baptist Health Care was specifically trying to tackle a spam and
virus problem and looked to us as a leader in that space. That's what
drove their original purchase.
Baptist has been a customer since 2001. Since they're already a customer
of yours, I'd believe they'd probably ask you for IT compliance solutions
AH: Absolutely, and for customers who have been with us for as
long as they have, certainly dealing with those in-bound threats was a
headache to messaging administrators for the past several years. As they're
looking toward their clients, we're already handling their mail at the
gateway, so we're an appropriate provider for them to ask, "What
do you have for offerings on outbound compliance?" We're certainly
able to deliver a solution for them as well.
That's CipherTrust Secure Web Delivery that you're referring to?
AH: It's really tied in with the IronMail gateway, where IronMail
is [Baptist Health Care's] policy engine. Not only is it doing their in-bound
protection from spam and viruses, from the nasties on the Internet, but
it's also able to look at that out-bound content and make intelligent
decisions with the policy manager over what data needs to be protected,
looking at content, looking at attachment types. Specifically, their initial
launch was around e-faxes, x-ray information...basically the policy manager
looks at messages and decides most appropriately what needs to get encrypted.
Then it utilizes what we call a Secure Web delivery appliance to deliver
those messages to anyone, anywhere.
Was Secure Web Delivery developed as an add-on to IronMail?
AH: We consider it sort of like a staging server, where IronMail
is handling the in-bound and out-bound mail flow. It sees something that
needs to get encrypted and handled in a special Web delivery method, so
it hands it to the sister appliance that sits side by side, that handles
that longer-term holding of e-mails, the Web delivery, the authentication
of the users, those types of tools.
Was it developed based on customer feedback or was it based on some
foresight, that IT compliance was going to hit customers?
AH: A little bit of both. We've been in the gateway e-mail encryption
market since our inception. We've been supporting secure SMTP, really,
since day one in our product space. We've since added, and before we got
to Secure Web Delivery, we added other gateway-based encryption capabilities,
like server-side S/MIME, server-side PGP encryption capabilities.
But we were seeing a need for the marketplace that ability to deliver
a message to anyone, Hotmail, Yahoo!, any user--not necessarily a business
partner. That's where hearing customer feedback [comes in]...they saw
a need for it as well, but they didn't know what they were looking for
necessarily. We put our heads together and came up with a nice Web delivery
model that's been very widely accepted.
There are other message security products out there that address IT
compliance issues. Who is your stiffest competition, who do you go up
against on a regular basis when approaching a new customer?
AH: It'd be a mix. There's certainly some open-source solutions
out there. There are some solutions that are gateway-based, like a Zzyzzx,
or PGP Universal or a PostX-type encryption solution. But the market space
is kind of interesting, in that there's a lot of policy providers out
there that can do the message scanning, and a lot of them have teamed
up with gateway encryptions solutions, like PGP Universal, PostX or Voltage.
We've got partnerships with those same types of organizations.
Typically, you'll see less competition on the encryption side and more
competition on the policy management gateway side. The encryption solution
is really being tipped more to the needs of the organization. Are they
trying to deliver statements out or are they just trying to deliver e-mail
messages to users? Are they looking for something lightweight, like Secure
Web Delivery which we offer, or are they looking for something in-depth,
being able to encrypt a statement or send out a bank statement to a user?
We offer not only our own Secure Web Delivery like Baptist Health Care
is using, but we also do provide, with agreements, solutions for PGP Universal
as well as Voltage.
Are you finding that new customers have no solution, or are you typically
replacing something that didn't work out for them?
AH: For most of them, it's new. Very few companies jumped onto
e-mail encryption early on, because they really didn't know what their
needs were, what their requirements were going to be. We certainly see
ourselves replacing some existing SecretSweeper or Tumbleweeds solution
out there, with products with more features, with more integration with
gateway functionality. A lot of them are companies trying to address an
encryption need that has arisen.
Michael Domingo has held several positions at 1105 Media, and is currently the editor in chief of Visual Studio Magazine.