The Royal Dutch Automobile Association (ANWB) operates the largest emergency contact center of The Netherlands. Wherever its members encounter problems, be it vehicle related or involving personal health, the ANWB stands ready to help. The ANWB delivers worldwide support via its contact center. It will reach out to their customers anywhere they are and they sometimes have to help out with medical issues as well, usually as part of a traffic incident. The contact centers deal with customers in emotional turmoil, their car has broken down whilst travelling with their families, an accident has happened and a loved one has been hurt or they are experiencing less than favorable local circumstances. The last thing they want in these situations is a cumbersome communications process leading to additional aggravation. Yet the nature of their communications, potentially containing personal and medical information, have a regulatory requirement for data security and data privacy. A most challenging combination for sure.
The Netherlands has a specific standard for delivering health information and medical information via email. This the NTA 7516 standard, of which SecuMailer is one of the founding members. SecuMailer wrote the first version of this standard, after which it was adopted by the Dutch government and turned over to a committee to make it into a broad national standard.
The NTA 7516 standard has a set of functional and technical requirements which are verified via an independent audit process. SecuMailer complies with all requirements and has been audited by three different audit parties as it was part of the initial launching group for this standard. All certified audit parties got a chance to practice with SecuMailer as it was the gold standard for implementation.
The nature of ANWBs work can be quite spiky, with large seasonal influences. Summer holidays in The Netherlands run from July until end of August and it’s during this period that ANWB experiences a large seasonal impact. Any solution must be able to process a factor five increase without any issues for the ANWB. This is the scenario where a SaaS solution like SecuMailer, supported by the amazing flexible capacity at AWS, really shines.
The challenge for ANWB lies in the juxtaposition of a low communications complexity threshold combined with high grade security to remain compliant with GDPR and national regulations with requirements for medical data protection. Rarely are these requirements fulfilled in one solution.
Fortunately SecuMailer is able to bridge this gap, as the only supplier in The Netherlands to be able to do so. SecuMailer’s unique technology allows it to deliver secure emails straight into the inbox of a recipient whilst maintaining the highest levels of data security and data privacy. This is not a vapid claim, recently SecuMailer became a qualified EU Trust Service Provider, only the fifth of its kind to do so in the European Union. Next to that the platform is certified for GDPR, NTA 7516, ISO 27001 and NEN 7510.
The contact center uses a call center application for managing its customer contacts which has been integrated with Microsoft 365 for its email handling. SecuMailer can integrate with any email provider via SMTP and additionally has several REST APIs to connect frontend and backend applications to its core infrastructure. Larger customers that want even further integration can be serviced via webhook call backs or feedback REST APIs that can be connected to their SIEM/SOC infrastructure.
The ANWB contact center is connected to SecuMailer via a Microsoft 365 partner connection, using the standard M365 smart host connector. This integration allows ANWB to completely tailor its connection requirements by using native M365 features in determining which traffic needs to be routed to SecuMailer and at which security level. SecuMailer supports GDPR protected traffic, NTA 7516 medical/ personal data and eIDAS qualified traffic. ANWB is able to separate all these requirements by using M365 mail flow rules, in combination with specific header variables they can add based on their routing policies.
The connection to SecuMailer is secured by a mandatory TLS connection that verifies the certificate hostname. SecuMailer provides a DANE/DNSSEC protected endpoint and supports MTA-STS as two different standards with the same aim, to block any downgrade TLS attacks on the SMTP protocol.
The SMTP endpoints run on AWS EC2 servers. Ensuring the data security of the EC2 virtual servers is paramount as they are the only long running components in an otherwise fully serverless architecture and they are therefore the most vulnerable part of the SaaS architecture. Until recently SecuMailer used a suite of native Linux tools to establish a proper data security baseline for the EC2 instances but it has recently adopted AWS GuardDuty for EC2 and AWS Inspector for EC2 to enhance its security posture on EC2. Combined with the single pane of glass that AWS SecurityHub offers it has greatly improved EC2 data security and the visibility of the EC2 platform data security status.
The next step is having the SaaS platform proper process the Microsoft 365 originated emails. All email is processed by the AWS Lambda serverless platform. This offers unparalleled data security and data privacy advantages that are key components for the health organization. Because there are no permanent physical or virtual servers there is no data residue when processing emails. There are no traces left behind due to the fact that the containers that are used for Lambda processing are deleted after running. There would be no risk of an additional data leak with this technology.
SecuMailer uses AWS DynamoDB for storing meta data, combined with KMS encryption for data at rest. To safeguard integrity and availability of the data the platform uses DynamoDB Global Tables and Point-In-Time-Recovery (PITR). During processing of the emails temporary data storage is based on AWS S3 with KMS encryption for data at rest, meeting all requirements from the health organization with regards to data security.
Before emails are delivered the SaaS platform will investigate the recipient mail server(s) and determine whether it is secure enough to deliver the email. SecuMailer has developed its own SmartTLS engine to query the recipient mail server, verify its TLS version and its configured cipher suite. It will check for self-signed certificates, expired certificates or missing root and intermediate certificate authorities. The SaaS platform does the scanning via a serverless Lambda, using a VPC that is connected to the internet via a NAT Gateway for maximum security. Queries can only be initiated within the Lambda internal network, no outside connections can go in during this process.
ANWB has access to the SecuMailer admin portal where it can query delivery events, based on the event data that AWS Secure Email Service (SES) emits when delivering email. Using Kinesis Data Firehose and AWS OpenSearch all relevant events can be queried via the admin portal. The admin portal also provides exception handling in situations where communications issues are too difficult to overcome and one or several security measures need to be downgraded to be able to contact a customer successfully. These exceptions are reported to the ANWB security incident handling team so there is always visibility on security exceptions.
As AWS states it, security of the cloud is the responsibility of AWS and security in the cloud is responsibility of the service provider, aka SecuMailer. Within the technical architecture AWS provides a secure Lambda platform with excellent data security and data privacy capabilities, These are further enhanced by extensive monitoring and tracing capabilities like GuardDuty for Lambda, AWS X-Ray and AWS CloudTrail. With these capabilities SecuMailer, and thereby the ANWB, can be assured that there are no data integrity issues whilst processing the secure emails. This assurance can be reported upon so there is tangible evidence that the SaaS platform running on AWS maintains integrity throughout the data processing cycle.
The end result is that the ANWB contact center is fully compliant with GDPR and NTA 7516. They are able to successfully contact customers securely, sometimes under very difficult and stressful situations. The contact center staff is not impacted negatively by the security technology, in essence they don’t notice any differences. The ANWB customers are helped without compromising their security and privacy.
Onboarding with SecuMailer is done by the following steps:
SecuMailer is a private company. We provide our customers with a SaaS solution to send confidential information by secure email.
SecuMailer was started in 2017 by Yvonne Hoogendoorn CIPP/e and Meint Post CISSP / ISSAP
SecuMailer is fully compliant with the GDPR and certified for eIDAS , ISO 27001:2022, NTA 7516 and has the ECSO-label (European Cyber Security Organization). SecuMailer is a qualified EU Trust Service Provider, certified for Qualified Registered Email Services (QREMS).
SecuMailer is available on the AWS Marketplace.
SecuMailer is one of the founders of the Dutch regulation NTA7516 for secure email with personal medical information. This regulation combines elements of the GDPR, The eIDAS and the Dutch medical laws.