"I will attach business-related information to this email, and I will send the password for decompressing the file in a separate email." ——I think there are many people who have received or sent such emails. The so-called "PPAP" method, in which a file is compressed with a password and sent to the other party and the password is sent separately, has been adopted by many organizations and companies in Japan.
Actually, the method of compressing with a password is not so effective in terms of security as long as the main body and password are sent by the same route called mail. That should be the case, PPAP was originally a method that appeared as a countermeasure against "erroneous transmission" that sends information to the wrong party due to an operation error or the like. Even if you send the file to the wrong person, if you notice it before sending the password, you can prevent it from leaking by asking "Please delete it as it is".
Watch the online event "Security Forum 2021 ~ Microsoft's Security Measures to Prepare for Change ~"The demerits are more conspicuous than the merits, and the movement of "de-PPAP" that spreads
But gradually, the disadvantages are becoming more noticeable than the advantages of PPAP.
First of all, even if you notice an erroneous transmission and request deletion, there is no way to confirm whether it has been deleted. It can't be locked or wiped remotely, so even if you didn't give it your password, you could open it if you retry it many times.
Recently, a solution that automatically generates and sends a password has appeared, probably to save the trouble of the sender, but in this case, "check if there is an erroneous transmission and send the password if there is no problem". Countermeasures against erroneous transmission The original purpose becomes meaningless. In some cases, only the password is shared first, and the file arrives later, but the meaning becomes even less.
Above all, when handling a large number of compressed files with passwords, both the receiving side and the transmitting side will have to spend more time and effort. As a security measure, of course, the meaning as a measure against erroneous transmission diminishes, but only the load increases.
What's more, password-compressed files pass through filters that detect malware. Nowadays, cyber attackers have grasped this feature and have taken the trouble to attach malware as a file with a password and abuse it to evade security measures.
In response to this trend, in November 2020, then Minister for Digital Transformation Takuya Hirai announced that the PPAP system would be abolished at the Cabinet Office and Cabinet Secretariat. This statement has caused a big ripple, and major IT vendors such as Fujitsu and Hitachi have begun to abolish PPAP one after another.
Watch the online event "Security Forum 2021 ~ Microsoft's Security Measures to Prepare for Change ~"What is an easy and secure file sharing method to replace PPAP?
The problem is an alternative to PPAP. It is now difficult to proceed without exchanging information with partners and customers, but it is too costly to prepare a new server just for that purpose. Many companies want a method that can prevent erroneous transmission and is an effective security measure without changing the workflow and usability of the past.
Therefore, the "Web download method" is now attracting attention as an effective alternative. Upload the file you want to share on the web and email the link to the person you want to send it to. Depending on the settings, all recipients can view the file, or only a specific user can view the file after authentication. Furthermore, it is possible to prevent the outflow by stopping the publication as needed.
In this session "Microsoft 365 functions that can be used for de-PPAP", we will introduce how to achieve de-PPAP by the Web download method, along with specific functions and demonstrations of Microsoft 365 OneDrive for Business. If you're worried about PPAP alternatives, you'll find useful tips.
![Advantages of "Gravio" that can implement face / person recognition AI with no code [Archive distribution now]](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_6/2022/2/25/98ceaf1a66144152b81298720929e8e7.jpeg)