Q&A with ZixCorp’s Design Team — Balancing Security with the User Experience

User experience (or lack of) is often one of the biggest barriers companies face when it comes to employee buy-in and compliance of security solutions. We sat down with ZixCorp’s user design team for a peek into how they design products that aren’t just at the top of the security game — but also easy to learn and use.

Enjoy the Q&A below, and feel free to let us know your thoughts on what it takes to create a security solution that users love!

  • What goes into designing Zix solutions? 

When designing products or features, we are extremely user-focused and want to make sure we are taking their feedback into consideration. We analyze any information our product management team collects from customers and through usability studies to determine what users want We then work as a team through an iterative process to come up with the best feature design. This process really allows us to focus in on what our users want and provide them with the best product available.

  • How have you seen Zix solutions evolve over the years?

In the last five years we have worked to align all the Zix products with one another since they originally looked and operated differently. Now, a number of our products are consistent across several facets — in their look and feel, in how you access them and in the heuristics. This gives users the assurance that their experience with one Zix product will assist them when using other Zix products.

  • Do you design products differently depending on the intended users?

Absolutely! Our ZixOne administrator tool was designed specifically for the administrators that would be using it. We always have the same goal: to make the product easy-to-use by making sure buttons and tools are where the user expects them to be. Sometimes when form factors are different, the placement of controls is not consistent within the same ecosystem, like with the ZixOne phone application to the ZixOne tablet application. The experience is familiar to the user, but slightly different.

  • How does design and user experience play a role in employee adoption of a product?

We believe that if you put a product in front of users and they have to travel a large learning curve, they will reject it. If users don’t understand the product or have to ask a lot of questions about how to navigate, they tend to give up. Our goal is to avoid a situation where users give up and do not use the product.

Along those lines, our design philosophy is to provide people with interactions they are already familiar with. Apple, Android and Windows have spent a long time training people on how to use their products. It was said early on when the iPod came out that the iPod Touch was simply a training tool to teach users how to interact with an iPhone. We want to use what’s already in users’ knowledge bank to provide them with the tools they need to get the job done.

  • Are there any specific challenges to designing a security product?

Definitely. Our QA team is embedded with us and involved in the design process, from the very beginning, up until the product goes out the door. They help us catch everything, from design issues to security issues. We also have a security testing period that happens after we have designed the product to ensure that everything is secure and up to Zix standards. The testing period can change user design as well, and occasionally, we have to make compromises in order to meet security requirements.

  • Do you look to any products for design inspiration?

We are a standards-based design organization, so we look at the standards produced by Apple, Microsoft and Google and try to stick to them as closely as possible. This helps us to stay in that groove of providing something that users already understand.

  • What mistakes do others make when it comes to user experience?

One mistake is designing products that deviate from standards users understand. Designing things that are interesting or exciting can come back to haunt designers, because they could be creating a steep learning curve for adoption. It’s not that the old dog can’t learn new tricks, it’s that the old dog doesn’t want to learn new tricks. And you will find that most of your users are the same way. Yes, a product may be neat, fun and cool-looking, but they don’t want to learn something new — they just want a simple product that is easy to use.

 

Posted in Technology | Tagged , , , | Leave a comment

Customer Spotlight – Early Adopter Continues to Protect Patient Information with Email Encryption

The Final HIPAA Rule went into effect in March of last year. With its release some healthcare organizations, business associates and sub-contractors began to evaluate email encryption for assistance with compliance and to ensure protected health information was “unusable, unreadable, and indecipherable” in transit. However, many healthcare organizations, such as Bay Area Medical Center, were no strangers to the security solution.

In 2004, Bay Area Medical Center in Marinette, Wis., set a goal to meet early HIPAA compliance standards and find a solution that was transparent and easy to use. For the best solution that fit the bill, the medical center’s IT department turned to ZixCorp. Since then, Bay Area Medical Center staff has easily shared encrypted messages with patients and business associates through its use of ZixGateway.

One decade later, Bay Area Medical Center still finds Zix Email Encryption to be the best solution on the market. As Pete Eisenzoph, Director of Information Technology for Bay Area Medical Center, put it:

“When we originally selected Zix Email Encryption, we thought it was the best solution on the market. Ten years later Zix continues to be the leader and provides the ease-of-use that is so critical for our users. By routing outbound communications through ZixGateway, we gain the peace of mind that protected health information is secured and compliant with HIPAA guidelines, no matter who sends the email.”

During the last 10 years, Eisenzoph has seen email encryption take off in the state of Wisconsin. More and more healthcare providers are using Zix Email Encryption, and as a result, sending and receiving encrypted email has never been easier.

A little about Bay Area Medical Center:

  • Located in Northeast Wisconsin
  • 99-bed general acute care hospital
  • Emphasis on heart and vascular care, orthopedics and sports medicine, women’s services, diagnostic radiology, cancer treatment and emergency care

Posted in Email Encryption | Tagged , , , | Leave a comment

Why not encrypt every email? After years of innovation, now you can.

Fun Fact: Today, one million messages are encrypted by Zix on a typical business day. On average, 75 percent of these encrypted messages are sent through Zix Encryption Network to other members.

Earlier this summer we announced the unveiling of Zix Encryption Network (Z.E.N.), a growing community of now more than 10,000 businesses that enables the automatic exchange of encrypted email for all messages between members.

In honor of our growing network, we wanted to bring you even more knowledge with an in-depth eBook surrounding Z.E.N., detailing key milestones and the value of encrypting ALL emails, no matter the content.

In this eBook titled Zix Encryption Network: Years of Innovation Creates the Ultimate Network of Secure Email, you will find detailed sections of information such as:

  • Why Not Encrypt Every Email?
  • Chipping Away the Complexity
  • Automatic Email Encryption
  • A Global Community for Convenience
  • The Final Piece: Scaling to Support All Businesses

Posted in Email Encryption | Tagged , , , | Leave a comment

Announcing Inaugural Twitter Chat featuring ZDNet’s Ken Hess, Thursday August 21

On Thursday, August 21, Zix will host our first-ever Twitter chat from 1:30-2 p.m. CDT!

@ZixCorp is teaming up with ZDNet’s Ken Hess to discuss BYOD (bring-your-own-device) considerations and best practices. This is YOUR opportunity to share thoughts and ask questions around BYOD challenges, opportunities, employee buy-in and anything in between.

Who?

Our VP of Marketing, Geoff Bibby, will ask questions from our @ZixCorp Twitter handle. Our featured panelist, Ken Hess (@kenhess), who tackles BYOD and the consumerization of IT for ZDNet, will also be available to answer questions and guide the conversation. While Geoff and Ken weigh in on questions, it’s up to YOU, the participants, to keep the chat going. If you have an opinion, a story or advice of your own, share it with us!

What?

A Twitter chat is an online conversation that takes place among a group of people on Twitter about a specific topic of interest. A hashtag is used to keep track of the conversation. For this chat, we will use #BYODInsights. You will need a Twitter account to participate.

When?

Thursday, August 21, from 1:30-2 p.m. CT.

Can’t make it? We’ll be providing a recap, so check back on the blog!

Where?

We recommend using a tool to help you keep track of the chat all in one place. With tools like TweetChat or TweetDeck, you can see the real-time conversation of all tweets with the #BYODInsights hashtag. Login with your personal Twitter account, and you will be able to post all of your tweets directly from the site.

Another way to track the chat is by searching #BYODInsights in the search bar at the top of the Twitter homepage.

Why?

BYOD is full of twists and turns — with a variety of devices, new threats, many use cases and more solutions (approaches instead of solutions?) than ever before. This is a great opportunity to talk with peers and experts about what’s on your mind.

How?

  • Make sure to follow the host, @ZixCorp, since we’ll be asking most of the questions that you don’t want to miss!
  • You’ll also want to follow your featured panelist Ken Hess (@kenhess), since he’ll be sharing his expertise on BYOD.
  • Make sure you use the hashtag #BYODInsights in all of your tweets. This ensures that your tweets will be aggregated into the chat stream and people will know you’re participating.
  • We will be asking designated questions throughout the chat. Our questions will start with a “Q” and the question number. Our questions will also be IN ALL CAPS, so that they are easily distinguished from the other tweets in the stream.

Helpful Tips:

  • Be respectful of other participants. Differing opinions are always OK, but express your feelings in a courteous manner.
  • Retweet great comments and engage with other participants.

 

Hope to see you there!

 

Posted in Bring-Your-Own-Device | Tagged , , | Leave a comment

Upcoming Data Loss Prevention (DLP) Webinar: Solutions for Today’s Greatest Security Challenge

Every year, healthcare organizations, financial institutions, government agencies and businesses devote huge investments to prevent threats and boost compliance and security measures.

Yet one salient fact remains: often the worst breaches and policy violations stem from human error — well-meaning employees who have no idea that they are putting patient records, credit card information and client identities at risk.

Often, this data loss occurs through email, such as mentioning restricted information in outside correspondence or attaching documents that may violate customer or patient privacy.

Whether you have tried various failed Data Loss Prevention (DLP) strategies, were intimidated by complex and costly solutions or simply have unanswered questions, join us August 5 at 2 p.m. EDT to learn about the high-priority needs and solutions for one of today’s greatest security challenges — email DLP.

During this webinar, data protection expert John Kindervag of Forrester Research will join Dena Bauckman, ZixCorp’s Director of Product Management, to take your questions and discuss:

  • Creating a process to meet all of your DLP needs
  • ZixDLP, including superior filter, review and analysis functionality
  • And much more

Can’t make it next Tuesday? Stay tuned for an archived recording.

Posted in Data Loss Prevention, Privacy, Technology | Tagged , , , , | Leave a comment

On the Samsung Solutions Exchange, You’re Free to Roam

Employees are now demanding on-the-fly access to corporate email while on the go and flexibility to work beyond their company’s walls and secure networks. At the same time, IT is tasked with ensuring this corporate data still stays secure. However, often this security comes at the expense of employee usability and convenience.

To help bridge the gap, ZixCorp announced this morning that ZixOne is now available on the Samsung Solutions Exchange to help expand the mobile security options for enterprises using Samsung devices.

With ZixOne, companies can support and manage the increasing complexities of a mobile workforce through:

  • Protection of sensitive corporate data in email
  • Convenient employee access to corporate email
  • Compliance reporting to confirm that sensitive data is not exposed when a device is lost or stolen

Because of ZixOne’s unique “no-data-on-device” approach, employees are free to roam while accessing corporate data on their mobile device, and enterprises can rest assured knowing the risk of compromise is mitigated.

Any Questions?

Stay safe out there, and if you have any questions, just give us shout via Twitter (@ZixCorp).

Posted in Bring-Your-Own-Device, Company News | Tagged , , , | Leave a comment

Upcoming BYOD Webinar: State of Mobile Security in 2014

What BYOD challenges, security risks and technologies are companies responding to in 2014?

Find out by joining our webinar on July 15 at 2:00 p.m. ET when we showcase findings from the recent BYOD & Mobile Security Spotlight Report conducted by Holger Schulze of Information Security Community.

More than 1,000 IT decision makers were surveyed about the mobile threats facing their organizations and the BYOD solutions and strategies being used to combat them.

During this webinar, Holger and ZixCorp expert Geoff Bibby will discuss new BYOD insights, surprising trends and fresh perspectives on the state of mobile security. A Q&A will be opened up at the end.

Highlights from the report include:

  • The key drivers for BYOD are about keeping employees mobile (57 percent), satisfied (56 percent) and productive (54 percent)
  • The biggest BYOD security concerns are loss of company or client data (67 percent) and unauthorized access to company data and systems (57 percent)
  • The most common risk control measures are password protection (67 percent), followed by remote wiping of data (52 percent) and use of encryption (43 percent).

Can’t make the webinar? Stay tuned for a summary and archived recording.

Posted in Bring-Your-Own-Device, Technology | Tagged , , , | Leave a comment

Summer Fun with BYOD

It’s the time of the year to pack up the family and head on vacation! Whether your destination of choice is the beach, the mountains, or Disneyland, all that matters is spending quality time with loved ones.

Now, we all wish for a few uninterrupted days or even weeks of vacation every summer, but that just isn’t realistic in today’s connected environment. Instead, we need to find the best ways to limit those interruptions, so they don’t take away from precious time out of the office. With this in mind, we’ve come up with a few ways BYOD can bring balance and convenience to your summer vacation:

Easy to connect and disconnect

Certain BYOD solutions provide a buffer between work and personal information, allowing users to easily check what work items they need to, and then disconnect quickly. For instance, with ZixOne, you can check work email in a separate app from your personal email account, eliminating the urge to check work email when simply checking your personal account.

Less to take along

Would you like to fill that extra space in your travel bag with that new summer outfit or a work-issued device? BYOD allows you to take one device with you on vacation and leave that clunky computer or phone at home.

Keeps you sane!

When on vacation, occasionally having easy access to work email is actually a good thing. Setting aside a few minutes to read through emails, either early in the morning or after the kids go to bed, allows you to stay connected and limits the dread of going back to a full inbox.

Most secure way to check email

While it may not be on most employees’ minds, traveling can expose your devices to a number of security risks. Whether you lose your phone or connect to a rogue Wi-Fi network, there is a chance sensitive corporate data can be intercepted. With ZixOne, no corporate email resides on the phone. Instead it is securely accessed through the cloud and password-protected through the ZixOne app.

Working on vacation is not ideal, but with the right tools and self-control, it can be done efficiently and help ease the stress of returning to the office.

Here’s to a great summer vacation!

Posted in Bring-Your-Own-Device | Tagged , , , , | Leave a comment

Supreme Court Exposes Limitations of MDM Solutions

We’ve long alluded to the fact that mobile device management (MDM) has its limitations for both businesses and their employees. But hey, don’t take it from us….hear what the Supreme Court had to say in its recent ruling against cellphone searches without a warrant.

In the opinion statements, Chief Justice John G. Roberts rejected the argument that evidence won’t be able to be preserved by the police to do phone wiping or encryption:

Remote wiping can be fully prevented by disconnecting a phone from the network. There are at least two simple ways to do this . . .

He then goes on to describe the two ways:

First, law enforcement officers can turn the phone off or remove its battery. Second, if they are concerned about encryption or other potential problems, they can leave a phone powered on and place it in an enclosure that isolates the phone from radio waves.

The last bit describes the use of Faraday bags, which the Court goes on to explain in more detail.

(As a side note, it’s true that shielding the phone within a Faraday bag would prevent a remote wipe. However, such a technique would not prevent encryption from rendering the data unreadable.)

The bottom line – even the Supreme Court realizes that “wiping a phone” (the primary security defense used by MDM) is easy to circumvent and can’t be relied upon with a high degree of confidence.

While many IT admins may look towards remote wiping as a tool for BYOD security, it shouldn’t be the main piece of arsenal. At the end of the day, there are alternative methods of protection, such as keeping corporate data off the device and disabling access if the phone is lost or stolen.

What’s your take? Is remote wiping an effective or overrated security practice?

Posted in Bring-Your-Own-Device, Privacy | Tagged , , , , , , | Leave a comment

The Supreme Court’s Mobile Privacy Endorsement…and what it may mean for BYOD

This week was a landslide win for supporters of mobile privacy.

On Wednesday, the Supreme Court protected mobile privacy rights by ruling 9-0 against cellphone searches without a warrant. While this will impact the 12 million people arrested every year, it’s really just the tip of the iceberg when it comes to defining what’s reasonable in terms of mobile privacy in the digital age.

Chief Justice John G. Roberts Jr. set the stage for how cellphones play a role in our everyday lives.

Roberts, writing on behalf of the court, stated that cellphones are “such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy.”

That is, they contain the most personal details of our lives and searching a phone is as invasive – if not more so — as rummaging through someone’s home, which the Fourth Amendment protects against.

Roberts went on to say, “it is no exaggeration to say that many of the more than 90% of American adults who own a cell phone keep on their person a digital record of nearly every aspect of their lives—from the mundane to the intimate.”

The Supreme Court’s decision also has the potential to redefine what it means to have a reasonable expectation of mobile privacy and also represents a major blow to the security provided by mobile device management (MDM) solutions.

For one, the Supreme Court makes it pretty clear that mobile devices contain an exponential amount of personal information that would cause major distress if accessed without permission. We can also presume that the same amount of distress would occur if the device is wiped by an employer.

Typically, MDM policies require employees to download MDM software on their personal device. If the device is lost or stolen, an employer can send a command to wipe data from the device, ultimately deleting both corporate and personal data.

Given the decision that was just made, we would not be surprised if the discussion eventually shifted to the ethical and legal privacy concerns around MDM.

What’s your take? Does mobile device management cross the line when it comes to mobile privacy rights?

Posted in Bring-Your-Own-Device, Privacy | Tagged , , , , , , | Leave a comment