Orange County, Calif., Standardizes E-Mail Security

Simple but powerful encryption system will protect e-mail for more than 40 county agencies.

by / October 7, 2008

Orange County, California, one of the most populous counties in the United States, is now using Voltage SecureMail from to encrypt and protect e-mail communications for its employees.

The SecureMail system will safeguard e-mail for more than 26,000 full-time and contract employees across 43 Orange County agencies. The new e-mail system will also fulfill privacy and compliance mandates such as HIPAA (the Health Insurance Portability and Accountability Act), and support the county's federated IT infrastructure, leveraging common classifications, policies, global LDAP repositories, shared resources and economies of scale.

"Our highest priority was to enable departments to address their areas of greatest information risk, and mitigate regulatory compliance concerns as quickly as possible," said Tony Lucich, chief information security officer (CISO) and enterprise architect for the County of Orange. "E-mail stood out as a major area of concern, so we first needed to provide blanket coverage for any agency that handles sensitive content via e-mail."

However, in the security industry, Lucich points out, e-mail security is often synonymous with monstrous cost and implementation. So, he and his team set out to examine the available technologies and products before selecting and standardizing on SecureMail. The solution leverages Identity-Based Encryption (IBE), a cryptographic breakthrough that enables unprecedented end-user usability, product scalability and solution manageability, while simultaneously providing the lowest total cost of ownership (TCO). Lucich's goal was to offer these benefits and more in an automated encryption solution that works seamlessly within its inbound and outbound content management framework, and was easy enough for technology novices.

Using a weighted matrix of important criteria to guide their decision-making, Lucich's IT team invited vendors to demonstrate their solutions and ultimately judged SecureMail to be the most effective email encryption solution available.

With the new system, the County of Orange can ensure e-mail and mobile messaging is secured with end-to-end, content level encryption. It is integrated easily into the existing infrastructure, providing what Lucich says is "bar none, the best encryption coupled with the best anti-spam solution in the industry."

SecureMail supports several key use cases in Orange County. For example, the county's health and social service agencies frequently need to share personal medical information on clients with outside doctors and healthcare providers. As per HIPAA regulations, this information must be encrypted when sent via e-mail. In that scenario the new system, with its high scalability key management, enables Orange County officials to send encrypted messages to their intended recipients, regardless of what kind of operating systems or e-mail software they use.

"Orange County is the latest in a growing list of large government organizations and corporations that are discovering how SecureMail with its centralized key management delivers power and peace of mind for highly sensitive email communications," said Wasim Ahmad, vice president, Voltage Security.