ZSentry Secure Powered by ZSentry

How to use ZSentry to get more utility, more security, and more control.

Now you can connect and unilaterally extend the utility and security of your services and third-party products — without changing them. Create cohesive solutions providing more value to users.

For examples, touch to expand:
Expand / CollapseCan I prevent Google from reading my Inbox?
Expand / CollapseCan I prevent Google from reading my sent mail?
Expand / CollapseCan I use ZSentry for HIPAA compliant forms on my website or by email?

These and other ZSentry benefits are further presented below.

ZSentry Secure Vault
Automatically, or as requested, ZSentry can create a ZSentry Secure Vault (a secure document retention copy) at your location, or securely in the cloud as you may choose. Easy to use, access protected by two-factor authentication, and audited 24/7 with access reports that can be sent to you before access is granted.

The ZSentry Secure Vault includes the entire message and attachments, encrypted and sent as an attachment, making it easy to archive in Google Apps, add to Google Drive, and store with multiple providers. This service is set for ZSentry App by checking the box [Bcc Me] in the To/Cc bar and can be read by ZSentry Client when the choice is personalized through the ZSentry Dashboard. Afterwards, verify your Inbox filters to ensure delivery of attachments for the ZSentry Secure Vault messages. You can also setup an archive folder for the Secure Vault messages.

Protect sent mail folders
The ZSentry Secure Vault can also be used to protect the sent mail folders and relieve privacy concerns, particularly critical when using cloud providers, phones, and online systems. For example:

  • Mobile devices (phones and tablets): If you use a mobile device, please note that people are 15x more likely to loose their phone than their laptop. If you are using the device's Mail client, you should delete the plaintext sent file upon sending or have it deleted OTA (over-the-air) regularly by your service administration. Enable the ZSentry Secure Vault for secure archiving of your sent mail.
  • Google Apps or Gmail: You should enable the ZSentry Secure Vault for secure archiving of your sent mail. You can delete the plaintext sent file upon sending, automate deletion, or prevent it from being created in the first place. See instructions at Google How-To»
  • Outlook and other Mail clients: You may keep the plaintext sent file if advised by your IT. Enable the ZSentry Secure Vault for secure archiving of your sent mail.

Leak deterrent and alarm
For enhanced security compartmentalization, to help prevent leaks, improper access, and internal attacks, organizations may include Vault Audit protection. For example, a live authorization or additional confirmation can be requested, logged and sent with What-Who-Where-How-When and other tracking information, every time a Secure Vault copy is to be accessed.

Read more about the Secure Vault »

Personalization / ZSentry Dashboard
The organization or users can personalize their configuration profiles (Dashboard), defining how ZSentry sends secure email and what is required from recipients according to their access class. The users' configuration profiles are individually encrypted. In their domain, organizations may centralize and lock their users' personalized choices.

Before you personalize, please note that ZSentry is already provided "out of the box" with a Default HIPAA-compliant configuration that improves usability. The configuration is auditable, with access control by means of automatic mailbox and end-point authentication, login monitoring, and expiration control. It enables secure first-contact and reply (Secure Quick Reply) with verified recipient online identity, without requiring the recipient to register.  To enable Secure Quick Reply, the Expiration Time is set by default to 15 days (and should not be more than 31 days).

Personalization includes a range of sender-defined choices for access control, including mandatory recipient registration and mandatory login according to access class, document control, delivery and tracking. After you personalize ZSentry you can personalize your configuration as the new Default.

The personalized choices are verified and set using the ZSentry Dashboard. To access the Dashboard, login using ZSentry App»  (bookmark the link for easy access) and look for the Dashboard / Delivery control at the bottom. When you are done, make sure that you click Dashboard / Personalize / Save to make it the active for the ZSentry Client and become the new Default for ZSentry App. Otherwise, you will use that setting only during your current ZSentry App session, and not with ZSentry Client.

The ZSentry Dashboard choices are further explained in the Dashboard technical section »

Google Apps and Gmail users: See also ZSentry for Google Apps How-To »

Branding
Included but optional. You can add your logo in the email. You are also be able to add your Organization Name on the top banner, on the Secure Quick Reply service, and to all your user accounts, which ZSentry will digitally certify and securely present to recipients before and after decryption. The Organization Name must be your legal personal name, or the organization's legal name, or a valid DBA.

First Contact, Secure Access Control and Login
Good fences make good neighbors. With ZSentry, the choice is yours which good fence to use. Senders can control access and file sharing with two-factor authentication login, required signup, end-point authentication and identity confirmation, and custom methods including time-token and live authorization.

ZSentry access control includes effective delivery conditions for secure first contact, all with high usability. The default secure first contact delivery condition is also the most simple and usable delivery condition that the sender can choose. It is called Click to Read™ and provides end-point authentication with identity confirmation. The recipient is just asked to confirm identity and click to access the message. Even in this simple case, ZSentry collects more, and more varied, evidence than the Postal Service when delivering mail with return receipt.

How does the sender know that someone else did not open the mail envelope at the destination? Unlike the Postal Mail, that cannot answer that question even when a return receipt is signed, ZSentry can provide proof that the message was not intercepted before delivery to the desired person.

Using the default Click to Read™ and starting with the recipient's 1-click, ZSentry will authenticate the end-point, the device, and the mailbox, timestamp the connection in reference to the US NIST, obtain evidence that the recipient owns or controls the password to access that mailbox, record the message's fingerprint and also how and where the message was accessed, request identity confirmation from the recipient (as a legally valid declaration, protected by US copyright law), and make available other auditing records, such as when the message was sent and when it expires. Without bothering anyone, any attempt to intercept and / or read the message is verified and logged with a long list of details, and a Who-Where-When-What-How notification is sent back to the sender (as desired).

Other delivery conditions can be requested by customers. Through their configuration profiles (ZSentry Dashboard) or per message, customers can define in seconds, for example, when ZSentry should request mandatory login with two-factor authentication, registration, the default Click to Read™ with end-point authentication and identity confirmation, or custom methods including time-token and live authorization.

With these and other methods, ZSentry allows you to easily send a secure email with verifiable sender to anyone in the world, without previous contact, or sending passwords, or setup. Anyone can also send or reply to you by secure email with verifiable sender. Users and first contacts can encrypt and decrypt with one click, including two-factor user authentication. Access control choices are configured using the ZSentry Dashboard.

ZSentry Secure Login: When you signup for secure login, you create your ZSentry Password and receive by email your ZSentry Usercode (unpredictable but mnemonic). Uniquely, ZSentry does not store your Usercode or Password, not even hashed (Sans Target). The Usercode and Password enable two-factor, strong authentication, without passwords (even though, for familiarity, the second-factor is called ZSentry Password). Time-access tokens can be used as needed.

ZSentry Return Receipt — 24/7 Auditing
Automatically, or as needed, ZSentry allows senders to receive a Return Receipt upon data delivery. The Return Receipt informs the sender What (data identification) was delivered, and also When (time), Where (IP number), Who received (authenticated name and email address), and How (browser, phone, mail client). This service is set for ZSentry App by checking the Return Receipt box in Dashboard > Tracking and can be read by ZSentry Client when the choice is personalized through the ZSentry Dashboard. Read more about the Return Receipt »

Self Destruct
This is a ZSentry API (Application Programming Interface) service, available to ZSentry Mail and other ZSentry modules. More than just expiration could provide, this is a neutral third-party service that can be requested by the sender of a ZSentry Mail to protect and self-destruct data with no action by the sender or recipients. Can also be used by the sender as a “kill switch” for loss prevention.

Enforce Non-Disclosure
ZSentry Self-Destruct works even if the file location is multiple and unknown, and in different time zones. Provides centralized, NIST-referenced, release and expiration time control of a disclosure window. The technology also provides a forensic control perimeter, with conditions defined by the sender, audited 24/7, and legally protected by well-established international laws.

This service can be set dynamically (using TaskCodes) or statically in ZSentry App. In ZSentry App it works by selecting the desired time in the Expire selector in Dashboard > Control where, to enable Secure Quick Reply, the expiration is set by default to 15 days (and should not be more than 31 days). This setting can be read by ZSentry Client when the choice is personalized through the ZSentry Dashboard. Read more about the Self Destruct »

Off-line Access
The ZSentry Secure Vault copy can be provided with secure off-line access, allowing archived electronic records to be decrypted locally even if there is no network access. This service can be customized according to your organization's requirements.

Access Control / Self-Evident Security
ZSentry is designed to avoid common access control and other problems caused by human error or misuse. Organizations can use ZSentry for secure communication with no concern that users will have password, technology, or device issues in any platform. Senders can restrict who can decrypt the messages, from end-point authentication to mandatory two-factor authentication, according to each recipient's access class.

ZSentry operates with the simplicity of conventional password systems but without their security limitations. All ZSentry access control methods allow for Secure Login and First Contact without sending passwords.

Sans-Target™ End-to-End Encryption & Compliance
NO MESSAGE SCANNING. Encrypt and decrypt with one click, including two-factor user authentication. With ZSentry, your data is protected before transmission by two-factor authentication and end-to-end encryption, onsite, online, and at rest. The user and not ZSentry or a provider holds the keys. No storage of your Usercode, Password, or keys anywhere, not even encrypted or hashed. ZSentry operates Sans-Target, whereby it does not create a target (for example, a user and key directory, password files, or shared secrets) that could be attacked internally or online.

ZSentry Sans-Target technology is important for you because the ultimate and fail-safe defense against data theft is to not have the data in the first place. All ZSentry editions use the Sans-Target technology, which eliminates common online targets such as username/password lists, names, email addresses, plain text user data, meta-data, and even the encryption/decryption keys themselves, while adding two-factor mutual authentication, adaptive security, and password-hardening.

ZSentry was designed with the principle » that security must work even when people do what is not expected, even hostile, or when they just go BAD (Bring Any Device). With ZSentry you do not have to limit too much your organization and customers.

ZSentry provides IT with assurance that only trusted users are accessing confidential communications and services, and that their devices comply with established policies even with no setup. ZSentry can be easily personalized and centralized settings are available. Users' configuration profiles (ZSentry Dashboard) are individually encrypted and can be locked by IT so that settings cannot be changed.

ZSentry is certified as a Health IT HIPAA compliant Product under ARRA and EHR, and complies with other regulations including HITECH Safe Harbor, GLBA, FERPA, and U.S. State Security Breach Notification Laws. Reference: the ZSentry Regulatory Compliance Statement »

ZSentry API
ZSentry Application Programming Interface (API) allows your custom office application or process, running in clients, hosts or servers, to connect to ZSentry. You can then easily access the ZSentry "bare metal" API for maximum flexibility & performance. For example, an Office, PHP, or .NET application can be triggered by some event to send a confidential ZSentry message to a group of users, some by secure email and others by secure SMS, and also save it in a secure file.

The ZSentry API is easy to learn, easy to use, hard to misuse, easy to write code that uses it, and sufficiently powerful to satisfy HIPAA, Safe Harbor & other requirements. We offer developer programs to help integrate the ZSentry API with your applications. Reference: the ZSentry API »

Desktop and Cloud
With or without HIPAA compliance needs, your organization is likely facing two clear choices today: Desktop or Cloud.

The Desktop choice is interesting for business users, who commonly prefer to have their data local for privacy and control. In addition, Desktop systems such as Outlook are much easier for corporate setup and dealing with moderate to high mail volume, incoming or outgoing. And you can integrate data from different applications and different sources on the Desktop in ways that you cannot do so well yet with Cloud based solutions, such as in sending secure personalized messages merging each recipient's name and records.

On the other hand, with the Cloud choice, well-known systems such as Google Apps, Gmail, Web Outlook, and Yahoo, offer easy access from anywhere, much lower cost (even free), 24/7 maintenance, and other benefits. But Google Apps, Gmail, Yahoo, and other Cloud systems are not HIPAA-compliant.

The Cloud choice privacy problem is solved by ZSentry, which enables Google Apps, Gmail, Web Outlook, Yahoo and other Cloud systems to be HIPAA-compliant. This allows the Cloud to be a good choice for Desktop replacement also in terms of HIPAA and privacy regulatory compliance.

However, because each choice has good points (otherwise, would not be a choice), choosing also means losing.

This problem is also solved by ZSentry, which offers the On-Site setup, an inclusive specialization approach that works and is regulatory-compliant, including HIPAA and HITECH Safe Harbor, for your choices of Desktop, Cloud, Web, and Mobile systems.

With ZSentry there is no need to choose, and lose. Users can send and access secure email anywhere, and choose the interface they want, including Gmail, Google Apps, Web Outlook, Outlook, iPad, and iPhone, with no plugins. Based on metrics that are important to your case, each choice can be specialized to areas where it performs best, such as in terms of cost, usability, and security. The same applies to Google Docs/Drive, SMS, IM, storage and other choices.

Rather than exclude valuable choices, the ZSentry Setup choices allow you to use each one where each performs best according to your metrics. And use the benefits of the Cloud platform also with HIPAA-compliant messages.

HIPAA-compliant Desktop and Cloud use is further discussed in the ZSentry On-Site use option.

Always Current
No software updates, software that becomes obsolete overnight, or conflicts with outdated plugins. The options do not interfere with or change people's familiar Cloud, Web, Desktop, Or Mobile apps, email addresses, or email providers, even as these needs change.

Seamless integration
ZSentry is seamlessly and securely already integrated with everything that you need to use, anywhere, and with everyone. For example, ZSentry seamlessly integrates different platforms (Desktop, Cloud, Web, Mobile), Operating Systems (Windows, Mac, Linux, phone), protocols (SSL/HTTP, SSL/SMTP), message exchange systems (email, webmail, IM, SMS), storage systems (documents, files, local, remote), email gateways (Microsoft Exchange Server and compatible systems), Mail Clients (Outlook, Thunderbird, Apple Mail, IPad, Google Mobile), Web Browsers (Explorer, Firefox, Safari), simple & smart phones (Android, Nokia, iPhone, Blackberry, Motorola) and, often the most difficult to satisfy, how different people want to work.

Flexibility
ZSentry can be used in different setups, offering flexibility as your needs may change.

Versatility
When using ZSentry, you also benefit from the versatility offered by the various ZSentry Use Options». The various ZSentry options allow your organization to be able to move freely in any direction, such as Desktop and Cloud, while retaining seamless operation.

Adaptability
ZSentry promotes investment reuse, helping prevent escalating costs by obsolescence and changes elsewhere. The different use choices offered by ZSentry can help in finding further opportunities for cost avoidance, including change reduction, for users and customers.

Zero Impact
Uniquely, the same ZSentry message can be read anywhere, in cloud, web, desktop, and mobile systems. You are free to choose the best setup options for your organization, confident that your choices can have zero impact on the choices of others.

No Change
If there is one matter of clear consensus in what users want, it is that they want to use their systems without change! Further, users want to be able to switch to cloud or phone if they are not in the office, or if the office system is down. Users also want to communicate with their customers and partners without asking them to change. ZSentry is unique in providing these three capabilities, through various Use Options.

Asymmetric Advantage
A fundamental asymmetric advantage that ZSentry offers to your organization is to enable regulatory-compliance, including HIPAA and HITECH Safe Harbor, for all systems that people can or already know how to use, including desktop, cloud, Web mail, texting, phones, and devices such as scanners and fax, with no changes in their operation.

To contrast, many organizations today need to comply with HIPAA and other security regulations but have various non-compliant desktop, cloud, and phone systems that people already know how to use. To solve this problem, competing security and compliance products often want your organization to buy new systems, and want users to change. You may be asked to restrict your organization to use a particular interface for webmail, install plugins for a desktop mail client or Web browser, work with only one Web browser brand, even break the way email works or ... give up on your office systems, email, SMS, or mobile.

However, this burdens users with new procedures and disrupts use when desktop updates and plugins clash, reducing productivity. This also blocks cost-saving and desirable options, such as Web mail and phones, as they are very difficult to protect with competing technologies.

More...
ZSentry supports varied solutions and works with multiple choices of devices in Desktop, Cloud, Web, Mobile, and App platforms, with any OS. Read more about ZSentry: technical considerations, security and usability, red flags to avoid, identity verification assurances, and the ZSentry Regulatory Compliance Statement.

Main Technical Notes
Overview   Key Features   ZSentry App   ZSentry Client   API   Smart IT   SAML & SSO
  Security   Usability   HIPAA & HITECH   Experience   Why ZSentry?   Red Flags   SUMMARY

Development and © by NMA

Trademarks and Copyrights as described in our Legal Statement. We protect Your Privacy.