Empowering New York Schools with Secure Compliance

Transcript


[ALEXIS] Well, thanks everyone for joining us today, for the Empowering New York Schools with Secure Compliance webinar. I'm Alexis Jarrett. I'm the channel development manager at Virtru, and I work closely with our partners like NERIC and CDW to support K through 12 in securing sensitive data workflows while enabling collaboration.

And today's session came about because data security in K-12 and compliance with regulations like New York's Ed Law 2-D, HIPAA, FERPA, and the like is more than just a regulatory requirement these days. It's an important and crucial step in protecting student information as well as maintaining trust within your community.

So for some districts, you know, balancing that data protection mandate or those data protection mandates with the need for smooth and reliable collaboration can be a real challenge. And the reason we're here today is because Virtru already works with over six thousand customers, dozens of those being in K-12 schools in New York State. So we provide data centric security solutions that integrate into the tools your school already uses, like Google Workspace, Microsoft 365, and other applications, and we make it easier to protect that sensitive student data without disrupting what workflows you already have in place. For those that aren't familiar with Virtru, we are a data centric security company. We specialize in encryption of files, emails, and applications that leave the network to help you secure any data as it travels wherever it goes. We partner closely with NERIC and CDW to support schools across New York State as well as the country, so we appreciate their partnership in putting together this webinar today. We put together a session that's gonna be focused on some real world insights, some practical strategies for K-12 data security, but we're gonna get a little more specific here and talk about Ed Law 2-D compliance pretty heavily. Today, you'll hear from two of my colleagues. We have Jay Rudkin - he is a sales director at Virtru, and he works with all of our K-12 customers and has a lot of experience helping them navigate the challenges that we'll discuss here today, so thanks for being here, Jay.

[JAY] Yep. Of course. Thanks, Alexis.

[ALEXIS] And we have Tony Rosales, who is a senior solutions engineer at Virtru, and he's gonna take us through a live demo of Virtru's secure file sharing and email encryption solutions, and most importantly, show you how those integrate into workflows that you already have in place. Welcome, Tony.

[TONY] Thank you, Alexis. Hello, everyone.

[ALEXIS] And then we're gonna wrap up today with a Q&A session. So if you do have any questions, feel free to drop them in the chat, and then we'll get to those at the end. But with that, I'm gonna pass it over to Jay to kick things off.

[JAY] Awesome. Thank you very much, Alexis, and good morning, everybody. Super excited to be here, actually. I, as Alexis Alexis mentioned, I am, Jay Rudkin. I'm one of the sales directors here. About to enter my fourth year working with Virtru and actually engaged I think with some of the audience, some of those in attendance, over my fun journey here at Virtru. I think I wound up in this role because I'm married to a career public school educator. My wife is a teacher here in the state of Maryland where we reside, and she's approaching thirty years of doing it. So, working with K-12 organizations is truly near and dear to my heart. Yeah. So today, I'm excited to kinda walk you through a brief agenda here. We're gonna talk kind of a refresher. You know, Ed Law 2-D has been in place now for five years. I guess it was January 20th of 2020, can I even say 2020 anymore? That's such a bad word. But, that's when it came into effect. We'll discuss some common workflows and challenges that I see when I'm working with districts in New York and throughout the country for that matter. Give you a brief company and technology overview, about what Virtru does and where we fit in. And then, Tony is going to lead a demonstration for multiple popular solutions that our school districts will work with and use. And I'll go through some success stories, give you some insights into what we're hearing from our customers, and, and then I'll give you some insights into how you can learn more about Virtru if interested. So, excited to have the opportunity to speak with you all this morning. So, just to kinda recap, as I mentioned, January 20th of 2020 is when the regulations became effective, your education law 2-D regulations. Just to kinda highlight, to refresh. I mean, in fact, I might even have some data protection officers here today with us, who eat and breathe this stuff, so to speak. But there's data collection transparency and restrictions. There's parents' bill of rights for data privacy and security. There is each educational organization is supposed to minimize the disclosure of PII for any purpose by managing contractual relationships to ensure compliance. There's a whole bunch of things that go into Ed Law 2-D. Encryption, firewalls, password protection must be in place. You can read along with the slide here. Data encryption, safeguards to ensure personal identifiable information, that's that PII, is not accessed by unauthorized persons when transmitted over networks and using encryption technology to protect data while in motion or in its custody from unauthorized disclosure. So, effectively, what we're kinda refreshing upon is the requirements, specifically related to data in transit and at rest and specifically that, student PII as it's known. So, I still, from time to time, will engage with the district, not in the NERIC patch so much, but, whether they're in another region of the state, who are still kinda coming to grips with, you know, and that's fine to be in that position, of course. But it's a journey that we enjoy having, an exploration, I should say, with all the districts that we come into contact with in New York. Where we typically see common use cases needs by department of where sensitive data of this type described recently flowing will be in rhese columns here, these different departments. You know, thinking of your administrators, with those sensitive communications to parents and internal information that might be sensitive in nature. Information technology departments, the sharing of passwords, finance, your payroll data, human resources. So thinking beyond just, Ed Law 2-D here, just good data hygiene practices, common use cases for the sharing of sensitive information, PII and otherwise. Special education. Those IEPs for special education students, including, protected health information as well. And then nursing staff, student as well as faculty, protected health information. Forms with protected health information, test results, all sorts of different reasons and areas where, it's kinda eye opening for an organization to realize that the opportunity for the sharing of sensitive data occurs. And so, these are areas where we typically see a lot of need, and we're able to, with our easy to use, easy to implement tools, solve for those needs as well. Giving you a quick overview about Virtru as a company. Our purpose, our CEO likes to begin every one of our group meetings with our mission statement, which is to unlock the power of data, helping create a world where it is always under your control - everywhere. We live and breathe this mantra. It's it's truly at the core of who we are here today. Promoting the intentional sharing of data that needs to be shared, essentially, but giving you the ability to have it always be under your control. Virtru's been in business since 2012. That's when the brothers, Ackerley, both Will and John, formed the company. Will was working for the NSA where he was one of the co-inventors of our technology, the trust the data format, which is actually an open standard, that's how we do the encryption, while working for, again, the National Security Agency. And, this TDF is an open, data centric security standard that's in use by 6,000+ government and commercial customers. We have over 50 million users of Virtru worldwide, And we have, again with that, with the NSA and John's background, with the White House, cybersecurity council, deep security and regulatory expertise. We're headquartered, down in Washington, DC. I can tell you what is Virtru? Where do we fit in? For those who don't know us or are just learning about us for the first time. Virtru is a a data centric security company, as opposed to or in aligned with, your more traditional perimeter centric, defensive security tools, such as, you know, those that govern identity, device, and network access, things like your firewalls, things like your multifactor authentication, such as Okta, CrowdStrike, for example, any sort of DSP or email inbox security. Most organizations have these as ways to protect the data inside of the four walls. Right? Think of it as these are your "moat" type of tools. Virtu's solutions sit alongside, but with an offensive security posture. What we think of as offensive security, we're referring to empowered collaboration. It's simple. Our approach is to give organizations tools they need to share sensitive data with confidence, speed, and precision, protecting the data itself, allowing it to leave securely and always under your control. In addition to our approach and our mindset, we also have the concept of, because we're here today to discuss, Ed Law 2-D, is we come up a phrase, we're beyond compliance theater. And what we mean by this is compliance theater looks like checking boxes without understanding security implications, focusing on documentation over practical security measures. Whereas we like to think of real security, which is implementing genuine data protection that follows information wherever it goes, ensuring seamless and secure collaboration across organizational boundaries, which gives you the ability to maintain control over your sensitive data regardless of platform. With Virtru, you'll see it during a demonstration, and we think you'll agree. You'll see where we are able to enable you to kill two birds with one stone by bridging the gap between compliance and real security. So, as we get ready to head into the demonstration, just wanted to give you some insights here real quick that you'll see. We are data centric security built with a patented ease of use. Yeah. Many of you are familiar with security controls, legacy style that are a little bit more challenging to use. I think we have many testimonials, from our customers who tell us that, one of the reasons they chose us indeed was for how easy we are to use. So the TDF, it's our open standard that allows granular data protection access controls for any type of content being shared. We combine that with our patented piece, which simplifies the user experience. It integrates with the applications you use every day, things like email, things like Google Drive, and enables secure sharing with anyone without any sort of challenging preconfiguration steps. No technical expertise required, for senders, no recipients alike, really. So we're super easy to use. We have seamless key management, which Tony will show you, the ease of use, I should say. And, one of the nice hallmarks about Virtru's tools, and those of you on the call who already have us in place can attest to this probably, we're never gonna ask anybody to create new usernames and passwords. No new credentials to engage or interact with, with what they've been sent once you've encrypted it using Virtru. So, we're excited to introduce you to Virtru's tools, and of course be happy to answer any questions as we get closer to the end of the call. So with that, I'm going to segue into my colleague, Tony Rosales, doing a demonstration of the Virtru solutions that we see used in schools quite often. I'm gonna stop sharing.

[TONY] Awesome. Thank you, Jay, appreciate that. Let me go ahead and share my screen here. So again, as Jay kind of alluded to, we have several solutions. Today on the menu, I've got Virtru two ways for you. Basically, we're going to show you what a plug-in looks like within the Gmail environment as you see here. That is not limited to Google. If you are a Microsoft shop, we can still help you. Definitely speak with us, in regards to how we can help you and we'll go there. But we'll keep it real simple today. So the first option we're gonna show you is the Gmail plug in. So we've got some sensitive information here that we need to send, and what I'm going to do as a user is simply go ahead and toggle Virtru on. This message is now an encrypted message. You're gonna notice that we have some sensitive information here in the email that is now going to be encrypted as well as any attachments that were present on the email itself. Very simple. We just now hit secure send. That is gonna encrypt the message and send it out the door. No difference in workflow. Everything is exactly as you would expect to send an email normally. Couple of differences you are gonna notice though is that this message is now encrypted within the client self, meaning before it even left this email client, it's an encrypted message. It is gonna live encrypted within the email client self as well as within Google's environment. So if I were to go and look at that message I just sent in the sent items, it has to be decrypted to be viewed. This becomes very, very important when we're talking about highly sensitive information, and we can get into the different statutes of the Ed Law 2-D later. But the idea is this information is now fully protected from any sort of, of prying eyes, if you will. So what this looks like from a recipient point of view. Someone that maybe doesn't have Virtru at all is pretty straightforward. So this is another free Gmail account. If I click on this message, it is gonna be branded and colorized for whatever organization is doing the sending. We're also gonna get very clear information as far as who did the sending itself. It is going to come directly from that person. No portal here. Nothing that it's transferring through. This is a normal message for all intents and purposes. The only difference is the payload of that message is encrypted. So in order to decrypt that message, I'm gonna click on unlock message. What that's gonna do is it's gonna launch our secure reader app, which is going to allow us to go ahead and decrypt said message. Notice it went straight in. It went straight in because I had another demo earlier this morning, and we're only gonna ask for a login per browser session one time. The idea is if I was going in for the first time in a given day, if I clicked on unlock message, I'm gonna be presented with something to validate who I am. And so the idea is this is the application saying, hey I need to confirm who you are before I allow you the access to the key to decrypt said information. And I'm gonna say, yep, that's my email address right there. Our system's smart enough to recognize that it's coming from a free Gmail account, so it's gonna allow us to use Google's federated ID system. However, if that wasn't present, that is exactly what the one time verification link is for. It's an alternative that lets us be just as easy to authenticate with as clicking on where it says sign in with Google. For this particular demo, I will click on sign in with Google, which is gonna bring us back to the same message we're looking at before. I have all of the encrypted content that has been decrypted from my mailbox as well as any attachments that were there, be able to download view, respond securely all from the same pane of glass. Couple of other options before we move into Secure Share to point out is that not only can I send an encrypted message by toggling virtual on and off, one one click very easy, however, I also have some additional features that I can, that I can utilize. So if I click on secure options, I have the ability to disable forwarding, set an expiration date. I have the ability to go into attachments and turn on watermarking, which will best disable download print and copy, as well as turn on persistent protection, which is gonna allow the recipient to download a permanent copy that they're able to call up anytime they need to access that information. Why is this important? This is really important when you're talking about controlling that information once it leaves your environment. When you encrypt something, it adds a level of protection to that particular document, sensitive data that you're sending. However, there's no real control of it there. The control piece comes with this other stuff that I am pointing out here. Right? The ability to expire access to that information that you're sending becomes vitally important for certain content. So for instance, if I want this information to basically be inaccessible in ninety days, I can do that. When you're just talking about encryption without these additional controls, it's not really possible. That's not really part of what normal encryption software is. So just kind of worth pointing out. And then for all the admins in the room, all of these features are actually able to be set via admin policy where the user doesn't have to actually select it, but it is able to be set in a way that it is happening automatically from the control center. Pause real quick there for any questions if there are any, and if not, we'll move on to Secure Share. Alright. So with Secure Share, same type of workflow. So the idea is I am sending information. I need to send it securely, but maybe I'm not dealing with emails. I just wanna send a file. So I'm gonna click on add files here and I'm gonna grab a sensitive file. So let's say I grab, I don't know maybe I'm sending a driver's license or something like that. So a file gets uploaded and again, same story. As far as the email plug in is concerned, this information before it touches anything else is encrypted. So as it sits in our web application, it is now encrypted without having to require it to be encrypted. It just is. When we hit next, we're gonna have those same security options presented to us. Perhaps we wanna set an expiration date, and then, of course, because we're talking files only, the only things that are present are the file based, security options. Watermarking, which again download, print, and copying is disabled, and then of course persistent protection. When I hit next, I'm asked who I wanna send this to. I can select from a long list that maybe I use this all the time and there's gonna be several in there, or I can hand type in an email address if I need to. And so the idea there is I can send this information to multiple people, and I can also select multiple files all at once because with Secure Share, we are outside the confines of email, meaning I can send very large files up to 15GB in size, and I can send as many files at a time. Maybe I need to send 50 files, or a hundred files. I can do that because what I'm ultimately making is a share that is going to be then going to be given access to whoever I decide within this screen right here. And so as I click on share, the information is now gonna be, uploaded to Secure Share, and now notifications have gone out to all parties that are on this recipients list, including me, of course, because I am the content creator. I also have the ability to look back on the files that I have sent, as well as revoke access if I need to, or edit anything that I might need to go back and do. For instance, maybe I needed to turn on a security setting that is not present here. The recipient experience is pretty darn similar to the email experience. The only difference is no email. So we're just talking about files. So we're notified who sent us the file, what the file is. I click on view files, and now I'm able to go and download or view set file. So if I hit view, it would just pop up. If I download, I have access to the file, and I can work on it as needed. One other very important feature that Secure Share allows us to do, which is a workflow we didn't really have with the email other than having being able to send an encrypted email to and from, is the ability to request sensitive information. And there are several workflows within the confines of your, you know, particular workspaces that are going to require you to ask for information or or gain information in a secure manner. So if you click on any one of these options, the idea is you can send out a request right here. You can, let's say you're using chat or text to communicate with whoever you're talking to. You can click on the copy link here. And the idea is once we go through and provide that link to the person that we are communicating with, they're going to be given a screen that looks just like that. Very simple. They know exactly what they need to do. Add the files, hit next, bang. Very easy to go ahead and do what I've been asked to do. Perhaps I'm sending them this direct deposit authorization form. Idea being once that information is uploaded and everything's good, I move through. These security options can be removed if all you're wanting to do is request information without that person being able to select any of them. That's fine. And of course, nothing to do here because it is a request. The information has been asked for. I don't need to know where it's going other than to approve that I know who this person is. And then I hit share. And that's pretty much it. Any questions before I stop sharing my screen? I know I went through it kind of quick, but I wanted to be sure to leave any time for any sort of questions or anything like that. Alright. Well, with that, Jay, I will go ahead and stop sharing and turn it back over to you.

[JAY] Wonderful. Thank you, Tony.

[TONY] Of course.

[JAY] And I'm gonna reshare my screen And, yeah, hopefully, we'll have some questions at the end, but no requirement to do so. So what I plan to do now is just, you know, just, you know, thank you for that. Hopefully, you've seen that these are some extraordinarily simple tools to use. Give you some insights here now into, you know, what we're hearing from our customers. And, also, before I do that, just kinda give you some insights into where we're typically seeing it, how these tools get leveraged on a regular basis. I'm sure some of you on the call thought about places where you can see some, you know, practical applications, maybe giving you some even kind of beyond outside the box, if you will. But some of the no-brainers are things like, you know, new student registration forms, the nurses, needing a way to communicate to request that doctor's note to clear students' absence, for example. Farms enrollments, guidance counselors, special education teachers needing to communicate, giving you some insights into how some of these folks work. They'll operate both with the email encryption tools, but then also that Secure Share tool is coming into view quite a bit here with regards to being able to place your link out there on a web page on your district website, and just, essentially direct folks to visit the nurses' web page, with their back to school packet. Let your parents know. Click on nurses' link anytime a student's gonna be late for, due to a dentist appointment or a doctor's appointment, for example. Or have your athletic director have them do something similar with their, with their coaches. You know, hang a link out there where those completed sports physicals can be uploaded because my wife also is, not just a teacher, but a coach. That was one of the most maddening things for her was trying to get all those under on roof at the same time to be able to hand them into her athletic director. So consolidating, leveraging these tools, not only for security and compliance, but also just for, you know, best practices and making your lives easier. Now speaking of making our lives easier, or your lives easier, hopefully, you know, with NERIC, we have a very tight relationship with, NARIC as well as CDW. I looked before jumping on the call here today. We have over 20 Virtru customers, within NERIC's area of coverage. I don't know an exact count, but I do know that it's north of 20. I think it's probably closer to 30 by now, maybe even growing from there. And, I've had the pleasure of engaging with many of your member districts and working with folks way up north, all all throughout the region there. Just wanted to point out that, due to our common working relationship, procurement is a snap. Now we're not quite to procurement yet for some of you, I'm sure. But, when the time comes and you're interested in moving forward with Virtru, should you be, we can make that easy because of how we understand each other's business processes. That said, let me jump into a few testimonials from our customers where they're discussing how here's a district downstate a bit in the Hudson region, this is back in Peel District, protecting and handling PII, to be compliant, enabling secure communications between school administrators, teachers, parents, students, and other authorized institutions, and retaining control of their data and preventing data sharing risks with a solution that is easy for everyone to use. We've also got some, gonna kinda give you some insights into, from one of my other districts working with Virtru. Because of the range of people who need to encrypt PII and share via email, the biggest factor is ease of use, especially for those who don't have a technical background. Making it as easy as possible to use a new solution ensures a higher rate of adoption. All you have to do with Virtru is toggle it on, then you don't have to worry. Virtru even takes it a step further to help our district stay secure with automated alerts to prompt you to encrypt before your email is sent. It can detect PII, passwords, or other sensitive information and serve as that important line of defense to remind you to encrypt. We believe in protecting our students and staff, and data security is part of that duty. We wanna do everything we can to uphold privacy and trust, and now we have a solution to support that mission. Those were words from a Director of IT at cohost. So and then one other, that we have here in this deck here is from Newfield. We understand that tools can be challenging, but, making sure that an affordable yet powerful encryption solution, putting it in the hands of those districts needing it is part and parcel to our mission here at Virtru. And so this was a nice quote from, Sunshine Miller, a Newfield Central School District, pointing out our willingness to maximize a student's school district's budget, to help them achieve their objectives. So, yeah. To kinda wrap things up here, we really appreciate you all for participating with us here today and learning more about Virtru. And, if you are interested in learning more about Virtru, we'd ask that you, please get in touch with your NERC representative, who will get you in touch with a member of our team. I'm gonna go ahead and stop sharing, and we can perhaps open it up for questions.

[ALEXIS] Yeah, Jay. In case anyone wants to add any, they still can. We'll get to it, but we did receive two here. So I'm gonna open this up to you or Tony, but it's, how do school districts usually roll out new implementations across different departments?

[JAY] Oh, that's a great question, Alexis, and, thank you, to whomever asked that question. In my experience, school districts will often come to me, with business units in mind, who they see, frequently, you know, sharing this sensitive information. That can be something as common as like the business office, the health staff, finance, payroll, special education. And so many districts will start there, although I have seen an uptick in, districts who are considering, who are considering an analogy here, you know, getting a life preserver for everyone on the boat, because I have had organizations come to me telling me that they're doing after internal audit they are kinda surprised to see just how much sensitive data is being shared by folks they weren't expecting it to be shared with. So we see it in lots of different forms, but those are typically the areas where we see, initial interest. And then some during our discussions, I work with them to define the scope here and encourage them to think beyond just their initial use cases, or departments needing Virtru. But, I hope that helps answer the question.

[TONY] Yeah and just to add onto that, Jay, it really comes down to, as you said, kind of a use case. Right? And so see a need, fill a need. In terms of, finding a more secure, you know, easy way to to kinda work it into a workflow. So, you know, the name of the game with security is ease of use. If you're not using something that is simple to use, you're not gonna use it. And then that's plain and simple.

[JAY] Very good, Tony.

[ALEXIS] Awesome. Thank you both. We do have one more question.How can districts effectively train staff on new security procedures without overwhelming them?

[JAY] I can take that, Tony, or you can.

[TONY] Sure. Yeah. Go ahead.

[JAY] Okay. Cool. Well, yeah, our tools are extraordinarily easy to use, but we know that they're new. And so that said, there is some change management involved. And so the approach that we've seen works best is just getting folks aligned, possibly at the turn of a fiscal year or ahead of a break. Get it implemented in such a way that those who are going to be using it most often, are introduced initially so that they can feel confident in sharing with those around them that are gonna be comfortable emulating what they've been shown. I'll also point something out that doesn't jump off the page during our discussion, typically. We have a customer success team that has onboarded hundreds of school districts, throughout the country, and they get assigned to work with new customers, like many of you may be considering. And, they're very adept at showing you how the controls work, delivering best practices for how other districts with similar challenges have implemented them and deployed them. With Virtru, you're just never alone. And so, you know, always suggest that, any sort of security tool, whether it be encryption tools or anything that you're gonna be offering, just go into it with a partner who is committed to your success and seeing a seamless smooth onboarding and ongoing support and training. So that's how we see things.

[TONY] Mhmm. Yeah. And just to kinda add to that, I would say it really is a change management problem. Right? And so the idea is getting in there and making sure that there's clear cut, milestones and making sure that the information is being presented as a this is part of an existing workflow or we've got a new workflow that's gonna simplify things, you know, and taking it, you know, small bites, is kinda what I've seen be very successful. And as Jay said, our deployment team is gonna be there right with you. Customer success is gonna be holding your hand the whole way.

[ALEXIS] Right. Yep. And I'll just add as well, you know, we partner really closely with CDW and NERIC. So the the reps that you're working with are well versed in our product. We're well connected with them, and we'll be getting back to you in a really timely manner as well with any issues. It's one of the things we take pride in in our partnerships as well, the NERIC and CDW do as well. Cool. Well, that brings us to the end of the session here. I do wanna add, if you have any questions that weren't addressed in the session, feel free to reach out to our team. But if you'd like to learn more or schedule a demo as Jay called out, please reach out to your NERIC rep, and they will set up a call with our team. And it'll be Jay here who will give you a little bit more tailored information to what your specific use cases are there. But, again, I appreciate the time today. Tony and Jay, thank you for joining, and thank you to NERIC and CDW for the partnership on this webinar. And, please reach out if you have any questions. Have a great rest of your day.