Why is PPAP a Problem? What Can HENNGE One and Box Do To de-PPAP?


In June 2023, HENNGE released “HENNGE Secure Download for Box”, a new feature of the company's main product, the cloud security service “HENNGE One”.
We asked Ogasawara san of the West Japan Sales Section, who is in charge of HENNGE One sales in western Japan, and Tanimoto san of the Presales Engineering Section, who provides technical support when proposing HENNGE One nationwide, from the Osaka office.

Hello! I see that you have recently released the new feature “HENNGE Secure Download for Box” for HENNGE One. What kind of new feature is it?
Hello! This is a de-PPAP solution that allows you to automatically upload attachments you send via email to the cloud storage “Box”.
So PPAP is that thing, right? A method of sending ZIP files with password via email, then sending the password in a separate email.
It used to be quite popular in Japan, but recently I hear that there has been a growing movement to abolish it.
That's right. Originally, PPAP was intended to protect files from information leakage in the event that their contents were stolen or sent by mistake. However, PPAP still poses a security risk because the file and password are sent through the same channel, and there is nothing that can be done if the password itself is mistakenly sent.
With the number of cases where email being used for cyber attacks using malware (malicious programs) increasing recently, ZIP files slipping through the scans of anti-virus products becoming more often, more and more companies are finding PPAP to be a challenge.
PPAP is also a hassle to operate, right? You have to send a separate password, and it's troublesome to install an app on your phone for opening ZIP files.
That's right. Due to such issues, the Cabinet Office and the Cabinet Secretariat have announced the abolition of PPAP in 2020, and private companies are also moving away from PPAP.
I see. Following this trend, HENNGE has released HENNGE Secure Download, a de-PPAP solution, as a feature of HENNGE One in 2021, right?
Yes, with HENNGE Secure Download, the sender simply sends the file as an email attachment as before, the file is automatically uploaded to cloud storage, and the recipient receives the text content of the email and a PDF with the URL to download. If the recipient requests verification of their email address, they will receive a verification code via a separate channel.
It is a mechanism that solves problems of PPAP such as “files and passwords go through the same path”, and “file cannot be scanned for viruses”. The sended just needs to attach the file to the email, so the procedure is quite simple.
Since a download URL is issued for each recipient, a third party cannot download the file, and even if the sender attaches the wrong file, the URL can be disabled after being sent.
It has been 2 years since the launch, how has the response been?
We have received inquiries from a very large number of customers, and adoption is also progressing. There has been an increase in the number of cases in which customers who use HENNGE Secure Download are interested in us and inquiring us by email.
In January 2023, about 1 year and 3 months after the service started, the number of companies that received files with this function exceeded 200,000, expanding the opportunities to use the service for sending and receiving.
So what is the difference between that HENNGE Secure Download and the newly released HENNGE Secure Download for Box?
The mechanism is almost the same, but with HENNGE Secure Download for Box, attachments are uploaded to Box when being sent.
Here's how the process works.
The sender simply sends the file as an attachment to an email as before, and the file is then automatically uploaded to Box. The recipient will receive the text content of the email and a PDF containing the file sharing URL, and can download the file using the password that will be sent in a separate email.
I see. So what are the merits of using this feature?
There are three majors points.
(1) Improved convenience of file sharing for users (from the user’s perspective)
(2) Content can be consolidated in Box (from the administrator’s perspective)
(3) By implementing measures to prevent accidental transmission, security can be strengthened (from both administrator’s and user’s perspective)
There are even 3 points!
First, could you tell us more about “(1) Improved convenience of file sharing”?
Up until now, when sending files via Box, you would create a folder for external sharing, store the files, generate a shared link, and paste the link into an email to send the file. If you want to put a password on the shared link, you would need to set it separately by the user.
With HENNGE Secure Download for Box, users simply need to attach the file to an email. This frees them from the hassle of issuing a shared link, expiration date, and password settings, increasing user convenience.
That would be very helpful in terms of reducing labor hours!
Next, can you tell us more about “(2) Content can be consolidated in Box”?
Attached files can be automatically stored in Box without omission when sending emails. When this function is not being used, files can be sent as attachments to email as they are, unless the email system prohibits attachments to email. Therefore, even though Box was introduced in order to move away from PPAP, it is still possible to share files without using Box.
With HENNGE Secure Download for Box, files sent by e-mail can be managed in folders on Box by sending address and sending e-mail. Since access privileges can be set for each folder, administrators can manage all files sent by whom and when, making it very convenient from an operational standpoint.
It is good to be able to classify and manage transmitted files without omissions!
Finally, please tell us about "(3) By implementing measures to prevent accidental transmission, security can be strengthened”.
HENNGE Secure Download for Box is a countermeasure against misdirected emails, as it allows senders and administrators to disable URLs even after the emails have been sent.
When combined with HENNGE Email DLP, HENNGE's email misdelivery prevention function, users can flexibly set up error filters, such as temporary hold and supervisor approval, according to business partners and sending users.
So not only can you eliminate PPAP, integrate cloud storage, but also reduce the risk of email misdelivery and fulfill all the security measures that administrators are concerned about when sending emails!
Why did you develop the feature this time?
Due partly to the variety of de-PPAP needs, we received requests from customers such as linking with the cloud storage used in-house, or consolidating file uploads to the cloud storage used by the company.
Therefore, we decided to work with Box, which has a high market share among cloud storage providers, and has received many requests for integration.
I think there are products from other companies with similar features out there, so are there any points of differentiation?
From the user’s point of view, just by attaching files to an email, users are freed from hassles such as setting the sharing period, setting the URL public deadline, and password setting. It also allows for de-PPAP using Box without lowering the security level.
From an administrator's point of view, Box can be used for collective management, saving time and effort, and can also be used to prevent misdelivery.
How is the market’s response so far?
Although Box has been adopted by many companies, the troubles of operation and password management for shared links have become common issues, and many customers have immediately been inquiring about HENNGE Secure Download for Box.
HENNGE Secure Download for Box does not require a Box license on the recipient side, so it can be used regardless of whether the recipient uses Box or not.
Do you have any message for companies struggling with the PPAP issue?
If you are in doubt about how to move away from PPAP, please contact HENNGE. We will propose the best solution for your operation!
Thank you for your time today!