The organization can centrally enforce policy so that items which originate from an Outlook client that has Janusseal for Outlook installed contain a protective marking indicating the item's sensitivity. The marking can be used by other email system components, such as email gateways, to filter the egress of sensitive information. Human readable markings raise recipient's awareness, so that sensitive information can be correctly handled by them.
The need to classify each sent item is enforced, whether the message is sent directly from Outlook, from an Office document, using File > Send To... or from the shell context menu using Send To > Mail Recipient
The end-user may specify the security classification during message composition using the Janusseal Compose Classification Toolbar. If no classification is selected before the message is sent, a security classification dialog is presented forcing selection of a classification before the message can be sent. In Outlook 2007, 2010, 2013 & 2016 the Compose Classification Toolbar is implemented using a form region, which is displayed during message composition (see next feature description).
The Compose Classification Toolbar feature can also be switched off by policy settings so that organization's can ensure end-users only classify a message once they click the Send button using the Janusseal On Send Classification Dialog. Some organization prefer their users only classify messages via the Classification Dialog as it means they fully consider the security classification of the whole message at the time of sending, rather than part way during composition.
Janusseal for Outlook includes capabilities that improve its usability in this client environment.
- set the message's security classification while composing the message with a single click from the ribbon bar
- the prominent showing of a received message's security classification when viewing the message in the preview pane or in its own read dialog
Janusseal for Outlook includes the On Send Classification Dialog so if the user does not set the security classification during composition then they will still be prompted to specify it on sending.
When reading messages, the ability for the recipient to observe the security classification when the message is read from the Preview Pane is a major time saver. It avoids the need to have the end-user open the message to be prominently shown the message's security classification.
Different text can be used for display values and marking values of the security classification. In this way, familiar terms can be presented to users (such as COMPANY CONFIDENTIAL), whereas different text can be embedded in the protective markings for use by system entities like email gateways (e.g. CONFIDENTIAL:COMPANY). This improves user acceptance, but also simplifies interoperation with other systems which may not be so flexible with the text that they recognise.
With Janusseal for Outlook the organization can control where the protective markings are inserted into the sent message. It can be one or more of the following:
- X-Protective-Marking header
- Subject line header
- Outlook User Property metadata field (internal-only to Exchange domain)
- prepended text in the message body
- appended text in the message body
This level of flexibility allows the system to be customised to an organization's requirements and also allows for markings to be visible to message recipients that do not necessarily have email protective marking software.
Janusseal for Outlook allows the organization to control whether specific protective markings are inserted into sent messages depending on the security classification of the message. For example, CONFIDENTIAL messages can have the protective marking inserted into the X-Protective-Marking header, the subject line and the start of the body, whereas PERSONAL messages can have the protective marking only inserted into the X-Protective-Marking header.
This allows the organization to embed and present the protective markings as they are required. An email gateway can still filter outbound delivery, as it can interpret the X-Protective-Marking header, whereas recipients of personal messages will not be confused by markings embedded in the subject line.
Text inserted into the Outlook User Property marking, body markings or message flag can include tokens to represent an attribute of the active security classification for the message. For example, the text may include %DISPLAY_VALUE% to represent the security classification's human readable classification, such as COMPANY CONFIDENTIAL, or %SENSITIVITY.DISPLAY_VALUE% to represent a simpler form, such as CONFIDENTIAL. These tokens extend the flexibility of text inserted into messages. A value such as
Security Classification: %DISPLAY_VALUE%
could be inserted into the message flag of each message, so that recipients of the message will see the security classification as selected by the sender in the flag region of the message.
Janusseal for Outlook's configuration is powerful enough so that the text added to the message flag can:
- be simply based on the display string for the message's security classification
- include arbitrary text which can be tailored for each security classification defined in the organization's schema
Previous versions of Janusseal for Outlook had concentrated on the ability to add protective markings to email messages for use by other Information Technology systems, like email gateways. These protective markings are either in the subject line and/or the X-Protective-Marking header, have a well defined syntax but are not readily interpreted by humans.
This latest version of Janusseal for Outlook now has several new features to make it simple to add protective markings to email messages that are for presentation and interpretation by their human recipients. Included in these new features is the ability to add arbitrary text at the beginning and/or end of the message's body.
Janusseal for Outlook's configuration allows text added to the message body (beginning or ending). Text inserted into body markings can be customised per classification both in content and formatting. For example, Unofficial/personal messages could have a disclaimer inserted using a small, gray, italic font which would include the text:
This message is personal in nature. It does not reflect the views or policy of the organization in any way.
Whereas, a CONFIDENTIAL message could have the following disclaimer text inserted in large, red font:
This information provided in this message is CONFIDENTIAL and is provided on a strictly need-to-know basis.
Inserting protective markings into header and footer of message print-outs
Janusseal for Outlook can be configured to print email messages with the security classification information visible in the header and footer of the print out.
Microsoft Office and classified files attachment scanning
Janusseal for Outlook can determine the security classification of protectively marked Office documents and other files marked with a security classification. Read more Janusseal Documents.
Allow, warn or prevent downgrading of classification on reply or forward
When a user replies to or forwards a classified message, Janusseal for Outlook can:
- allow the user to select any of the available classifications
- allow the user to select any of the available classifications, but will show a warning if they set a classification that is lower than the original message's
- only allow the user to select a classification which has the same or higher sensitivity when compared to the original
Janusseal for Outlook warns the user:
Packaged as MSI
Janusseal for Outlook is provided as a ready-to-deploy Microsoft Installer (MSI) package. It can be deployed silently using standard tools, such as Active Directory, Group Policy and System Center Configuration Manager (SCCM). Alternatively, for evaluation it can be installed directly on the desktop.
Configuration using Group Policy
Janusseal for Outlook is provided with Group Policy Administrative Template (ADM) files, ready to be imported for configuration using the Group Policy Editor. Configuration can be easily customised for various machine and user groups.