“This system will far exceed any existing cyber security protections we have in place, but will we be able to work with it?”. This was the question posed by the lead project manager for the New York State HMIS (Homeless Management Information System) application.
For the New York State Office of Temporary and Disability Assistance (OTDA), complying with the US Department of Housing and Urban Development (HUD) to provide reports on the state of homelessness within New York put them on a path with significant legal ramifications. The transmission and storage of sensitive HIPAA data along with Protected Personal Information (PPI) raised many legal objections from regional processing centers due to the potential for data exposure to not only the cyber miscreants of the world, but also NYS administrators and technical personnel.
As former HUD commissioner, the governor of NYS was very interested in a successful statewide HMIS data warehouse. For the New York State Office of Information Technology Services (ITS), however, systems must not only be usable by key stakeholders, but also maintainable by their staff even after technology consultants are not longer under contract. If it cannot be used, even the greatest system is useless!
The concept of the Lockbox had already been proposed to the regional legal teams in custody of the coveted homeless data. Other key ideas for the system included tokenizing user accounts into random identifiers and de-duplication of related records amongst the regional centers. The reception was very positive, but now it was time to provide the details on exactly how the protections and processes would work and who would be able to access sensitive information.
JJD Software was called in to satisfy these needs; to 1) provide a cyber security solution that would prevent even high level administrators from having the ability to compromise protected information, 2) tokenize the sensitive information and de-duplicate common personal records throughout the state, and 3) to allow the internal technical and project teams within New York State to be able to maintain the system and perform necessary work functions without having access to the data. The result - the TSM Lockbox - garnered not only universal acceptance from both the legal and user community as well as internal staff, but also the NYS Information Security Office who awarded the Lockbox the New York State Cyber Security Award.
With the Lockbox, even the system and network administrators (including all development personnel) cannot decrypt the protect data - at any stage. Yet, the project and infrastructure leads are easily able to administer the system and troubleshoot as needed, all while enabling and supporting key OTDA/HUD business needs. This is accomplished working around the existing infrastructure at NYS with minimal performance impact.
What’s next? High on the list for the NYS Task Force on Counterterrorism and Public Protection is preventing a major data breach like Equifax. Because the TSM Lockbox prevents network/domain admins from compromising protected information, it eliminates the key vulnerability utilized in cyber attacks such as Equifax, Uber, and Anthem. JJD Software is currently in discussions to present at the NYS Roundtable Task Force to extend these protections to other systems within New York State.
Want to see what JJD Software can do for you? For more information please visit: https://ternarysecuritymodel.com/