Success Story: SecureZIP® Helps Federal Government Agency Securely Exchange Emails and Meet Compliance Requirements
Customer Background
This Federal Government agency is responsible for the safety of civil aviation. The agency, which is divided into several individual offices, maintains various responsibilities, including: regulation of civil aviation to promote safety; development of civil aeronautics; research and development of the National Airspace System; and regulation of US commercial space transportation.
Challenges & Requirements
Various federal agencies were audited to identify instances where personally identifiable information (PII) may be exposed. Upon learning of the audit, two offices within our client agency took a proactive stance and concluded that it needed additional security around PII exchanged daily via email. The offices began searching for a solution that would allow encryption of sensitive information sent via email and, if possible, a solution that would also provide access to any and all encrypted information for purposes of data recovery.
The agency uses Lotus Notes® for desktop email communication. While encryption capabilities are built into the program for secure exchange internally between Lotus Notes users, the offices needed a solution that would integrate with the application and allow for secure, external email exchange. In addition, with office employees located across the country, it was imperative that the solution be quick to deploy and easy to integrate within the daily workflow.
When searching for a security solution, the offices needed to ensure the solution would meet the requirements outlined in its statement of work for encryption software. These requirements included:
- Compliance with Federal Information Security Management Act (FISMA) of 2002 for mandatory use of FIPS 140-2 compliant technology
- Compliance with Information Technology Management Reform Act of 1996, Public Law 104-106 to use Validated Cryptographic Modules
- Compliance with OMB Memo M-0408, Maximizing Use of SmartBuy and Avoiding Duplication of Agency Activities with the President's 24 E-Gov Initiatives GSA Advantage Purchase
The Solution - SecureZIP
SecureZIP for Windows® Desktop addressed all of the agency's requirements:
- Strong encryption for secure email exchange. SecureZIP offered the offices strong data file encryption that met the initial goal of a security solution compatible with its Lotus Notes email application. The offices can now encrypt and securely exchange information with all external endpoints.
- Access to data for audit/recovery purposes. Contingency Key functionality ensures that data can be accessed at any time, even if a passphrase used for encryption is lost or stolen. The offices can recover any data encrypted via SecureZIP, which is especially important in the instance of an agency audit.
- Centrally control encryption capabilities. Policy Manager, another SecureZIP feature, gives the offices the ability to set security protocols, so they automatically become part of the workflow. In some cases, users are unaware that files are being secured, because SecureZIP works "in the background," encrypting and decrypting files without requiring any user interaction. Using Policy Manager, administrators can centrally control encryption standards, configuring and securing protocols. Every time an employee or affiliate creates a SecureZIP file, the user is locked into encrypting the file in accordance with the agency's security policy settings.
- Fast and easy deployment. SecureZIP is easy to use and deploy within an existing work environment. Because both SecureZIP and WinZip are based on the .ZIP standard invented by PKWARE®, they are virtually identical in their use, so the transition for employees was quick and easy. Realizing that WinZip could not remain as the standard for compression, SecureZIP now serves the dual purpose of encryption and compression at the federal agency.