To Encrypt, or Not to Encrypt - With Compliance There is no Question
Updated March 07, 2020
To Encrypt, or Not to Encrypt - With Compliance There is no Question
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Zix Email Encryption (ZixEncrypt)
Zix is currently being used by the Business Department to share confidential information with our financial institutions. We are also using it in IT when we need to communicate credentials with our partners. It has solved the business problem of needing to transfer information through email securely.
- Easy manual encryption. You can define a key word or phrase that will trigger an email and contents to be encrypted.
- Simple encryption rules interface. Zix supplies some pre-defined rules for auto-encryption such has for HIPPA, FERPA, PII, etc that will automatically encrypt if certain keywords or patterns are detected. These can be modified to fit your company requirements.
- Automatically encrypts email if you are sending to another Zix customer. This makes the encryption process seamless because they do not need to log in to the Zix gateway to retrieve encrypted email. The email and contents are automatically encrypted.
- Zix will customize your portal, so it is more seamless for your clients and partners.
- The configuration for web mail, such as Gmail, was not well documented.
- The default encryption policies initially generated a high volume of false-positives and encrypted much more than we intended.
- It has allowed us to meet legal compliance when communicating with our partners by keeping required information secure. This was the primary reason to look at Zix.
- Zix provided the additional benefit for our IT department to easily communicate security information securely with our partners.
- Their SOC 3 compliance gave our stakeholders the peace of mind that Zix is following the proper security procedures to ensure the safety of our data.
The primary factor for us was ease of integration with Gmail because we are a school district that uses Google for Education and Gmail is our email platform. It was also important to us that the solution allowed an easy way to force encryption when needed. Zix allows us to easily add a keyword to the subject line that forces the email and its contents to be encrypted.
Using Zix Email Encryption (ZixEncrypt)
15 - The business functions that utilize the Zix encryption portal are our Business department and our Information Technology department. The Business department uses Zix when communicating with our financial institutions and for sending financial information to our vendors. The IT department uses Zix when we need to share credentials or network configuration information with our partners.
2 - We have two of our network staff that support Zix for our employees. They have expertise in our email configuration and were easily able to integrate Zix into our Gmail setup. We have one primary support person and the second has been trained as a backup to provide additional coverage.
- Sending financial information to our financial institutions.
- Sending financial information to our vendors.
- Sending credentials to our technology partners when we need support.
- Sending private network configuration information to our partners for support.
- Our HR Department recently wanted to send out a form gathering information to our staff and we were able to use Zix to protect that information.
- Additional uses with our HR department to send out insurance information to individuals.
- We are exploring using it to securely send out transcript information to past students.
Evaluating Zix Email Encryption (ZixEncrypt) and Competitors
There is nothing we would change because we have been happy with our implementation of Zix email encryption. The installation was fairly easy and straightforward for our network folks and Zix support have been very responsive when we have had questions or issues. Zix support also worked well with us on the initial configuration.
Zix Email Encryption (ZixEncrypt) Implementation
- Implemented in-house
Yes - During the first step was to fill out the Zix Implementation Configuration questionnaire to allow Zix support staff to understand how we would use Zix encryption. The first phase for us was following the documentation to configure our Gmail Mail Host for Zix through the Google Admin Console. The documentation was easy to follow. The next phase was to determine and set up the automated policies we wanted to use to trigger encryption (i.e., HIPPA, credit card, etc). The next phase was to configure the quarantine mode to 'insight'. This mode allowed us to view the quarantine functionality without needing to manually approve emails if they were flagged by a policy. Once we were done testing we set the quarantine to notify and set up approvers. The final thing we worked on with support was customizing our portal.
Change management was a small part of the implementation and was well-handled - It just confirmed the importance of documenting any changes to make sure both parties understood the scope of the change and to avoid scope creep from the primary project.
- Clarifying the automated policies we would use for triggering encryption. This was an internal issue that we had to work through with all of the stakeholders.
- We initially turned on quarantine and it delayed some email delivery because we thought the default was 'insight' mode. Once we switched it to 'insight' mode it helped us tune our policies to reduce false positives.
Zix Email Encryption (ZixEncrypt) Training
Zix Email Encryption (ZixEncrypt) Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response | None |
Not Available
There was a teacher attempting to send an email out to parents with a notification regarding a future activity with her class. The email was being flagged by one of the phrase filters causing it to get rejected by the receiving email servers. I contacted Zix support in the afternoon and by the next morning they had corrected the issue and the teacher was able to send her email notifications. Zix support identified the issue and resolved it quickly.