Colorado implements email encryption

Sensitive emails are encrypted on the system's servers, making access nearly impossible for cyberthieves.

Sensitive emails are encrypted on the system’s servers, making access nearly impossible for cyberthieves.

The adoption of email as a main source of communication between government agencies has raised security concerns over outside parties accessing sensitive correspondences. The amount of information contained on government email servers, from medical and tax records to law enforcement reports, is staggering. The FBI’s Criminal Justice Information Services (CJIS) ha recognized the importance of having a secure email service in place by establishing data security requirements for organizations. Colorado recently implemented an email system that is in accordance not only with the CJIS guidelines but also the federal Health Insurance Portability and Accountability Act.

Government Technology reported that Colorado commissioned an email encryption provider to create a unique communications network for the state’s employees. Government authorities desired an encryption service that would effectively prevent cyberthieves from reading sensitive information even if they had access to the files on the email server. Using a variation of Google’s Gmail client, the service provider established a system that identifies sensitive emails and high-risk users, such as law enforcement officers, and encrypts that file from the time it is created until it is opened and read by the intended recipient. When the email is closed, it is re-encrypted and stored on a cloud server. Access to encrypted files requires an elevated account level and passing an additional authentication step.

Encrypting sensitive information
Some critics have had doubts about the security available on a cloud network, but state officials are confident that the encryption process will keep their data safe. The partitioning system splits data into hundreds of pieces that are spread across data centers situated within different parts of the United States. According to government authorities, the encryption process makes it nearly impossible for cybercriminals who manage to crack the system’s layered security to make sense of stolen content as they will only have a fraction of a much larger file.

“A single email or document doesn’t exist as a whole anywhere, nor is it associated with the person that sent it,” Colorado’s Secretary of Technology and CIO Kristin Russell told Government Technology, “So even if somebody…broke into Google’s data center and stole a disk, they’d only see one chunk of that data and even that chunk is encrypted.”

Government agencies at risk for cybertheft
In the wake of some high profile cases, government agencies are placing a renewed focus on digital theft. Just last year, cyberthieves breached South Carolina’s Department of Revenue servers and made off with millions of Social Security numbers, tax returns and bank accounts. Data security is a major concern for North American governments, and Colorado’s email encryption system may serve as a valuable guide for other organizations as they improve their digital defenses.

Are you concerned about government acquisition and storage of sensitive personal information? Is Colorado’s encryption system a long-term solution or will cyberthieves eventually find a weakness in it? Tell us what you think in the comment section below!

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.