Powered by ZSentry|
How to use ZSentry to get more utility, more security, and more control.
Now you can connect and unilaterally extend the utility and security of your services and third-party products
— without changing them. Create cohesive solutions providing more value to users.
For examples, touch to expand:
Can I prevent Google from reading my Inbox?
Can I prevent Google from reading my sent mail?
Can I use ZSentry for HIPAA compliant forms on my website or by email?
These and other ZSentry benefits are further presented below.
ZSentry Secure Vault
Automatically, or as requested, ZSentry can create a
ZSentry Secure Vault (a secure document retention copy) at your
location, or securely in the cloud as you may choose. Easy to use, access protected by two-factor
authentication, and audited 24/7 with access reports that can be sent to you before access is granted.
The ZSentry Secure Vault includes the entire message
and attachments, encrypted and sent as an attachment, making it easy to archive in Google Apps, add to Google Drive, and store with multiple providers.
This service is set for ZSentry App by checking the box [Bcc Me]
in the To/Cc bar and can be read by ZSentry Client when the choice is personalized through the ZSentry Dashboard.
Afterwards, verify your Inbox filters to ensure delivery of attachments for
the ZSentry Secure Vault messages. You can also setup an archive folder for the Secure Vault messages.
Protect sent mail folders
The ZSentry Secure Vault can also be used to protect the sent mail folders and relieve privacy concerns,
particularly critical when using cloud providers, phones, and online systems. For example:
- Mobile devices (phones and tablets):
If you use a mobile device, please note that people are 15x more
likely to loose their phone than their laptop. If you are using the
device's Mail client, you should delete the plaintext sent file upon
sending or have it deleted OTA (over-the-air) regularly by your
service administration. Enable the ZSentry Secure Vault for
secure archiving of your sent mail.
- Google Apps or Gmail: You should enable the ZSentry Secure Vault
for secure archiving of your sent mail. You can delete the plaintext sent file upon
sending, automate deletion, or prevent it from being created in the
first place. See instructions at Google
- Outlook and other Mail clients:
You may keep the plaintext sent file if advised by your IT.
Enable the ZSentry Secure Vault for secure archiving of your sent mail.
Leak deterrent and alarm
For enhanced security compartmentalization, to help prevent leaks, improper access, and internal attacks, organizations may include Vault Audit
protection. For example, a live authorization or additional confirmation can be requested, logged and sent
with What-Who-Where-How-When and other tracking information, every time a Secure Vault copy is to be accessed.
about the Secure Vault »
Personalization / ZSentry Dashboard
The organization or users can personalize their configuration profiles (Dashboard), defining how ZSentry sends secure email and what is required
from recipients according to their access class. The users' configuration profiles are individually encrypted.
In their domain, organizations may centralize and lock their users' personalized choices.
Before you personalize, please note that ZSentry is already provided "out of the box" with a Default
HIPAA-compliant configuration that improves usability. The
configuration is auditable, with access control by means of
automatic mailbox and end-point authentication, login monitoring,
and expiration control. It enables secure first-contact and
reply (Secure Quick Reply) with verified recipient online
identity, without requiring the recipient to register. To
enable Secure Quick Reply, the Expiration Time is set by default to
15 days (and should not be more than 31 days).
Personalization includes a range of sender-defined choices for access control, including mandatory
recipient registration and mandatory login according to access class, document control,
delivery and tracking. After you personalize ZSentry you can personalize your
configuration as the new Default.
The personalized choices are verified and set using the ZSentry
Dashboard. To access the Dashboard, login using ZSentry App» (bookmark
the link for easy access) and look for the Dashboard / Delivery
control at the bottom. When you are done, make sure that you
click Dashboard / Personalize / Save to make it the active for the ZSentry
Client and become the new Default for ZSentry App. Otherwise, you will
use that setting only during your current ZSentry App session, and not with ZSentry Client.
The ZSentry Dashboard choices are further explained in the Dashboard
technical section »
Google Apps and Gmail users: See also ZSentry for Google Apps How-To »
Included but optional. You can add your logo in the email. You are also be able to add
your Organization Name on the top banner, on the Secure Quick Reply service, and to all your user accounts,
which ZSentry will digitally certify and securely present to recipients before and after decryption.
The Organization Name must be your legal personal name, or the organization's legal name, or a valid DBA.
First Contact, Secure Access Control and Login
Good fences make good neighbors. With ZSentry, the choice is yours which
good fence to use. Senders can control access and file sharing with two-factor
authentication login, required signup, end-point authentication and identity confirmation, and
custom methods including time-token and live authorization.
ZSentry access control includes effective delivery conditions for secure first contact, all with high usability. The default
secure first contact delivery condition is also the most simple and usable delivery condition that the sender can choose.
It is called Click to Read™ and provides end-point authentication with identity confirmation. The
recipient is just asked to confirm identity and click to access the message. Even in this simple case,
ZSentry collects more, and more varied, evidence than the Postal Service when delivering mail with return receipt.
How does the sender know that someone else did not open the
mail envelope at the destination? Unlike the Postal Mail, that cannot answer that question even when a return receipt is signed,
ZSentry can provide proof that the message was not intercepted before delivery to the desired person.
Using the default Click to Read™ and starting with the recipient's 1-click, ZSentry will authenticate the end-point,
the device, and the mailbox, timestamp the connection in reference to the US NIST, obtain evidence that the recipient owns or
controls the password to access that mailbox, record the message's fingerprint and also how and where the message was accessed,
request identity confirmation from the recipient (as a legally valid declaration, protected by US copyright law), and make
available other auditing records, such as when the message was
sent and when it expires. Without bothering anyone, any attempt to intercept and / or read the message is verified and logged
with a long list of details, and a Who-Where-When-What-How
notification is sent back to the sender (as desired).
Other delivery conditions can be requested by customers. Through their configuration profiles (ZSentry Dashboard)
or per message, customers can define in seconds, for example, when ZSentry should request mandatory login with two-factor authentication,
registration, the default Click to Read™ with end-point authentication and identity confirmation, or custom methods including
time-token and live authorization.
With these and other methods, ZSentry allows you to easily send a secure email with verifiable sender
to anyone in the world, without previous contact, or sending passwords, or setup. Anyone can also send
or reply to you by secure email with verifiable sender. Users and first contacts can encrypt and decrypt with one click, including
two-factor user authentication. Access control choices are configured using the ZSentry Dashboard.
ZSentry Secure Login: When you signup for secure login, you create your ZSentry Password and receive by email your
ZSentry Usercode (unpredictable but mnemonic).
Uniquely, ZSentry does not store your Usercode or Password, not even hashed (Sans Target).
The Usercode and Password enable two-factor, strong authentication, without passwords (even though, for familiarity, the
second-factor is called ZSentry Password). Time-access tokens can be used as needed.
ZSentry Return Receipt — 24/7 Auditing
Automatically, or as needed, ZSentry allows
senders to receive a Return Receipt upon data delivery. The
Return Receipt informs the sender What (data identification) was delivered, and also When (time),
Where (IP number), Who received (authenticated name and email address), and How
(browser, phone, mail client). This service is set for ZSentry App by checking the Return Receipt box in Dashboard > Tracking
and can be read by ZSentry Client when the choice is personalized through the ZSentry Dashboard. Read more
about the Return Receipt »
This is a ZSentry API (Application Programming Interface) service, available to ZSentry Mail and other ZSentry
modules. More than just expiration could provide, this is a neutral third-party service that can be requested
by the sender of a ZSentry Mail to protect and self-destruct data with no action by the
sender or recipients. Can also be used by the sender as a “kill switch” for loss prevention.
ZSentry Self-Destruct works even if the file location is multiple and unknown,
and in different time zones. Provides centralized, NIST-referenced, release and expiration time control of a disclosure window.
The technology also provides a forensic control perimeter,
with conditions defined by the sender, audited 24/7, and legally protected by well-established international laws.
This service can be set dynamically (using TaskCodes) or statically in ZSentry App. In ZSentry App it works by
selecting the desired time in the Expire selector in Dashboard > Control
where, to enable Secure Quick Reply, the expiration is set by default to 15 days (and should not be more than 31 days). This setting
can be read by ZSentry Client when the choice is personalized through the ZSentry Dashboard. Read more
about the Self Destruct »
The ZSentry Secure Vault copy can be provided with secure off-line access, allowing
archived electronic records to be decrypted locally even if there is no network access. This service can be
customized according to your organization's requirements.
Access Control / Self-Evident Security
ZSentry is designed to avoid common access control and other
problems caused by human error or misuse. Organizations can
use ZSentry for secure communication with no concern that
users will have password, technology, or device issues in any
platform. Senders can restrict who can decrypt the messages, from end-point authentication
to mandatory two-factor authentication, according to each recipient's access class.
ZSentry operates with the simplicity of conventional password systems
but without their security limitations. All
ZSentry access control methods allow for Secure Login and First Contact
without sending passwords.
Sans-Target™ End-to-End Encryption & Compliance
NO MESSAGE SCANNING. Encrypt and decrypt with one click, including two-factor user authentication. With ZSentry, your data
is protected before transmission by two-factor authentication and end-to-end
encryption, onsite, online, and at rest. The user and not ZSentry or a provider holds the keys.
No storage of your Usercode, Password, or keys anywhere, not even encrypted or hashed. ZSentry operates Sans-Target,
whereby it does not create a target (for example, a user and key directory, password files, or shared secrets) that could be attacked internally or online.
ZSentry Sans-Target technology is important for you
because the ultimate and fail-safe defense against data theft is to not have the data in the first place. All ZSentry editions
use the Sans-Target technology, which eliminates common online targets
such as username/password lists, names, email addresses, plain text user data, meta-data, and even
the encryption/decryption keys themselves, while adding two-factor mutual authentication,
adaptive security, and password-hardening.
ZSentry was designed with the principle » that security must
work even when people do what is not expected, even hostile, or when they just go BAD (Bring Any Device). With ZSentry you do not have to
limit too much your organization and customers.
ZSentry provides IT with assurance that only trusted users are accessing
confidential communications and services, and that their devices comply with established policies even with no setup.
ZSentry can be easily personalized and centralized settings are available. Users' configuration profiles (ZSentry Dashboard)
are individually encrypted and can be locked by IT so that settings cannot be changed.
ZSentry is certified as a Health IT HIPAA compliant Product under ARRA and EHR, and complies with other
regulations including HITECH Safe Harbor, GLBA, FERPA, and U.S. State Security Breach Notification Laws. Reference:
the ZSentry Regulatory Compliance Statement »
ZSentry Application Programming Interface (API) allows your custom office application or process,
running in clients, hosts or servers, to connect to ZSentry. You can then easily access the ZSentry "bare metal" API
for maximum flexibility & performance. For example, an Office, PHP, or .NET application can be triggered by
some event to send a confidential ZSentry message to a group of users, some by secure email and others by
secure SMS, and also save it in a secure file.
The ZSentry API is easy to learn, easy to use, hard to misuse, easy to write
code that uses it, and sufficiently powerful to satisfy HIPAA, Safe Harbor & other requirements. We offer developer
programs to help integrate the ZSentry API with your applications. Reference:
the ZSentry API »
Desktop and Cloud
With or without HIPAA compliance needs, your organization is
likely facing two clear choices today: Desktop or Cloud.
The Desktop choice is interesting for business users, who commonly prefer to have their data
local for privacy and control. In addition, Desktop systems such as Outlook are much easier for
corporate setup and dealing with moderate to high mail volume, incoming or outgoing. And you can
integrate data from different applications and different sources on the Desktop in ways that you
cannot do so well yet with Cloud based solutions, such as in sending secure personalized messages merging
each recipient's name and records.
On the other hand, with the Cloud choice, well-known systems such as Google Apps, Gmail, Web Outlook, and Yahoo,
offer easy access from anywhere, much lower cost (even free), 24/7 maintenance, and other benefits.
But Google Apps, Gmail, Yahoo, and other Cloud systems are not HIPAA-compliant.
The Cloud choice privacy problem is solved by ZSentry, which enables Google Apps, Gmail, Web Outlook, Yahoo
and other Cloud systems to be HIPAA-compliant. This allows the Cloud to be a good choice for
Desktop replacement also in terms of HIPAA and privacy regulatory compliance.
However, because each choice has good points (otherwise, would not be a choice), choosing
also means losing.
This problem is also solved by ZSentry, which offers
the On-Site setup, an inclusive
specialization approach that works and is regulatory-compliant, including HIPAA and HITECH Safe Harbor, for your choices of Desktop, Cloud,
Web, and Mobile systems.
With ZSentry there is no need to choose, and lose. Users can send and access secure
email anywhere, and choose the interface they want, including Gmail, Google Apps, Web Outlook, Outlook,
iPad, and iPhone, with no plugins.
Based on metrics that are important to your
case, each choice can be specialized to areas where it performs best, such as in terms of cost,
usability, and security. The same applies to Google Docs/Drive,
SMS, IM, storage and other choices.
Rather than exclude valuable choices, the ZSentry Setup
choices allow you to use each one where each performs best according to your metrics. And
use the benefits of the Cloud platform also with HIPAA-compliant messages.
HIPAA-compliant Desktop and Cloud use is further discussed in the
ZSentry On-Site use option.
software updates, software that becomes obsolete overnight, or conflicts with outdated plugins. The
options do not interfere with or change people's familiar
Cloud, Web, Desktop, Or Mobile apps, email addresses, or email providers, even as these needs change.
ZSentry is seamlessly and securely already integrated with everything
that you need to use, anywhere, and with everyone.
For example, ZSentry seamlessly integrates different platforms (Desktop, Cloud, Web, Mobile),
Operating Systems (Windows, Mac, Linux, phone), protocols (SSL/HTTP, SSL/SMTP), message exchange systems (email,
webmail, IM, SMS), storage systems (documents, files, local, remote), email gateways (Microsoft Exchange Server and
compatible systems), Mail Clients (Outlook, Thunderbird, Apple
Mail, IPad, Google Mobile), Web Browsers (Explorer, Firefox, Safari), simple & smart phones
(Android, Nokia, iPhone, Blackberry, Motorola) and, often the most difficult to satisfy,
how different people want to work.
ZSentry can be used in different setups, offering
flexibility as your needs may change.
When using ZSentry, you also benefit from the versatility offered by the various
ZSentry Use Options». The various ZSentry options allow your organization to be able
to move freely in any direction, such as Desktop and Cloud, while retaining seamless operation.
ZSentry promotes investment reuse, helping prevent escalating costs by obsolescence and
changes elsewhere. The different use choices offered by ZSentry can help in
finding further opportunities for cost avoidance, including
change reduction, for users and customers.
Uniquely, the same ZSentry message can be read anywhere, in cloud,
web, desktop, and mobile systems. You are free to choose the best setup options for your organization, confident that your
choices can have zero impact on the choices of others.
If there is one matter of clear consensus in what users want, it is that they want to use their systems without change! Further,
users want to be able to switch to cloud
or phone if they are not in the office, or if the office system is down. Users also want to communicate with their
customers and partners without asking them to change. ZSentry is unique in providing these three capabilities, through
various Use Options.
A fundamental asymmetric advantage that ZSentry offers to your organization is to enable
regulatory-compliance, including HIPAA and HITECH Safe Harbor, for all systems that people can or already know how to use, including desktop, cloud, Web mail,
texting, phones, and devices such as scanners and fax, with no changes in their operation.
To contrast, many organizations today need to comply with HIPAA and other security regulations but have various non-compliant
desktop, cloud, and phone systems that people already know how to use. To solve this problem, competing security and compliance
products often want your organization to buy new systems, and want users to change. You may be asked to restrict your organization to use
a particular interface for webmail, install plugins for a desktop mail client or Web browser, work with only one Web browser brand,
even break the way email works or ... give up on your office systems, email, SMS, or mobile.
However, this burdens users with new procedures and disrupts use when desktop updates and plugins clash, reducing productivity. This also blocks
cost-saving and desirable options, such as Web mail and phones, as they are very difficult to protect with competing technologies.
ZSentry supports varied solutions and works with multiple choices of devices in Desktop, Cloud, Web,
Mobile, and App platforms, with any OS. Read more about ZSentry: technical considerations, security and
usability, red flags to avoid, identity verification
assurances, and the ZSentry Regulatory Compliance Statement.