Techworld

How joining Google Gmail with encryption system helps high-tech firm meet government security rules

When a relatively small high-tech company with some big aerospace and defense customers wanted to adopt cloud-based email for its employees, it faced the challenge that whatever choice of cloud service it adopted, it had to meet the government's security regulations known as ITAR, or the "International Traffic in Arms Regulations."

The firm, Novati Technologies, found a way to do that through cloud-based encryption of Google Gmail in which only Novati, and not Google, can directly access and decrypt any Novati email information held encrypted in the cloud. The reason that feature was especially important is because some of the rules in ITAR say anyone authorized to access ITAR-regulated data has to be a U.S. citizen, among other requirements. Novati determined that by encrypting its employee Gmail accounts using the CipherCloud gateway appliance, the nanotechnology firm could meet ITAR demands.

[ How ADP and Facebook battle bad email ]

"We're required to be ITAR-compliant," explains Patrick Meyer, director if IT at Austin, Texas-based Novati, emphasizing this was a main consideration as the company went about evaluating how it could migrate to the cloud from Microsoft Exchange servers in-house and the hosted service it had, which was not particularly reliable, functional or stable.

Encryption has long been a common practice at the nanotechnology firm there where a number of encryption methods, including PGP and ZixCorp, are used to secure data and share it confidentially with business partners.

When Meyer looked into Microsoft Office 365 as a possible cloud email option, he found there was an "Office 365 for ITAR" on the market. But "their focus was 25,000 accounts or more," he adds, noting Novati was looking at transitioning to less than 150 email boxes for its purposes.

Unlike Microsoft, Google didn't make specific statements about any ITAR-support in its cloud email offering, says Meyer. But by using the CipherCloud appliance, which supports Gmail among a few other cloud-based services, Novati could basically exert encryption control over all Gmail held in Google's cloud. So Novati made the migration to Google Gmail for about 130 mailboxes at the end of last year.

"We encrypt all of our email," says Meyer, and so far, the arrangement has been reliable, with Google Gmail having a lot of flexibility in vaulting, searching and archiving, he adds. The cost advantage has also been rewarding for Novati, with reduced operational expense of 45% in comparison to its pre-cloud deployment.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

Tags unified communicationscloud-based securityOffice365E-mail servicesCipherCloudNetworkingcloud computinginternetFacebookGoogle GmailGoogleCloudsecurityMicrosoft

More about FacebookGoogleIDGMicrosoftPGP

Comments

Comments are now closed

Twitter Feed

Featured Whitepapers