Encryption high-priority for Massachusetts

Massachusetts data-privacy law requires encryption of personal information

The Massachusetts data-privacy law that kicked in this March requires, among other things, the encryption of personally identifiable information when sent over the Internet. Government agencies have also been given their own guidelines by the state's governor, which has prompted new encryption technology deployments.

How to effectively contract your network privacy

One Massachusetts governmental department, that of the Executive Office of Housing and Economic Development (EOHED), which includes several agencies, has set up a way to automatically encrypt all data sent between about 70 locations by means of encryption equipment. It's doing this using gear from CipherOptics called the CipherEngine Enforcement Point, which is hardware that plugs into the agency's Ethernet and edge switches, according to Dana Racine, director of infrastructure in the Executive Office of Housing & Economic Development.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The Massachusetts data-privacy law that kicked in this March requires, among other things, the encryption of personally identifiable information when sent over the Internet. Government agencies have also been given their own guidelines by the state's governor, which has prompted new encryption technology deployments.

How to effectively contract your network privacy

One Massachusetts governmental department, that of the Executive Office of Housing and Economic Development (EOHED), which includes several agencies, has set up a way to automatically encrypt all data sent between about 70 locations by means of encryption equipment. It's doing this using gear from CipherOptics called the CipherEngine Enforcement Point, which is hardware that plugs into the agency's Ethernet and edge switches, according to Dana Racine, director of infrastructure in the Executive Office of Housing & Economic Development.

"It's an overlay on the physical infrastructure," Racine points out, noting the CEP1000, which encrypts at 1 gigabit speed, and the CEP100, which reaches 100Mbps, will encrypt all data, not just what might be designated sensitive data, as it travels between locations on the network.

He says a decision was made to simply encrypt it all, instead of trying to determine what sensitive data specifically might fall under the guidelines of Gov. Deval Patrick's Executive Order 504, which covers Massachusetts government systems. The encryption processes being put in place by EOHED is being closely watched by other state agencies, Racine says, adding that other types of host-based encryption are being extended as well.

Setting up the CipherOptics gear hasn't been too difficult, he says. "It's similar to a firewall rules set," says Racine, noting that the encryption of data, which might include sensitive information such as Social Security numbers or financial data, starts at the sub-net level, to be automatically decrypted when it reaches its sub-net destination point.

The encryption deployment, which is still in progress, is somewhat costly at about $385,000 for the CiperOptics gear, Racine points out, adding that few direct competitors appear to be available, though Thales was an option that was examined though its equipment speeds appeared to be lower.

Read more about security in Network World's Security section.