Sharing data with many partners requires a common encryption platform
Officials at the Centers for Medicare and Medicaid Services knew that securing the huge amounts of sensitive data they share with organizations nationwide wouldn’t be easy. But it was necessary.
Just do it,” said Julie Boughn, director of the Office of Information Services and chief information officer at CMS. “There are tons of anxieties around this. We landed on the side that it was our duty to do it, and we’re not going to ship the data until we do.”
In this report:
CMS zips up sensitive data for security in transit
But the key to making it work was finding a common platform for encryption that could be used by CMS and the 50 states and numerous other organizations with which it shares personally identifiable data. CMS is a mainframe shop, but its partners use everything from mainframes to desktop PCs to access the data. CMS officials chose SecureZIP from PKware, which was built on the PKZIP product that works on multiple platforms.
Using hundreds of tools to encrypt and decrypt data with each partner was not an option, said Ray Pfeifer, senior technical adviser at CMS’ Office of the Chief Information Security Officer. So it was important for CMS to take charge.
“We wanted to pick a product,” Pfeifer said. “We didn’t want the users to all pick different products. We only have to learn one product, and they only have to learn one product.”
William Jackson is a senior writer of GCN and the author of the CyberEye blog.