Rise8 is an elite defense contractor that specializes in developing and deploying advanced software systems for the US Department of Defense (DoD) and Federal Government Agencies. The company has a team of highly skilled engineers and technicians who must exchange Controlled Unclassified Information (CUI) and other sensitive proprietary information with the DoD. When highly secure workflows imposed by federal entities began impacting its teams’ productivity, Rise8 sought a solution that allowed the best of both worlds: security and collaboration.
With Virtru, Rise8 is empowered to:
- Streamline collaboration with various entities within the DoD, mitigating the collaboration gap
- Add additional protections to safeguard Controlled Classified Information (CUI), PII, and FCL information as it travels back and forth to the DoD
- Leverage client-side encryption to prepare for international expansion
- Use Gmail add-in to maintain encrypted communications without the friction of S/MIME and key exchanges
Streamlining External Collaboration with the DoD
“One of the battles that we were trying to overcome was: How do we send encrypted documents? CUI, Controlled Unclassified Information, needs to be encrypted end-to-end, and in transit,” said Nate Lotts, Information Technology Lead at Rise8. “Nobody really knows an easy solution.”
Before Virtru, Rise8’s engineers and developers had to exchange encrypted CUI with the Department of Defense using a DoDSAFE - which only invited one person to submit and retrieve files each time an exchange occurred. This created an extreme bottleneck for Rise8, especially if the sole DoDSAFE invitee was out of the office. Even if the designated file-puller was present, the portal-based system required a password login that often expired, setting the team back again.
Lotts landed on Virtru Secure Share and Gmail Add-In to speed up file exchanges with Rise8’s business owners in the DoD. Now, they can maintain the same heightened levels of encrypted security, minus the heaps of effort. They can simply attach files to an email or share their unique Secure Share link with specific intended recipients in the DoD, and can easily receive and decrypt files back from the DoD, regardless of their operating system.
Not only was it a light lift for the team to deploy, but their external business partners at the DoD latched onto it as well.
“Once [DoD recipients] get familiar with it, it’s ‘man, this is easy,’” explains Lotts. “Once they realize the capabilities, it's pretty easy for them to communicate back and forth with us with actual documents.”
Virtru Gmail Encryption vs. S/MIME: Agile Communications Made Easy and Affordable
As a Google Workspace house, Rise8 faced inherent friction with entities using S/MIME to secure email communications.
“S/MIME helps with the exchange of [PKI] credentials and because we’re outside of the DoD, we're not part of their domain,” explained Lotts. “[Without S/MIME certificates], I don't have access to their public key to decrypt the email they encrypted. So it's pretty much useless if they send me an encrypted email. I can't read it.”
Sending and receiving emails through exchanging S/MIME credentials between Gmail and Microsoft houses is possible but complex, expensive, and labor-intensive. It would require Lotts and his team to source S/MIME certificates for all senders of encrypted messages, ensure their recipients also have S/MIME certificates established, and then, leverage a Google-recommended encryption key manager like Virtru. Once S/MIME certificates have been successfully exchanged between senders and receivers, those users can exchange emails encrypted with Google CSE.
This forced Lotts to ask, “What's the one-stop shop for us? What integrates with Google Workspace without us having to set up some other email service? Which is where Virtru comes in.”
The Virtru Gmail encryption came in handy for Rise8 as it didn’t require installing a completely new email service or strenuous extra steps for the end user. Nor did it require anything more of the DoD as encrypted Virtru emails could still be opened by external recipients without compromising the secure environment. Each party could still maintain private communications at the standard speed of email.
Virtru also saves Rise8 money by eliminating the need to obtain S/MIME certificates, and the need to staff its team with employees to manage it.
“Organizations have teams of people that manage email services and encryption, having to manually upload keys and all of the stuff for email encryption to work,” explained Lotts. “What's the salary for a person to just do that? And then what's your cost for Virtru? Obviously, it's drastically less.”
Learn more: How to Choose the Best Option for Your Gmail Encryption Requirements
Helping Rise8 Meet and Leverage PII, CMMC Compliance
As a result of contracting in the defense space, Rise8 is obliged to meet various regulatory requirements, including NIST 800-171, PII, and soon CMMC 2.0 once it is finally ruled upon. Virtru safeguards CUI and other sensitive data in transit and at rest with 256-bit AES encryption for Lotts and his teams. Some individuals at Rise8 also help facilitate the security clearance, known as FCL. They now use Virtru to protect sensitive personal information like social security numbers as they travel to various agencies for review.
Virtru’s client-side encryption also allows Rise8 to encrypt sensitive information end-to-end, which will help them inch closer to ITAR compliance. Providing them with a competitive edge in the future as they expand business internationally.
Striking a Balance Between Security and Collaboration
“The only way to secure information a hundred and ten percent is to lock it down so tight that nobody has access. Well, then nobody can do their jobs, right?” said Lotts. “What they need to do is meet in the middle.”
With Lotts and his team’s balanced approach, Rise8 fulfilled its namesake - rising to the challenge of finding a solution for secure collaboration within the defense industrial base. The question is, will other contractors follow in their footsteps?