Protecting government has never been more of a challenge: The demand for online, transparent access to services and records is rapidly increasing, meanwhile the corresponding attack surface grows exponentially. The State of Hawaii tackled this situation head on.
Todd Nacapuy, chief innovation officer for the State of Hawaii, oversees the Office of Enterprise Technology Services (ETS), which is tasked with providing governance for information technology programs, projects and services across the state’s executive branch. He explained, “We have defined seven CIO priorities for ETS to ensure an effective, efficient and open government: IT Workforce Development, IT Governance, Services-Oriented Infrastructure, Enterprise Projects and Programs, Open Government, Cyber Security, and IT Cost Transparency.”
As the State of Hawaii tries to make more and more of its data accessible to the public under the open government initiative, it is ETS’ duty to mitigate the inherent new risks. Much of the data that the State holds is considered personally identifiable information (PII), and regulations – such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), Fair Information Practice Principles (FIPPs), and Federal Information Security Management Act (FISMA) – require the data to be protected by encryption.
Michael Otsuji, the State’s IT development officer, noted, “We are constantly making our organization aware of the potential cost of a breach, as well as what would happen if data was exposed; including the effort of clean-up that would have to be undertaken.”
“Our goal was to implement data access on a just-in-time basis: only enabling an entrée to information as and when an authorized user really needs it,” recalled Nacapuy. “We wanted to deploy an encryption solution for our enterprise projects, and at the same time extend an ‘encryption-as-a-service’ offering to all of the State of Hawaii departments that wish to more tightly secure their data.”
Deploying encryption as a last line of defense became a key initiative for ETS particularly when it implemented a second data center – to serve as a back up to the primary site – that was located in a shared facility. “Even though the center is physically secure, we don’t have exclusive control of the space,” explained Nacapuy, “And we wanted the data to be unreadable if our other defenses were breached – for example, if someone stole a server – we needed the data to be useless to them.”
ETS evaluated vendors with encryption solutions, assessing them to find the optimal solution to meet its needs. Having reduced the options to a shortlist of contenders, a proof-of-concept with each was undertaken to determine individual speed, cost, ease of - use, and overall capabilities.
Nacapuy recounted, “Vormetric Data Security (DSM) by Thales stood out because of Vormetric Transparent Encryption with its support for a wide variety of file formats and data states – such as data at rest – combined with Vormetric Key Management handling the rolling keys. It also demonstrated impressive speed at processing the encryption and decryption of files.”
Having made the decision to standardize on the Thales solution, rollout began with ETS educating the various departments about the new encryption service. ETS took on a consultative role to fully understand the specific compliance regulations that needed to be achieved by each group and to ensure the appropriate information became secured by Vormetric Transparent Encryption.
Otsuji stated, “The response to ETS offering the encryption service has been very enthusiastic because it’s not just a nice to - have it’s now a requirement for many departments, and with Thales we make it so easy and efficient.”
Nacapuy concurred, “It’s very efficient for us because management of the Vormetric Transparent Encryption is so simple. It enables us to accomplish more with less because of the flexibility it offers in terms of spanning all of the data types across the business entities that we service.”
“Thales has been a wonderful partner,” recounted Otsuji, “Putting on presentations for the departments and being extremely involved in the successful adoption of encryption by them.”
Just-in-Time Data Access
“We’ve listened to the operational needs of our colleagues and are able to take a business-centric approach to the capabilities we offer,” observed Nacapuy. “And Thales has become a critical offering within our services-oriented infrastructure for end-to-end encryption as well as data at rest.”
He concluded, “Our move into the new paradigm of only enabling access to data as and when authorized users really need it is one of the primary catalysts behind our investments in leading-edge security solutions like Thales. DSMs is a key contributor to delivering just-in-time access conveniently and efficiently.”
About Thales eSecurity
Thales eSecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and, with the internet of things (IoT), even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property, and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged-user control and high-assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.Download