How Child Protection Services is maintaining data security and privacy with SecuMailer
The Dutch Child Protection Services (“Raad voor de Kinderbescherming”), shortened to RvdK, is tasked with investigating and advising on children from the age of twelve who have committed criminal acts. They are there to protect children who grow up under difficult circumstances. Additionally it advises on matters of adoption, foster care and complicated divorces, involving minors. A highly complicated field of work from a legal, moral, social and ethical perspective. Communicating securely in these circumstances is an absolute necessity. The RvdK is part of the Ministry of Justice and Security. SecuMailer won the bid for secure email for the entire ministry and started with the challenges of the RvdK first as it had the most pressing need for a secure email solution.
NTA 7516
The Netherlands has a specific standard for delivering privileged and medical information via email. This the NTA 7516 standard, of which SecuMailer is one of the founding members. SecuMailer wrote the first version of this standard, after which it was adopted by the Dutch government and turned over to a committee to make it into a broad national standard.
The NTA 7516 standard has a set of functional and technical requirements which are verified via an independent audit process. SecuMailer complies with all requirements and has been audited by three different audit parties as it was part of the initial launching group for this standard. All certified audit parties got a chance to practice with SecuMailer as it was the gold standard for implementation.
The business problem
The team at the RvdK deals with many other government organizations, municipalities, healthcare providers and of course parents and caretakers involved with the children. It is a complicated web of stakeholders and it requires a secure email solution with the lowest possible impact om its users, especially parents and carers. The RvdK is part of the Ministry of Justice and Security and needs to be compliant with departmental security requirements. One of these requirements is that all outgoing email needs to be processed by the outgoing email proxy infrastructure. Furthermore emails need to be labelled so additional security policies can be applied if necessary.
Fortunately SecuMailer is able to bridge this gap, as the only supplier in The Netherlands to be able to do so. SecuMailer’s unique technology allows it to deliver secure emails straight into the inbox of a recipient whilst maintaining the highest levels of data security and data privacy. This is not a vapid claim, recently SecuMailer became a qualified EU Trust Service Provider, only the fifth of its kind to do so in the European Union. Next to that the platform is certified for GDPR, NTA 7516, ISO 27001 and NEN 7510.
The proposed solution
RvdK uses on premise Exchange email servers for its email handling which are subsequently connected to the outgoing email proxy infrastructure based on Cisco ESA. In consultation with the RvdK IT department (JIO) SecuMailer set up an architecture consisting of the following elements: a data labelling solution based on Exchange mail flow rules, a Cisco ESA configuration which kept internal / interdepartmental emails excluded from processing by SecuMailer and a set of DANE/DNSSEC protected SMTP mail relays to receive traffic from JIO. The data labelling solution allows RvdK to upgrade email security by applying the NTA 7516 ruleset when the data classification deems it necessary. This frees RvdK employees from having to consider the data security policy everytime they’re sending an email, this is done automatically for them in the background.
The SMTP endpoints run on AWS EC2 servers. Ensuring the data security of the EC2 virtual servers is paramount as they are the only long running components in an otherwise fully serverless architecture and they are therefore the most vulnerable part of the SaaS architecture. Until recently SecuMailer used a suite of native Linux tools to establish a proper data security baseline for the EC2 instances but it has recently adopted AWS GuardDuty for EC2 and AWS Inspector for EC2 to enhance its security posture on EC2. Combined with the single pane of glass that AWS SecurityHub offers it has greatly improved EC2 data security and the visibility of the EC2 platform data security status.
The next step is having the SaaS platform proper process the generated emails. All email is processed by the AWS Lambda serverless platform. This offers unparalleled data security and data privacy advantages that are key components for the health organization. Because there are no permanent physical or virtual servers there is no data residue when processing emails. There are no traces left behind due to the fact that the containers that are used for Lambda processing are deleted after running. There would be no risk of an additional data leak with this technology.
SecuMailer uses AWS DynamoDB for storing meta data, combined with KMS encryption for data at rest. To safeguard integrity and availability of the data the platform uses DynamoDB Global Tables and Point-In-Time-Recovery (PITR).
During processing of the emails temporary data storage is based on AWS S3 with KMS encryption for data at rest, meeting all requirements from the health organization with regards to data security.
Before emails are delivered the SaaS platform will investigate the recipient mail server(s) and determine whether it is secure enough to deliver the email. SecuMailer has developed its own SmartTLS engine to query the recipient mail server, verify its TLS version and its configured cipher suite. It will check for self-signed certificates, expired certificates or missing root and intermediate certificate authorities. The SaaS platform does the scanning via a serverless Lambda, using a VPC that is connected to the internet via a NAT Gateway for maximum security. Queries can only be initiated within the Lambda internal network, no outside connections can go in during this process.
Due to departmental policy, SecuMailer is not allowed to feedback email delivery events via its webhook architecture to RvdK. The SOC of RvdK is retrieving email delivery events for its SEAM via the SecuMailer events REST API.
Shared Responsibility Model
As AWS states it, security of the cloud is the responsibility of AWS and security in the cloud is responsibility of the service provider, aka SecuMailer. Within the technical architecture AWS provides a secure Lambda platform with excellent data security and data privacy capabilities, These are further enhanced by extensive monitoring and tracing capabilities like GuardDuty for Lambda, AWS X-Ray and AWS CloudTrail. With these capabilities SecuMailer, and thereby the ANWB, can be assured that there are no data integrity issues whilst processing the secure emails. This assurance can be reported upon so there is tangible evidence that the SaaS platform running on AWS maintains integrity throughout the data processing cycle.
Result
The end result is that the RvdK is fully compliant with GDPR and NTA 7516. The architecture complies with all departmental requirements and policies. The integration with the Cisco ESA outgoing proxy is stable and secure. Employees of RvdK don’t notice the solution and can work without interruption. Recipients within the RvdK ecosystem are not taxed and parents and carers can receive secure communications without any issues. On the launch day the RvdK helpdesk only received three calls with regards to the solution, none of which were incidents but inquiries. The weeks after the helpdesk did not experience any additional calls.
Implementation
Onboarding with SecuMailer is done by the following steps:
- Buy your solution on AWS Marketplace
- Follow your implementation instructions ( 30 minutes- 2 hours work)
- Get personal workshop to integrate alle privacy measures also in your organization policy
- Start sending out all your emails secure and fully compliant with GDPR and eIDAS
Background information SecuMailer:
SecuMailer is a private company. We provide our customers with a SaaS solution to send confidential information by secure email.
SecuMailer was started in 2017 by Yvonne Hoogendoorn CIPP/e and Meint Post CISSP / ISSAP
SecuMailer is fully compliant with the GDPR and certified for eIDAS , ISO 27001:2002, NTA 7516 and has the ECSO-label ( European Cyber Security Organization).
SecuMailer is available on the AWS Marketplace.
SecuMailer is one of the founders of the Dutch regulation NTA7516 for secure email with personal medical information. This regulation combines elements of the GDPR, The eIDAS and the Dutch medical laws