State and Local Government Email Security Policy

The "business" of state and local governments present unique challenges to IT administrators and information security professionals who support and secure a complex IT infrastructure. With email being the most prevalent medium for communications, government agencies are facing an increasing set of challenges around the security and compliance policy of email communications. Proofpoint Enterprise Protection, Privacy, and Archive provide government organizations with a comprehensive solution for email compliance and security to address those challenges.

Proofpoint Enterprise Privacy helps state and local government organizations protect confidential email information and personally identifiable information (PII) by ensuring that email carrying this sensitive information is always secured, whether they be blocked from leaving an organization or in cases where the email information needs to be shared, that it is encrypted before it leaves the organization.

Proofpoint Enterprise Archive is an email archiving solution that provides features to help state and local government organizations address challenges around email storage management, eDiscovery, and regulatory compliance.

Not only is spam a cause for lost productivity, but spam has evolved into something far more nefarious: low-volume phishing attacks. Government agencies must ensure that their email security solutions are protecting them against these latest email threats. Proofpoint Enterprise Protection provides the industry's best email security threat protection against modern-day, malicious threats, with a combination of accurate threat detection, granular management based on the threat classification, and tools for response should the need arise to react to a direct attack.

» Key Capabilities
  • Spam Protection: Proofpoint Enterprise Protection provides highly accurate spam detection effectiveness (99.8%+) with near zero false positives, eliminating spam-related burdens on IT staff.

  • Email Encryption: Proofpoint Encryption provides easy-to-use email encryption, backed by a strong email policy engine that ensures all sensitive content is protected before it leaves the organization. All encrypted email messages are branded to your government organizations requirements. Recipients of Proofpoint encrypted emails follow extremely simple steps to authenticate and access their messages. No pre-registration or exchange of encryption keys is required to use Proofpoint Encryption; ad-hoc email encryption is fully supported. Proofpoint Encryption is compliant with the FIPS 140-2 standard.

  • Smart Identifiers: Proofpoint's Smart Identifier technology dramatically reduces the number of false positives. Depending on the specific Smart Identifier, a variety of checks are performed, increasing the accuracy of the detection. For example, the Smart Identifier for credit card numbers performs the Lunh Algorithm check, which validates the checksum. This prevents any random 16-digit number from being flagged as credit card number. Custom Smart Identifiers can easily be added as well. ABA Routing Numbers and Social Security Number Smart Identifiers are pre-built into the Proofpoint Enterprise Privacy solution.

  • Accurate Detection of PII: Accurate identification of PII is done utilizing a combination of Smart Identifiers along with the proximity matching. For example, the Smart Identifier for a Social Security Number is validated against the Social Security Administrations Issuance Table (valid for all SSN's issued prior to June 1, 2011), but also checks for the an indicator in close proximity to the identified number, such as "SSN:", "SS#", etc., significantly increasing the confidence level of the detection.>

  • Flexible Policy Management: granular policies can be set, allowing specific sets of users to send and receive PII via secure encryption with Proofpoint Encryption, yet prevent other groups from sending PII altogether.

  • Compliance Dashboard: Compliance officers have a dashboard view of their organization. Incidents that require review are highlighted, with one-click drill-down access to each specific incident that may require intervention or remediation. Reports summarize the number of encrypted messages that have been sent and the type of content that triggered the encryption (Credit Card Number, NPI, trade confirmations, etc.).
  • Workflow: Detailed workflow is available to provide detailed tracking against each incident. Compliance reviews can release messages by encrypting the messages, or leave messages blocked within the quarantine. Severe violations can be escalated for further review. Status of each incident in review is then logged.>

  • Flexible Remediation: The vast majority of compliance issues come from inadvertent data loss. Proofpoint Smart Send is a feature that allows administrators to selectively allow sender-based remediation. For example, a government employee may attach a spreadsheet containing PII. Smart Send can temporarily stop this message, send a notification back to the sender alerting them of the content within the message, but then also provide direct remediation options within the notification email: the ability to block that message permanently, the ability to release that message, or to encryption that message before sending. Smart Send can be enabled for the entire organization or for specific groups.

  • Best-in-class Threat Protection: Government agencies have long been a target of hackers. With phishing attacks on the rise, focused not on just end user account credentials, but increasingly on leveraging phishing emails as an entry vector to steal sensitive information from enterprise organizations, having a best-in-class threat protection system is critical when addressing any data protection strategies. Proofpoint Enterprise Protection provides the best threat protection available against these external malicious threats today.

  • Full Support for Cloud-based Email Systems (e.g., MS Office 365): Proofpoint Enterprise Privacy is available as a cloud-based solution and provides all the same rich functionality available as an on-premise solution. This also seamlessly integrates to any cloud-based email solution, such as Microsoft's Office 365, ensuring regulatory compliance while leveraging the cost benefits of the cloud.
» Use Cases
  • Secure Inter-agency Communications: Provide secure communications when your organization is conducting business with other government agencies.

  • Request for Information: Provide easy-to-use, high-speed search technology to product information quickly to comply with mandates set by the Freedom of Information Act.
» Industry Leadership / Proofpoint Difference
  • Leader in government with a proven solution deployed in multiple state and local agencies

State of CaliforniaTualatin Valley Fire & RescueCity of HoustonCity of Topeka, KansasMunicipality of AnchorageCity of Yuma, AZRoyal MailUSDA

» Why Switch From Your Current Solution?
  • Detection Accuracy of Spam: Proofpoint MLX™ machine learning technology delivers 99.8%+ anti-spam effectiveness against all types of spam.

  • Detection Accuracy of PII: No other solution on the market today provides the accurate detection of PII like Proofpoint. This ensures that all PII and CUI is encrypted, but just as importantly, does not flag information that does not require encryption to be encrypted.

  • Easy-to-Use, Fully Integrated Encryption: An easy-to-use, policy-based encryption solution, accurately identifying messages for encryption ensures your organization is maintaining compliance to privacy regulations.

  • Mobile Support for Broad Range of Devices: Proofpoint solutions are fully optimized for mobile device usage, from both the sender and recipient perspectives.  With the best mobile experience available from any solution today, this is critical as we see a growth in the variety of mobile devices in the enterprise environment.
©2014 Proofpoint, Inc.