Chief Technology Officer
When you hear the term insider threat, who do you think of? A developer leaking IP to a competitor? An accountant using their access permissions to embezzle funds?
While malicious offenders are very real, they’re only responsible for 26% of insider threat incidents according to the Ponemon Institute. Most threats - up to 56% on average - are from employees who slipped up or didn’t use the tools provided.
Security leaders like Juan Saldana combat these insider threats every day. As the CTO for Cameron County, TX, Saldana chose Virtru to help employees seamlessly protect the county’s most sensitive data exchanged through Microsoft Outlook.
With Virtru, Cameron County, TX can:
Nestled in the southernmost tip of Texas, Cameron County serves almost 500,000 citizens, and then some, whose PII and PHI flows between its many agencies and beyond. Saldana works with all of these entities to match them with data protection solutions that meet compliance.
While the Cameron County health department was using a legacy encryption tool to correspond, the catalyst for switching to Virtru was a slip-up in the law enforcement department. After receiving an unencrypted email with sensitive files attached, as well as a generous list of CC’ed recipients, Saldana had to intervene. Information flowing to and from law enforcement can be as sensitive as inmate health status results; and while the data in this particular email wasn’t as sensitive, the incident revealed the potential of other inadvertent insider threats.
“The biggest security challenge we have at the moment are the people that are sending this type of data, and we just haven't found them yet. They're not aware that they should be [protecting that data], and we're not aware that they are,” he explained. “I want to make sure that we find these people and advise them in time before it becomes a case of someone receiving this information and it gets exploited or published or misused because it wasn't encrypted.”
When it came to finding a built-in encryption solution, ease of use was at the top of Saldana’s must-have list - and Virtru fit the bill. The Virtru Microsoft 365 Outlook add-in allows county employees to encrypt sensitive emails, and sensitive files attached to those emails, in just one click.
“[Virtru] is easy,” Saldana said. “It didn't require that learning gap that a different product would have taken.”
In addition to mitigating insider threats, Virtru’s granular access controls also enable Cameron County employees to be precise about who can access data, whether they can forward it or download it, and how long they’re able to access it.
“Make sure [data] doesn’t get into the wrong hands. If the person isn't meant to receive it, they can't open it.”
Virtru also empowers county employees to safeguard data, while also being human. At any point in time, users can withdraw access to data after already sharing it, and even disable forwarding to avoid data being exposed to unwanted eyes.
“Who hasn't sent an email out, and started typing addresses out quickly, and doesn't realize that they added someone's incorrect email address?” he asked. “It happens.”
Like every other state and local entity, Cameron County is obliged to comply with various federal regulations; in this particular use case, Virtru helped the team meet CJIS regulations after a stringent audit.
CJIS compliance mandates that sensitive information be safeguarded with FIPS 140-2 grade encryption, a standard for data protection required by the federal government.
Deploying security solutions that pack a compliance punch is traditionally a heavy lift. Other solutions Saldana and his team considered were too cumbersome, complicated to deploy, and hard to adopt, requiring multiple passwords and logins.
“Compared to the older [encryption] product that they had, that required an actual installation and license key [and] everything else just to get it going. I think the issue we have is, we assign licenses to these different users, and some of them just don't realize or don't look at it, or don't install it. Then, we need to reach out to these people and remind them that they need to install this encryption software,” explained Saldana.
Saldana deployed Virtru to various Cameron County departments both in need of FIPS 140-2, and those that didn’t. Not only was it adopted in record time, but required less effort and cost than other solutions would have. Public health adopted the tool in a day, and law enforcement started encrypting with minimal friction, too. This made the transition easier on the Cameron County IT team, which is often spread thin with other projects.
“Being public sector, you know, funding is also tight…” He said. “In most cases, it’s never enough staff. Never enough people. On top of all your other duties, you have to deploy this. So, showing [the team] how easy it is to work with the product itself, you know, literally, you enter the person's email address and assign a license and you're done. The user gets the email, they click it, accept it and they're up and running. So for the IT side of it, it’s easy and it's quick and mostly hands off.”
Working for local government can often be a thankless path, especially when tasked with protecting the private data of thousands of citizens. It takes a lot of teamwork, a lot of teaching, and a lot of margin for error. Real results come with leaders like Saldana in Cameron County, who take the time to cultivate smoother workflows by finding simple security solutions.
Want to learn more about Virtru for Microsoft Office 365? Meet with our team.