Based in Washington, DC, the American Foreign Service Protective Association (AFSPA) is a 90-person firm that sponsors insurance plans for US Federal government employees working in foreign policy. Its 80,000 members work at US embassies, consulates, and military bases worldwide, as well as at home in the Washington, DC metropolitan area. AFSPA provides its members with a variety of insurance policies, including Foreign Service Benefit Plan (FSBP), a healthcare plan. FSBP staff provide support for insurance claims, acting as a liaison between insurance underwriters, in-country service providers, and members filing insurance claims abroad.
During daily operations providing healthcare-related services to their membership, AFSPA staff often handles sensitive Protected Health Information (PHI) and Personally Identifiable Information (PII). When communicating with members overseas, this information regularly needs to be sent electronically to facilitate expedient claims processing. AFSPA’s legacy email system provided a mechanism for encrypting sensitive data, but was designed around an outdated IMAP email service which was missing many of the productivity features of an enterprise messaging platform. It also suffered from constant outages that disrupted AFSPA’s operations on multiple occasions.
Members were forced to create portal accounts in order to retrieve encrypted messages and often struggled with this process. AFSPA’s staff also had a growing need to access email and calendars from their mobile devices, which presented security concerns around the lack of mobile device management provided by their system.
Additionally, having recently moved into a new office space with multiple meeting rooms and other shared resources, AFSPA management desired an automated method of scheduling these resources and providing visibility to all staff members.
A secondary objective was to enable AFSPA’s remote and mobile workforce to remain completely productive at all times, with access to the same systems as employees at corporate headquarters.
Having previously migrated all of AFSPA’s internal server infrastructure to the cloud successfully, Cloudforce was tasked with assessing the available messaging options to meet the growing organization’s requirements. After completing extensive market research around HIPAA-compliant messaging solutions, Microsoft’s Office 365 was selected as the ideal solution. In particular, its advanced security, enterprise features, mobile device management, and competitive pricing made it stand out from competitors.
The first step in the implementation process involved proper planning and preparation of both the legacy environment and the new Office 365 tenant. Taking into account a number of factors, such as source system limitations and downtime requirements, a migration method was chosen and a detailed migration plan was assembled. By completing a mock-migration with test accounts prior to the final cut-over, Cloudforce’s staff validated the migration plan. The final cut-over was scheduled and completed within one weekend, with the successful migration of over 1 million messages from the legacy system.
Post-migration activities included the configuration of message encryption technology, to ensure all messages containing sensitive information would be automatically screened and encrypyted. Mobile device management was enabled to ensure device compliance with the organization’s security policies. Shared resources were configured and integrated into the company’s internal intranet portal, to provide quick access to availability information for all staff. Active Directory synchronization was also enabled to provide single-sign-on to Office 365 resources from the local AFSPA domain.
Following the completed migration, AFSPA staff expressed their increased confidence and peace of mind that member data was being properly safeguarded. Members also reported fewer issues communicating securely with staff members. Management noted an increase in productivity, as a direct result of the enterprise features now available to them. Mobile device management policies were proven to work as designed, preventing unauthorized and insecure devices from accessing company resources.
Reflecting on the migration experience and the services provided by Cloudforce, Mrs. Yancy Meiller said, “We have gone from a system that some would say was very archaic to one that is, by far, more productive.” She added, “The e-mail transition from our old provider to our new Microsoft Office 365 Exchange was rather smooth. The support provided by the [Cloudforce] team has been phenomenal from day one. The new system has proven to be more secure, reliable, functional, user-friendly, and customer-centered than what we used to have.”