Titus Aware for Microsoft Outlook
Strengths: Minimal requirements, simple deployment, versatile policy-based content validation, increases user awareness of data security
Weaknesses: Limited reporting facilities, muddled documentation
Verdict: Simplifies the enforcement of DLP policies for Outlook users and involving them in the process will heighten awareness of data security
Educating users about data loss prevention (DLP) can be a time-consuming and, frequently, disheartening experience, so why not make them part of the process instead? That's what Titus Aware (TA) for Microsoft Outlook aims to do by blocking emails that are unacceptable for business use and getting the sender to change them so that they comply.
TA checks email at the desktop, so there are no network overheads as anything that doesn't comply with your policies can't be sent. This also means TA works with virtually any mail server, including Microsoft Exchange, and there are no requirements for management of hardware/software components.
TA requires a small MSI package to be deployed to each user, and this supports all versions of Outlook from 2003 onwards. We loaded this manually on our Windows 7 Outlook 2007 test clients, but for large user bases it can be deployed using a Group Policy or third-party software deployment tool.
The only other change required is a registry entry that points the client to the location of the policy enforcement files. This can also be configured using the same methods as for the MSI file and allows you to keep all policy files in a central location. Security policies are managed using the TA Administration Tool. For each policy, it uses a proprietary file that contains global settings to control the TA client and links to sets of associated XML content validation files. Each file contains information on one specific area of content validation. The range of controls is extensive as these files can contain lists of permitted external mail domains and countries, restricted domains, attachment controls and mail content checks.
For attachments, TA can restrict the file types that may be sent and enforce size limitations. It can also scan them to detect keywords and phrases in their content. TA currently supports all versions of Word, Excel and PowerPoint, along with Visio, OneNote, OpenOffice and PDFs; it can also look inside archives. For message content you can run checks using XML files containing lists of unacceptable words or phrases and apply patterns such as credit card or social security numbers. Advisory headers and footers can be included in outbound messages and metadata added that is used by security gateways to check that messages have been seen by TA.
We found the administration console easy to use as it groups the policy components under a row of tabbed folders. Global settings are used to decide whether a splash screen is shown when a user loads Outlook. TA can also be enabled for Outlook's calendar and tasks so DLP policies can be applied to shared appointments and job assignments. Another useful feature is TA's one-click message classification. If this is activated, users can pick from a list of classifications, which will determine what checks are applied. Emails classed as internal may have a reduced set of content-check policies applied, but those classed by the user as external will be more rigorously checked.
Very little training is required for the user as the next time they load Outlook, create an email or reply to one they'll see a new set of icons in the Ribbon. Prior to sending the email they can hit the content check button and see if it passes the policy checks. If it doesn't, a dialogue box advises them; if they opt to correct it, the TA client provides a simple wizard showing them what needs to be modified or removed.
If the user doesn't check the message first and tries to send it, all checks will still be applied and they'll get the same warning and assistance if it fails validation. If the policy has justification enabled in its global settings, the user may override the content checks and send the message anyway. However, they must first type in a reason for doing so and this response will be logged by TA.Should they receive an internal message from a co-worker that they want to forward externally, they may be allowed to change its classification and downgrade it, but will also need to justify this.
Maintaining all control and XML files in a central location allows administrators to assign policies to groups or individuals. Many policies will have a core set of validation checks so some XML files can be shared among different user groups.
Auditing features are limited as TA can only post all activities in the Windows Event log. It does provide good levels of information, but if you want to use it for reporting and auditing purposes you'll need to source a separate application that can access these logs.
Titus Aware offers an elegantly simple DLP solution for Outlook users. Actively engaging users in the process will make them far more aware of what is acceptable for business email.