Secure Messaging

Learning Center

Back to top

Search Results

Secure E-Signatures

Overview

Electronic-signature functionality is rapidly becoming an essential aspect of any digital enterprise. Moreover, users increasingly expect the process to be fast, simple, and secure. One industry study by Gartner Research found that the market for e-signature products had grown by nearly half from 2010 to 2011, with that growth rate projected to rise going forward.

In the past, the process of obtaining a signed file usually meant sending the document either by fax, courier, or email (to be then printed at the other end). It then had to be signed and returned either by fax, courier, or (after being scanned back into digital form) email. The process was typically time-consuming, laborious, and costly.

The advent of electronic signatures has significantly sped up the process of getting required signatures on documents and dramatically reduced much of the cost since documents can now simply be exchanged digitally. In most e-signature products available today, the required signatory just electronically signs the document using whichever means specific to that product and delivers the file back, often via email.

The problem with this basic exchange is protecting the security of the files. While numerous tools and solutions for effectively creating e-signatures have been developed, because of legislation now in place in many countries, enterprises and organizations require a solution that not only makes it fast and easy to electronically sign files, but that can also guarantee the security of the information during transmission between the parties involved (without reverting to sealed envelopes and couriers).

The e-signature feature available in Secure Messaging does just that. It is the first truly secure way to easily and quickly sign and exchange digitally approved documents without relying on complex deployments. Even better, subscribers to Secure Messaging automatically have access to this as it is built right into the platform. There’s no extra cost and nothing to implement. You can simply start using it. It’s that easy—and that secure.

What is an E-Signature?

An e-signature replaces an actual, physical hand-written signature to indicate that a person adopts the intentions recorded in the document being signed. Usually, this is done using letters, characters, numbers or other symbols in digital form incorporated in, attached to, or associated with an electronic document.

E-Signatures vs. Digital Signatures

Electronic signatures and digital signatures are commonly misunderstood to mean the same thing when they are quite distinct. When choosing a signing solution, you should know the difference, especially because of the variance in costs and ease of implementation, among other factors.

Digital signatures, as they have come to be defined, are essentially e-signatures with an added layer of cryptography to protect the integrity of the signature and the original document content during transmission. This is accomplished primarily through the use of public key infrastructure (PKI) technology.

Along with guaranteeing the signer’s identity and intent, as well as data integrity, digitally encrypted signatures also provide the assurance of non-repudiation, meaning that the signer cannot claim they did not sign a message while also maintaining that their private key is valid.

What’s the Problem?

Given the massive benefits of developing a legitimately viable “click to acknowledge” marketplace, many countries have passed various laws to encourage the adoption of e-signatures as valid. The ESIGN Act in the U.S., for example, is meant to “facilitate and promote commerce and governmental transactions by validating and authorizing the use of electronic records and electronic signatures.” In nearly every case, the laws stipulate that any electronically signed document must be securely protected throughout the exchange.

It is the latter requirement that causes many solution providers to fail the last hurdle. For example, many major e-signature products use e-mail to exchange signed documents. Because of the nature of email SMTP protocols, a document sent over email might travel through 10 countries on its way to its destination—even if it’s just across the street. Not only would this contravene some jurisdictional legislation that prohibits the transmission of sensitive material across international boundaries, it is along this path that many hackers focus their efforts in seeking a breach and where an email or its attachments are vulnerable if they are not securely encrypted.

As noted, though, ensuring security through encryption has typically meant additional costs and implementation issues. For example, the added complexity of enabling PKI encryption at all points during the exchange requires additional hardware and/or software and is more laborious and costly to implement and use.

The problem is that none of the existing products have been able to offer true stand-alone secure file exchange capability. That means you will either have to compromise on security in favor of ease-of-use and lower implementation costs, or shell out for the added cost and weight of digital signature encryption software.

There are no compromises required with the secure e-signature feature in Secure Messaging and no additional costs to ensure security. With Secure Messaging, you can now seamlessly and securely sign and exchange a full range of document types simply by typing your name and clicking a button—all from within your email program and in a matter of seconds.

Who Needs Secure E-Signature?

The short answer is everybody. Whether it’s signing and exchanging contracts,
medical records, or financial information, businesses and organizations of just about any size need to exchange signed documents. And by the very nature of the intent of a signature, that information is usually important, sensitive, confidential, or all three.

You need Secure Messaging’s e-signature solution because it is a simple “click to acknowledge” process that is completely secure throughout the exchange and easy for anybody to understand and use. It supports major document formats, including PDFs and Microsoft Office files, as well as most common image formats (JPG, PNG, etc.), with few restrictions on file size transfers. Whether you are a lawyer, engineer, or doctor, from complex agreements to digital blueprints to x-rays, you can obtain required signatures literally in seconds.

The Solution

Why is it better?

Secure e-signature offers the best available combination of speed and simplicity alongside security, traceability, and non-repudiation.

  • Secure: Unlike other products that send plain text links in which anyone intercepting the basic (unsecured) email can e-sign the document, because it is integrated into the Secure Messaging Suite the secure e-signature feature requires every user to be authenticated in order to e-sign the document. As well, all messages and their contents are cryptographically hashed and delivered via the secure cloud (rather than over basic unsecured mail), providing more robust security even than PKI-based solutions without you or your users needing any additional hardware or software. Plus, the e-signature documents and associated hashed versions are stored encrypted in your Secure Messaging portal.
  • Simple to create: You don’t require an online tutorial to start using the secure e-signature feature. Much like you would with an email, you simply attach the file to be signed from the secure e-signature upload area of the Delivery Slip and click Send Secure. There’s no need to design a complicated agreement with special fields or move between various programs to create and securely deliver the file; every document gets an “e-signature certificate” page appended to the end for easy reference and is presented to required signatories for signing right in their email window.
  • Simple to sign: With the simple click-to-acknowledge process, required signatories to a document only need to click on the attachment in their email, type their name into the e-signature certificate field, and then click to acknowledge their signature. Secure Messaging then automatically informs the sender that the recipient has signed via a desktop and mobile alert notification. Done.
  • Branded to you: Because the Secure Messaging portal is private-labelled and branded to your organization, at no point during the exchange will anyone think they are dealing with anyone but you.
  • Nothing to implement: Unlike most products and services out there that require the download of special software in order for you to create and electronically sign documents, using the secure e-signature feature in Secure Messaging only requires that you can connect to the Internet through a browser. There’s no need for complex workflows.
  • Integrated right into your email client: The secure e-signature feature is a click away in the Secure Messaging Delivery Slip that integrates right into your email client. From Outlook with Office 365 to Google Apps for Work and your mobile apps, ease of use is assured for both internal and external recipients.
  • Full mobile functionality: It’s simple to obtain an e-signature using the Secure Messaging mobile app or via a device browser. Unlike other products, the user doesn’t need to download the file and open it in a separate program (e.g., a PDF) or wait until they can get back to their desktop to sign. Because the file is stored securely in the cloud, users are able to sign time-sensitive documents on the spot from anywhere. The e-signature feature is fully supported on all mobile devices, including iOS, Android, Windows Mobile, and Blackberry 10. As well, for even greater protection for e-signed and other exchanged documents, Secure Messaging supports fingerprint authentication on iOS devices.
  • Compliant with data jurisdiction requirements: Unlike many services that store electronically signed documents unencrypted in a public cloud, our secure e-signature feature allows your organization to choose where your data is hosted (to help ensure data jurisdiction compliance), and all documents are always stored at rest using AES256bit encryption. For enterprise deployments, our dedicated cloud service also allows custom encryption salt and custom hashing of e-signature documents
  • Enhanced e-discovery: For most regulated industries or any organization that needs to archive electronic communications, managing the storage and retrieval of communications is onerous and often costly given that it often requires third-party archival services. Plus, PKI-encrypted messages may become difficult or impossible to retrieve if the encryption key is lost. With Secure Messaging, every e-signature document is MD5-hashed for later comparison and validation of the original e-signed document. Hashed documents are stored indefinitely on the Secure Messaging portal (and original e-signed documents can be stored decrypted into your existing third party archive) regardless of the data retention policies set in place for your portal, ensuring auditability at any time.
  • Dedicated cloud service: Unlike other products with a generic authority to validate the authenticity of e-signed documents, our secure e-signature feature creates a unique authority as part of the Secure Messaging portal you get as a client. The path from your message to your space in the cloud on our servers is dedicated.
  • Non-repudiable: One of the major stumbling blocks for other products trying to offer full security is the ability to guarantee non-repudiation (where the signatory is unable to claim they hadn’t actually signed the document subsequent to signing it). Unlike many of the other products that simply send a basic (unsecured) email with a link to e-sign documents, because the secure e-signature feature is built right into the Secure Messaging Suite, every user is automatically authenticated. Plus, it tracks when they logged in, when the document was viewed or downloaded, and where and where the document was signed. This data is then added to the signature on the e-signature certificate page that is appended to the original file.
  • Ensures legislative compliance: Because the e-signature feature protects the security of the documents throughout the process and ensures the validity of the authorization provided, this makes any documents signed and exchanged using the secure e-signature feature fully compliant with existing legislation in technology neutral countries such as the U.S., U.K., Canada, and Australia, just to name a few.. This includes (but is not limited to) acts in the U.S. such as E-SIGN, GLBA, HIPAA (and HITECH); PIPEDA in Canada;; and the Electronic Transactions Act in Australia.
  • Integrates with your SSO: Whereas many other products require you (and everyone in your organization using that product) to create a new identity with their service, our Secure Messaging system seamlessly integrates with your existing SSO deployment (whether SAML2.0 or OAuth2.0). Plus, using your own federation service for authentication adds additional reputation to verifying the authenticity of every user action without requiring the use of complex keys. (Available with our Enterprise Dedicated Cloud service.)
  • Integrates into other apps: Because the Secure Messaging API is available as a rest-like API, developers can easily embed secure messaging features such as secure e-signature into other business solutions such as CRMs, EMRs (electronic medical records) or any third-party application with Web API capabilities.
  • Total message control: With Secure Messaging, along with the capability to restrict users from forwarding files, you can easily recall a sensitive document sent to the wrong recipient.
  • Real-time activity alerts & timeline insights: With the secure e-signature feature integrated right into the Secure Messaging Suite, you also get our famous real-time notification alerts. You can be notified of every point along the transaction, such as when a required signatory reviews or signs the file you have sent them. As well, you can opt at any time to click into an overall timeline snapshot of all activity on a file. This makes it simple to send out targeted reminders to only the required signatories who need prompting.
  • Securely exchange and sign large files: With the secure large file exchange capabilities in the Secure Messaging Suite, you can easily get large files validated without having to rely on external, unsafe file-exchange programs or worry about email file size restrictions in place. Required signatories can simply preview and sign the document right in the email window, regardless of its size.
  • Reduced software costs: Unlike other complicated products that charge upwards of $20 a month per user, your Secure Messaging subscription already includes the secure e-signature feature. Plus, you can realize significant other savings through the additional features available in the Secure Messaging Suite, such as secure file transfer and secure e-campaigns, which can further reduce your need for additional software or subscriptions.
  • Reduced courier costs: The savings for some organizations are dramatic. Imagine having to obtain signatures on a file from thousands of clients or customers and the costs of having to mail out those documents and arrange for their return. With Secure Messaging, it’s now the click of a button.
  • Instant verification: Along with the benefit of reduced courier costs, the secure e-signature feature reduces the time it takes to get documents signed and verified to literally seconds—basically, as long as it takes a required signatory to open a message and type their name. Plus, all participants are immediately notified of any activity during the process and all transmissions are trackable and date-stamped.

 

Last updated August 10, 2016