05:15 PM
news/services/saas
To comply with information security regulations, Stillwater National Bank and Trust (SNB), a subsidiary of Southwest Bancorp, had pieced together a mix of vendors' e-mail security products. But the solutions required installation on individual desktops, password-exchange by phone and end-user training, according to Jacob Mays, VP, application manager, for Stillwater, Okla.-based SNB ($2 billion in assets). Further, when users lost their passwords, the bank had to recreate the original e-mail messages and attachments, then re-encrypt and resend, he relates.
By mid-2005, the bank started looking for a solution that would automatically encrypt e-mails without requiring password exchange, Mays recalls. He adds that management wanted a single solution that also could manage security on the bank's desktop and laptop computers. SNB conducted an Internet search and spoke with other banks to identify providers and then issued an RFP in the third quarter, Mays says. SNB asked three vendors -- ZIX Corp. (Dallas), Voltage Security (Palo Alto, Calif.) and PGP -- to provide demonstrations of their products.
The bank ruled out ZIX's outsourced e-mail security service because outsourcing would have required the bank to conduct annual audits to ensure the vendor complied with data security regulations, Mays notes. In the first quarter of 2006, SNB signed a contract with Palo Alto-based PGP for the PGP Encryption Platform, largely because it is an industry standard, according to Mays. "Encryption only works if everyone speaks the same language, and many of our business partners already have security solutions," he says.
The PGP suite selected by SNB includes PGP Universal Server for central security policy enforcement, reporting and e-mail gateway encryption; PGP Desktop to protect internal e-mails; and PGP Whole Disk Encryption for data stored on internal drives and laptops. According to PGP, e-mail encryption is transparent to users, and messages are encrypted to match recipients' encryption capabilities.
To install the software, SNB simply downloaded it from a secure Web site onto a CD and then loaded it onto an existing HP (Palo Alto) server that was designated for the implementation, Mays says, noting that it was not necessary to install the software on individual desktops. With the software in place, according to Mays, employees simply have to put the word "secure" in the subject line of e-mails and the messages are encrypted automatically.
No training beyond simple instructions was required, adds Mays. "If someone forgets to write the word 'secure' in the subject line, other software looks for account numbers or Social Security numbers and will send it through the PGP system and encrypt the message," he continues.
Currently, the bank is setting up its corporate clients with the solution's outgoing encryption capabilities. Clients either can download software from a PGP Web page (they need a password to access the capability but the recipient at the bank does not) or simply reply to an already-encrypted message, according to Mays. "This is a very cost-effective and efficient system," he says.
PGP also offers complementary products that enable the Encryption Platform to scale with the bank's needs, Mays says, noting that SNB hopes to extend e-mail encryption to BlackBerry (Research In Motion; Waterloo, Ontario) devices in the future. "Best of all, it's a one-step process," he adds. "We've saved our employees time and have prevented e-mails from getting in the wrong hands."
ENCRYPTION
Institution: Stillwater National Bank and Trust (Stillwater, Okla.), a subsidiary of Southwest Bancorp.
Assets: $2 billion.
Business Challenge: Implement a security solution for encrypting confidential e-mails and data.
Solution: PGP's (Palo Alto, Calif.) PGP Encryption Platform.