Titus Aware for Microsoft Outlook

Educating users about data loss prevention (DLP) could be a time-consuming and, frequently, disheartening experience, so why not cause them to a part of the method instead? That is what Titus Aware (TA) for Microsoft Outlook aims to do by blocking emails which are unacceptable for business use and getting the sender to alter them so they comply.

TA checks email on the desktop, so there aren't any network overheads as anything that does not follow your policies cannot be sent. This also means TA works with virtually any mail server, including Microsoft Exchange, and there aren't any requirements for management of hardware/software components.

TA requires a small MSI package to be deployed to every user, and this supports all versions of Outlook from 2003 onwards. We loaded this manually on our Windows 7 Outlook 2007 test clients, but for giant user bases it usually is deployed using a gaggle Policy or third-party software deployment tool.

The only other change required is a registry entry that points the customer to the placement of the policy enforcement files. This may even be configured using the similar methods as for the MSI file and lets you keep all policy files in a central location. Security policies are managed using the TA Administration Tool. For every policy, it uses a proprietary file that contains global settings to manipulate the TA client and links to sets of associated XML content validation files. Each file contains information on one specific area of content validation. The diversity of controls is extensive as these files can contain lists of permitted external mail domains and countries, restricted domains, attachment controls and mail content checks.

For attachments, TA can restrict the file types that could be sent and enforce size limitations. It is going to also scan them to detect keywords and phrases of their content. TA currently supports all versions of Word, Excel and PowerPoint, at the side of Visio, OneNote, OpenOffice and PDFs; it could also look inside archives. For message content you may run checks using XML files containing lists of unacceptable words or phrases and apply patterns which includes mastercard or social security numbers. Advisory headers and footers could be included in outbound messages and metadata added which is utilized by security gateways to match that messages was seen by TA.

We found the administration console easy to exploit because it groups the policy components under a row of tabbed folders. Global settings are used to come to a decision whether a touch screen is shown when a user loads Outlook. TA may also be enabled for Outlook's calendar and tasks so DLP policies might be applied to shared appointments and job assignments. Another useful feature is TA's one-click message classification. If here is activated, users can choose from a catalogue of classifications, on the way to determine what checks are applied. Emails classed as internal could have a discounted set of content-check policies applied, but those classed by the user as external can be more rigorously checked.

Very little training is needed for the user because the next time they load Outlook, create an email or respond to one they'll see a brand new set of icons within the Ribbon. Previous to sending the e-mail they may be able to hit the content check button and notice if it passes the policy checks. If it doesn't, a dialogue box advises them; in the event that they prefer to correct it, the TA client provides an easy wizard showing them what must be modified or removed.

If the user doesn't check the message first and tries to send it, all checks will still be applied and they're going to get an analogous warning and assistance if it fails validation. If the policy has justification enabled in its global settings, the user may override the content checks and send the message anyway. However, they should first type in a cause of doing so and this response could be logged by TA.Should they receive an internal message from a co-worker that they need to forward externally, they're allowed to switch its classification and downgrade it, but also will have to justify this.

Maintaining all control and XML files in a central location allows administrators to assign policies to teams or individuals. Many policies can have a core set of validation checks so some XML files could be shared among different user groups.

Auditing features are limited as TA can only post all activities inside the Windows Event log. It does provide good levels of knowledge, but when it's essential to use it for reporting and auditing purposes you will want to source a separate application which can access these logs.

Titus Aware offers an elegantly simple DLP solution for Outlook users. Actively engaging users inside the process will lead them to much more familiar with what's acceptable for business email.
Dave Mitchell