Maryland’s Protection of Information by Government Agencies law (PIGA) requires that any personally identifiable information (PII) must be secured. More specifically, it requires reasonable security procedures and practices that are appropriate to the nature of the personal information collected and the nature of the unit and its operations. That’s a tall order, considering the various types and amount of data passing through the state government’s email systems on a daily basis.
The State of Maryland’s government encompasses 62 independent agencies that provide services to over six million citizens. With 56,000 employees collaborating, emailing, and at times transferring sensitive data, maintaining security compliance is a substantial responsibility.
Nearly a decade ago, each of the different agencies throughout the state, such as the Department of Health, Department of Public Safety and Correctional Services, and Department of Education, had their own independent email servers and security mandates. Managing these disparate systems placed a tremendous burden on each agency.
Many of these independent agencies handle private data that is subject to PIGA and other strict federal regulatory requirements like Criminal Justice Information Services (CJIS), the Health Insurance Portability and Accountability Act (HIPAA), and the Federal Information Security Management Act (FISMA). Ensuring all email activities were in compliance was complex and a constant source of aggravation.
Tracia Sherman, Workspace Platform Manager at the Department of Information Technology (DoIT), is a 15-year DoIT veteran. Sherman and her team support communications, change management, and training processes relevant to system deployments. “Consolidating disparate email systems onto a single, managed platform running on hardened infrastructure in the cloud was a no-brainer from a security, collaboration, cost-efficiency, and productivity standpoint,” says Sherman.
The State of Maryland made a big, bold decision to manage security and infrastructure for Google Workspace users from one central point under DoIT’s management. Their eventual migration positioned the State as one of the earliest pioneers among governmental agencies to go all-in and roll out Google Workspace and other Google Cloud-based apps and services to their employees.
“We replaced Microsoft Exchange and Novell mail servers with Google Workspace, allowing us to secure data on an enterprise-wide scale and execute mobile device management and data loss prevention (DLP) monitoring across all agencies, as well as track every email and document attachment,” says Sherman. “Given the sensitive nature of our data, and our need for the highest security standards, we went with Google Workspace, which we found met our needs.”
To help ensure a smooth transition to Google Workspace, training was essential to ensure state employment engagement with the new system. After conducting an RFP process, the state chose SADA, a multi-year Google Cloud Sales Partner of the Year, to provide training and service support for their Google Workspace needs. SADA was also able to help the state procure the appropriate Google Workspace licenses in a cost-effective manner by leveraging their knowledge of Google Cloud’s Committed User Discounts (CUDs).
Sherman and her team conduct biweekly meetings with SADA and Google Cloud to continuously improve operations. Additionally, for the past seven years, the State has held an annual Google Conference, in person before the pandemic and virtually during the pandemic, with attendance ranging from 300 to 500 State employees to receive in-depth instruction and product roadmap updates. “Both Google Cloud and SADA provide trainers to share best practices and encourage agency interaction,” says Sherman. “From a typical end user to a more advanced techie, everyone leaves having learned something new and exciting.”
To address enhanced end-to-end email security requirements, SADA introduced DoIT to SADA SaaS Alliance Program partner Virtru, a company that specializes in integrating military-grade data security functionality into everyday technology applications, including Google Workspace. Creators of the Trusted Data Format (TDF), the open industry standard for persistent data protection, Virtru protects data at the time of creation and throughout its lifespan, regardless of where it’s shared. Many of the state’s agencies have adopted Virtru for encryption of data shared through email.
Working with SADA and following a five-year digital transformation and migration roadmap, DoIT migrated 62 state government agencies to Google Workspace.
Ongoing Google Workspace training delivered by SADA plays a part in that process. Recently, SADA delivered to the State of Maryland eight SADA-led training sessions covering solutions including Drive, Meet, and Chat. Approximately 4,500 State of Maryland employees attended training, with increased usage and adoption noted across Meet and Chat immediately following the training sessions.
Over those five years, DoIT rolled out Google Workspace to three or four agencies every couple months. “We made the right decision,” says Stefanos Ghebrehawariat, DoIT Assistant Cabinet Secretary, Data and Applications. “We know Google Workspace is the best functioning platform that we can offer our users.”
In addition to functionality, budget appropriations also played a part in the State going with Google Workspace. “Cost was also a huge consideration that led Maryland to Google Workspace and SADA,” says Sherman. “We saved a lot. I know one agency alone, Juvenile Services, saved around $600,000 just in their first year, just that agency.”
Having the Google Workspace infrastructure in place also provided an easy transition to a remote workforce during the COVID-19 pandemic. “Thankfully, we had a fully functioning mechanism for all our users to connect to State resources from home,” says Ghebrehawariat. “I know SADA has been instrumental in getting us to where we are today using Google Workspace.”
Overall, SADA helped the State of Maryland:
- Enable distributed teams with easy-to-use data protection and access controls for private data
- Easily share sensitive data via email
- Support training for critical Google Workspace applications
- Save time, expenses, and internal resources