Proofpoint: Security, Compliance and the Cloud

In case you missed it, Proofpoint issued a press release on Friday, announcing that Proofpoint has been positioned by Gartner, Inc. in the leaders quadrant of the 2011 "Magic Quadrant for Secure Email Gateways" report (for the full release see, "Proofpoint Positioned in the Leaders Quadrant in 2011 Magic Quadrant for Secure Email Gateways").

As we've done in previous years, Proofpoint has licensed a reprint of the new report and you can read it by visiting the following URL (or by completing the form at the bottom of this post):

http://www.proofpoint.com/email-security-magic-quadrant

Quoted in the announcement, Proofpoint CEO Gary Steele said, “We believe Proofpoint’s positioning by Gartner in the leaders quadrant is a great confirmation of our continued success in helping large, global enterprises control a wide variety compliance and security risks associated with email. Proofpoint continues to lead the market with a focus on security, innovation and customer satisfaction, delivering solutions for email security, encryption, data loss prevention and email archiving that help organizations reduce costs while making email safe, secure, compliant and easier to manage. We continue to see some of the largest and most security conscious organizations worldwide switching from legacy email security solutions to Proofpoint.”

Writing in the “Magic Quadrant for Secure Email Gateways,” Gartner analysts Peter Firstbrook and Eric Ouellet note that, “The secure email gateway market is a mature market. Buyers must look at advanced functionality, service delivery, vertical integration of related email products and strategic vendor relationships to differentiate solutions.”

Gartner also says that, “Policy-based encryption is an increasingly important capability and a significant differentiator of leading products.” Explaining further that, “The adoption of DLP drives the adoption of encryption. Companies that search for sensitive or private information in email often find it. However, exchanging this content with third parties is often a business imperative, and blocking it outright is rarely an option. Encryption becomes an enabling tool to send sensitive content safely and in compliance with regulations.”

To read a copy of the complete Gartner report, register at the following link — Gartner 2011 Magic Quadrant for Secure Email Gateways — or simply complete the form below:

Many thanks to our partners, fans, friends and customers for helping Proofpoint reach an amazing milestone announced today: Our 32nd sequential quarter - yes, eight straight years - of record Proofpoint revenue.

The dynamics driving Proofpoint's growth in Q2 2011 were similar to those we've seen in recent quarters: A renewed focus in the enterprise on security and threat management,  an increasing number of competitive displacements and a growing interest in cloud-based deployments are playing a huge role.

Quoted in today's press release, our CEO, Gary Steele remarked, “Recent high-profile attacks and data breaches such as those that have struck RSA, Epsilon, U.S. National Laboratories and the International Monetary Fund, among others, have prompted organizations in every industry to re-evaluate their current solutions with an eye toward increasing effectiveness, better securing private data and improving  compliance with regulations. Our solutions meet all of those requirements, which is why – in head-to-head evaluations against competitors – Proofpoint wins nearly 100 percent of the time.”

The full press release describes some of the important large enterprise deals Proofpoint won during Q2 across our key vertical markets including financial services, retail, energy, healthcare and other industries.

Proofpoint added more than one million mailboxes under protection, as those customers replaced solutions from Proofpoint competitors including McAfee (solutions such as CipherTrust, IronMail, McAfee Email Gateway), Google (Postini) and Cisco (IronPort) with Proofpoint’s email security, data loss prevention, email encryption and email archiving solutions.

If your organization is looking for better protection against today's email-related threats, one way to learn more about Proofpoint's solutions is to register for one of our upcoming live demonstrations. Current users of McAfee solutions might be especially interest in downloading our Comparison Guide: Proofpoint Enterprise Vs. McAfee Email Gateway, which you can also access immediately by simply completing the form below:

In a special mobile security edition of SC Magazine, Clayton Homes demonstrates how they are leveraging Proofpoint to increase email security.

Clayton Homes, established in 1934 and acquired by Warren Buffet in 2003, is the largest manufacturer of mobile, modular, and manufactured houses in the United States.  In order to keep in touch with its customers at all times, Clayton Homes encourages its employees to use consumerized IT devices to send and receive emails.  These email messages often contain sensitive data such as financial, manufacturing, and proprietary designs that could lead to a loss of customer confidence and regulatory compliance fines if stolen or lost.

After evaluating several solutions, Clayton Homes chose Proofpoint Enterprise Protection (SaaS email security) and Enterprise Privacy (data loss prevention and email encryption) to help manage the substantial security and compliance risks posed by mobile email. 

Jodie Swafford, information security manager at Clayton Homes, noted, “We looked for one that was cost effective and could provide us with strong security and compliance across multiple mobile platforms as well as offer control, flexibility and scalability.”

Proofpoint Enterprise Protection helps to prevent spam, viruses, malware, and phishing for inbound and outbound email while Enterprise Privacy defends against leaks of confidential information and ensures compliance with common international, industry and US data protection regulations.

Swafford outlined how easy it was to start protecting sensitive data, “With Proofpoint, we were able to use out-of-the-box rule sets, tweak them slightly as needed, and even create custom rules for different business units.  Once rule sets were defined, we really only need to turn Proofpoint on.  It immediately began governing all email communications at the rate of thousands per day.”

As with many of our customer cases, Proofpoint’s products can help reduce overall costs by lowering time spent on IT administration, saving employees from time spent sorting spam and preventing data breaches and regulatory fines.

Click here to read the full case study (reprinted from SC Magazine) and as all always, you can check out our Learning Center for more.

Proofpoint's live web seminar series continues next week with a brand new topic, Microsoft Office 365: Meeting Encryption, Privacy and Compliance Requirements, presented at two times (7 AM PT/10 AM ET and again at 11 AM PT / 2 PM ET) on Wednesday, July 20th, 2011.

Pictured at left is special guest Mike Blake, CIO of Hyatt Hotels Corporation, who will be joining us to share how his organization is using Proofpoint to ensure that their Microsoft Office 365 deployment meets a variety of compliance requirements.

This is a rare opportunity to hear first hand about how one of the world's leading organizations is leveraging the cloud to achieve its security and compliance objectives.

If your organization is moving - or thinking about moving - to Microsoft's next-generation hosted email environment, you are not going to want to miss this one!

Come and learn about the compliance and security features built into Office 365 and how those match today's enterprise data protection and privacy requirements. You'll also learn about our newest solution, Proofpoint Compliance for Office 365, and how it enhances Office 365's encryption, data loss prevention, archiving and security capabilities.

As always, registered attendees will receive a link to a replay of the webinar and we'll answer your questions live, during a Q&A session. Follow the link below to register:

 Register for Microsoft Office 365: Meeting Encryption, Privacy and Compliance Requirements »

On the heels of Microsoft's official global launch of Microsoft Office 365, the company's newest cloud-based offering that combines productivity apps with hosted Microsoft Exchange email, Proofpoint has introduced a new solution, Proofpoint Compliance for Office 365.

Proofpoint Compliance for Office 365 (Proofpoint's press release here) adds advanced, enterprise-class email privacy, data loss prevention, encryption and archiving/eDiscovery features to any Office 365 deployment.

While much of the coverage of Microsoft's introduction today has focused on the potential for Office 365 in the small- and medium-sized business market, Microsoft is also targeting the enterprise market with, "an array of choices, from simple email to comprehensive suites to meet the needs of midsize and large businesses, as well as government organizations."

Proofpoint specializes in meeting the advanced security and compliance needs of medium and large enterprises and understands that even in a well-specified product like Office 365, there are gaps between actual product functionality and the needs of large enterprises — especially those in regulated industries.

So, to that end, Compliance for Office 365 combines the features of Proofpoint Enterprise Privacy (data loss prevention, email encryption), Proofpoint Enterprise Archive (archiving and eDiscovery) and Proofpoint Enterprise Protection (inbound/outbound email security) to greatly extend the core security and compliance features of Office 365's messaging environment.

In short, it helps ensure compliance for a wide variety of data protection and privacy mandates including the "alphabet soup" of HIPAA/HITECH, SOX, GLBA, PCI, FERPA, FINRA and SEC regulations.

Proofpoint followers won't really be surprised by this, as the concept is very similar to the work we already do with many large Microsoft BPOS customers such as the USDA.

To learn more about the features of Compliance for Office 365, check out our new product page or register for our July 20th live web seminar, Microsoft Office 365: Meeting Encryption, Privacy and Compliance Requirements, where we'll detail the compliance and security features that come built into Office 365, and  how those match to enterprise requirements for data protection and privacy.

For the PDF-minded, we also have a new datasheet on Compliance for Office 365.

We're proud to welcome Adventist Health to the roster of leading healthcare organizations that use Proofpoint Enterprise Protection and Proofpoint Enterprise Privacy to ensure the security, privacy and confidentiality of patient data while also protecting employees from spam, viruses and other malicious email.

Adventist Health is a leading West Coast healthcare provider with 17 hospitals and more than 130 clinics and outpatient facilities located across California, Hawaii, Oregon and Washington—and about 18,000 email inboxes to protect.

When Adventist sought to replace its legacy email security solution with a more flexible, effective and easier-to-manage SaaS solution, they turned to Proofpoint, after consulting Gartner's 2010 Magic Quadrant for Secure Email Gateways.

Quoted in our full press release issued today, Adventist's information security officer, Alain Bouit, explained that improving the security of patient information and providing better service was a primary goal of the switch to Proofpoint.

“In any email security solution, a primary goal is to protect patient information. If a patient believes we are taking care of their personal information properly, it is one of the factors that helps ensure confidence to patients about our abilities as a provider,” says Bouit. “After examining many solutions, Proofpoint was the best fit because it had the flexibility to handle regulatory compliance, as well as protect patient personal health records.”

If you're tasked with protecting personal healthcare information for your organization, you can learn more about how Proofpoint provides superior defense against email-borne threats and comprehensive protection against exposures of HIPAA-regulated data by requesting a Proofpoint HIPAA Risk Assessment.

Visit: http://go.proofpoint.com/HIPAA-Risk-Assessment-Audit.html

The team staffing the Proofpoint booth (stand #F50) at Infosecurity Europe 2011 tell me that they've been having a great show with a lot of traffic to the booth and some terrific interactions.

One thing that seems to be a huge hit is our Infosec security survey. If you drop by the Proofpoint stand and take our short online survey on email security, encryption and mobility issues, you'll be entered into our drawing to win an Apple iPad 2. With one more day to go, there's still time to enter!

 As I write this post, I see that our survey has fewer than 400 responses so far... so your chances of winning are quite good. One of the things we're asking attendees is whether their organization has deployed an email encryption solution. The chart below shows the live results from that question so far:

In other Infosecurity Europe related news, yesterday at the show Proofpoint and IT services company brightsolid announced a channel partnership whereby brightsolid will offer Proofpoint's cloud-based email archiving, email security and data loss prevention solutions in the UK. 

That partnership off to a terrific start with publishing company DC Thomson already having signed a multi-year subscription to Proofpoint's email security and archiving solutions through brightsolid.

Following up on my previous video post featuring some great anti-phishing and password tips from Proofpoint customer Tony Hidlesheim of Redwood Credit Union, here are two more videos where Tony talks about how his organization uses Proofpoint to secure inbound email while preventing data loss via outbound email and HTTP traffic.

Redwood Credit Union is the 10th largest credit union in the state of California. In part one of our video interview, Tony explains how the credit union uses Proofpoint for email security while also applying those same security policies to HTTP (web or "port 80") traffic. Tony also shares some security insights about social media and the security.

Thanks again to Tony and the rest of our friends at Redwood Credit Union for taking the time to share these perspectives with me!

(And as a reminder: If you're a customer and would like to share your Proofpoint story with us, do send us an email to pr@proofpoint.com!)

Earlier this year, Ken Liao and I presented a webinar on our "Top Ten Privacy Predictions for 2011" and one of those predictions was that we'd see at least one enforcement action under the Massachusetts data protection law (201 CMR 17).

While that predication has not exactly come to pass, today's announcement from the attorney general of Massachusetts shows that the state is extremely serious about enforcing its data privacy laws.

A press release from the Mass AG's office today, "Major Boston Restaurant Group That Failed to Secure Personal Data to Pay $110,000 Under Settlement with AG Coakley," announces that the restaurant group Briar Group, LLC will pay a $110,000 fine, ensure compliance with Massachusetts data security regualtions, ensure compliance with PCI-DSS and will upgrade their computer security systems.

“When consumers use their credit and debit cards at Massachusetts establishments, they have an expectation that their personal information will be properly protected,” said Massachusetts attorney general, Marth Coakley in the statement.  “In this instance, the Briar Group did not take proper protections to protect customers’ personal information. In addition to the payment, this agreement also works to ensure that steps have been taken to protect consumer information moving forward. Our office will continue to take action against companies that fail to implement basic security measures on their computer systems to protect the sensitive information entrusted to them by consumers.”

As the Mass AG's press release points out, the data breach at Briar Group happened prior to the effective date of the Massachusetts data security regulations (and, hence, my prediction has not quite come true yet), but the data security standards set forth in those regulations were used in the settlement.

For more info on 201 CMR 17 and other privacy and data protection resources, see the privacy predictions link I mentioned earlier in this post.

Tuesdays often bring new music and movie releases, Microsoft patches and, here at Proofpoint this particular Tuesday brings some new mobile apps and video demonstrations of the same.

In my previous blog post, I mentioned we'd be drilling down on some of these new features. In these short videos, Proofpoint product marketing manager Namson Tran walks us through the highlights of our mobile archiving, mobile dashboard and mobile encryption capabilities. Check it out!

This is the Proofpoint Mobile Archive app, which extends Proofpoint Enterprise Archive to iPhone users, allowing for search anytime, anywhere...

Proofpoint administrators can use the Proofpoint Mobile Dashboard app to keep up with Proofpoint news and global spam detection effectiveness, status of their support tickets and view information on their Proofpoint Enterprise deployments:

Making on-the-go access to encrypted email easy for mobile users is another goal of Proofpoint Mobile and here, Namson demonstrates the Proofpoint Decrypt Assist features of Proofpoint Encryption. Decrypt Assist works with any mobile smartphone with a web browser (including Android, BlackBerry, iPhone and Windows 7 Phone)...

To learn more about the capabilities of Proofpoint Mobile, see our new information page here.

And Android users, we've heard your requests for 'droid versions of Proofpoint apps... but it never hurts to share your requests once again. Let us know what platforms and capabilities you'd like to see Proofpoint support in future apps by commenting here in the blog!