Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1449
Views
5
Helpful
3
Replies

Viewing CRES encrypted e-mails after employee terminates?

Jason Meyer
Level 1
Level 1

‎09-11-2013 01:37 PM

What is Cisco's position on decrypting CRES encrypted e-mails that are part of an employee's mailbox that no longer works for my company.

For example, we keep all of Tom's e-mail because he deals with very senstive issues and encrypts a large portion of his e-mails with CRES and desktop encryption.   Tom wins the lottery and moves on.  Six month's later our company is put under legal discovery for information that we know is in Tom's mailbox and is encrypted.   But, we do not have his CRES password.   Can we request his password be reset on his behalf?  Does Cisco have a way to decrypt e-mails in bulk so that we don't have to manually decrypt the e-mails individually?

Just trying to get a discussion going on this.

Appreciate any input.

Jason

Labels:
0 Helpful
3 Replies 3

Robert Sherwin
Cisco Employee
Cisco Employee

‎09-11-2013 01:46 PM

No.  We do not have a way to get that un-encrypted - bulk, or otherwise.  We (as Cisco) would just go through at that point and perform a user reset on the account in question --- which would reset the password and "secrets" answers.  After that - the account would be forced to go through and re-establish the basic user setup.  If you request this through a CRES admin account for your company - we can comply with that.  But, if you are a non-admin - then we will not.

If an end-user does leave your company - happiliy with millions, or with sad force... CRES accounts aren't deleted - but you (as an admin), or Cisco, from global admin use, can lock the account.  (We'd prefer to see the happily with millions - and wealth sharing for all!)

Normally - as long as you have your CRES account properly setup, you are an admin, AND you can properly log in and assure that your domain is tied to the CRES account correctly --- you should see and be able to search/view your company domain users that have CRES accounts created.

http://tools.cisco.com/squish/Fd3B6

As stated by the CRES Admins, it is against CRES policy to delete users. You have the option to select the individual user and set their status to either Locked or Blocked. This will essentially prevent that user from accessing secure emails for the selected account.

-Robert

Cheers,
Robert Sherwin

brmatthe
Level 1
Level 1
In response to Robert Sherwin

‎09-11-2013 02:46 PM

One correction, to prevent users from opening existing envelopes (or logging into CRES itself), set them to Locked. If you set them to Blocked, the user can go through the forgot password process to get themselves active again, which presumably you don't want. Locked can only be reversed by an admin.

0 Helpful

Jason Meyer
Level 1
Level 1

‎09-11-2013 03:02 PM

Appreciate the responses guys, good info.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents