A key to mobile security
Connecting state and local government leaders
Encrypted flash drives protect Washington's child support data.
Washington state's Division of Child Support (DCS) knows well the challenge of handling sensitive information that, out of necessity, goes mobile. DCS collects and enforces child support payments statewide ' 3 million payments totaling $700 million a year. Its agents use bank account and employer information, Social Security numbers, tax returns, and other personal data in managing the 350,000 cases open at any one time.
Sometimes that data must travel with agents in the field, which could leave it vulnerable. The division's answer was encrypted flash drives.
'We identified some problems with the way the data was moving,' said Brian Main, data management and production operations manager at DCS. USB thumb drives were a convenient way for employees to carry and use large amounts of data in the field or when moving between offices, but 'we didn't know what they had on them or where they were.'
There are about 1,200 DCS workers in 11 offices statewide and about 300 more in 37 prosecutors' offices. Employees can send encrypted files via the network, but not all offices are on the same network, and sometimes there are problems getting large files through firewalls. So a sneakernet often is the most convenient way to move the electronic files. 'A lot of the day-to-day stuff is carried on thumb drives,' Main said.
Concerns about the small drives began cropping up about 18 months ago, he said. The risk had existed before, with information on floppy drives and writable CDs, but the situation was becoming more serious with the small, powerful flash drives, Main said.
The answer was to make a virtue of necessity.
Officials decided that if employees were going to use USB drives, the division should protect and manage them. At first, the division couldn't find all the features it wanted, including the ability to:
- Encrypt automatically. 'We wanted to take out the human component' by eliminating any decisions by users on whether or what to encrypt, Main said.
- Track the devices.
- Track data on the devices. 'In case of a loss, you needed to be able to notify clients,' so you have to know what data is on each device.
- Back up data automatically so it can be restored if necessary.
- Centrally manage and lock down the devices.
Washington state's Division of Child Support is standardizing on encrypted Cruzer Enterprise USB drives for moving and transporting sensitive personal information in the field.
'We're in the early stages of rolling them out,' said Brian Main, head of data management and production operations manager at the division. 'So far, it's been relatively painless.'
But deploying centrally managed, secure storage devices also means accounting for old, unmanaged devices and the data they contain. 'The biggest issue we're facing so far is getting the old stuff back in from the field,' Main said.
The division also is deploying digital certificates to authenticate the devices.
To do this, it had to get a waiver from the state's central information technology department, which has a monopoly on digital certificates for the state.
'When they get caught up, we will begin using central certificates' from the IT department, Main said. ' William Jackson
NEXT STORY: Natalie Givans | Security gets into the mix