How Alaska Replaced MOVEit and Closed the File Security Gaps Microsoft Couldn't Fill

The Alaska Department of Family and Community Services (DFCS) exists to protect children and families. Every case file, every referral, every piece of documentation shared across agencies, courts, healthcare providers, and tribal governments carries real consequences for the people it represents.

That weight of responsibility means security gaps are more than an IT problem. They're a mission risk. That's what led DFCS to Virtru Secure Share, and to a fundamentally different approach to protecting the data at the heart of their work.

The Result

• Files stay protected after they leave DFCS. Encryption travels with every file format through download, and DFCS can revoke access anytime,  even after a recipient has already opened it.

• Anyone can access shared files, no account required. Staff authenticate via SSO. External recipients — citizens, courts, tribal governments, hospitals — open files directly in a browser with no new credentials needed.

• Replaced MOVEit and closed Microsoft Purview's coverage gap. Secure Share protects every file format beyond the M365 perimeter, supports files up to 15GB, and carries SOC 2 Type II, FedRAMP Moderate, and GovRAMP authorization.

The Challenge: When the Tools Don't Match the Mission

For DFCS, those gaps were real and growing. The agency had invested in Microsoft's DLP and Purview tools to protect sensitive data within the M365 ecosystem, and those tools worked, as long as files stayed inside the Microsoft environment. The moment a PDF, image, or CSV left the M365 perimeter, whether downloaded, forwarded, or shared with an external partner, protection was gone. Non-Microsoft file formats were simply out of Purview's reach.

External sharing created its own friction. Partners trying to access shared files through Purview encountered consistent authentication failures. The experience of creating new usernames and passwords in any sharing tool had become a predictable barrier for the agencies, courts, families, and tribal governments DFCS needed to reach.

MOVEit was supposed to help. It didn't—not fully. License and account management consumed administrator time. File sizes were capped at 2GB, tight for the documentation packages a child welfare agency regularly handles. Identity and SSO failures continued to prevent external recipients from accessing content. And like Purview, MOVEit offered no visibility or control over files once they were downloaded. Data left DFCS's hands the moment a recipient clicked "open."

Recommended Reading: Utah State Government Migrates from MOVEit Transfer to Virtru Secure Share

Meanwhile, the security team was already stretched. Security assessments, vendor certifications, and protocol updates competed for the same bandwidth as active incidents and legal matters. There was no slack in the system for managing the shortcomings of tools that were supposed to reduce workload, not add to it.

The gaps had to close. The overhead had to come down. And whatever replaced MOVEit had to be something that staff, external partners, and tribal government contacts could actually use, without creating accounts or reading a user guide.

The Solution: Persistent Protection That Fits the Stack

DFCS deployed Secure Share to replace MOVEit and extend persistent, data-centric encryption to every file shared outside the organization, regardless of format or destination.

The integration story started with identity. Secure Share connects directly to DFCS's existing Microsoft 365 environment through OIDC authentication with Entra ID, supporting multifactor authentication and enabling single sign-on. Staff log in with the credentials they already use. External recipients, including citizens, families, hospitals, and tribal governments, access files through any browser with no account creation required.

The username and password problem was solved by not introducing one in the first place. This is integration, not replacement.

Once a file is shared through Secure Share, protection travels with it. PDFs, images, CSVs, and native Microsoft documents alike are encrypted and policy-bound throughout their lifecycle, on DFCS's servers, in transit, after download, and wherever the file eventually lives. Purview's coverage gap is closed. The 2GB MOVEit cap is replaced by a 15GB ceiling that accommodates the large case files DFCS routinely handles. And if a file is shared in error or circumstances change, DFCS can revoke access at any time, from anywhere, even after a recipient has already opened it. Staff call it "protecting against the whoops."

For an agency handling Title IV records, protected health information (PHI), tribal data, and personally identifiable information for children and families, that last-mile control matters. So does the compliance posture that comes with it. Secure Share's SOC 2 Type II attestation, FedRAMP Moderate authorization, and GovRAMP authorization provide the documentation DFCS needs to demonstrate it is sharing sensitive data on a platform that meets rigorous federal and state security standards, reducing the vendor assessment burden that had long consumed security team capacity.

The Outcome: Less Overhead, More Control, One Platform

DFCS replaced MOVEit with a solution that is more secure, better integrated, and meaningfully simpler for every person who uses it, including staff, administrators, and external recipients alike.

The persistent protection that Microsoft's native tools couldn't provide, for non-M365 formats, for files shared externally, for data accessed beyond DFCS's environment, is now in place. The administrative burden of managing MOVEit licenses and accounts is gone. The authentication failures that blocked external partners are no longer a recurring incident. Security should empower, not stifle — and for DFCS, it finally does.

What makes Alaska's approach worth noting is the ambition behind it. DFCS isn't treating Secure Share as a point solution for one department. The agency is positioning it as the foundation for an enterprise-wide file security offering across Alaska state government, a recognition that secure, persistent file sharing is not a departmental problem, but a statewide one.

That kind of forward-thinking, mission-aligned security leadership, deploying tools that protect the people and data that matter most in a way that actually works for the people who use them, is exactly the model other state and local agencies should follow.