Sending and Sharing Securely
Often we need to send files, documents and other information to colleagues at Stanford and elsewhere. To make sure that files containing High, Moderate, or Low Risk Information make it to their destination securely, Stanford provides you with a way to send secure email (for text or small files), and a way to send large files of sensitive information (for files up to 20GB).
(If you've been using a cloud-based service like Gmail, GoogleDocs or DropBox to send files, please see our page on Cloud Computing for tips on what services are secure and approved, and what services aren't.)
Stanford Secure Email
You may not have realized it, but Stanford's own email service has a secure function built right in. If you have a Stanford email address, you can send secure emails just by adding something to your subject line, within your regular email program.
The short instructions:
- Make sure that your email program is properly configured (if you're using Office 365 Webmail, it's already set up to work with Secure Email).
- Start composing an email; to make it secure, just include Secure: anywhere in the subject line. (You don't even need to remove the Re: if it's a reply.)
- If your recipient is not a Stanford employee, they'll have to create a login to "pick up" their secure message.
The long instructions: To find out all about the service, visit the official website at secureemail.stanford.edu.
Sending a file of up to 20G is easy with MedSecureSend; you just create a temporary login to the system, and you can send files securely to your collaborators anywhere in the world, Stanford affiliates or not. The MSS interface is like a webmail program, so it's easy to use. Visit our MSS tutorial to get started.
NOTE: All MSS accounts are temporary, and sending privileges expire after 30 days of inactivity. If your account is not behaving as expected, just create a new one (you can even use your existing login name).
Email By Smartphone: Mobile Device Management (MDM)
IRT provides Mobile Device Management (MDM) to users of smartphones and other internet-ready mobile devices. MDM configures your phone or tablet with the proper security settings, so that if your device is approved, you can use Stanford email and VPN settings.
Currently MDM is only available for Apple devices and some Android devices, so the University outlines which devices are approved for which levels of sensitive information, and how best to secure your device. Visit the UIT page on MDM for more info.
Stanford Medicine Box
Stanford Medicine has collaborated with Box.com to provide enterprise document management and collaboration in an environment that meets Stanford security requirements. Box is an easy-to-use platform that you can log into with your Stanford credentials. (It is NOT approved for High Risk information.) Box supports creation, management, and collaboration for documents that have been written in common desktop tools (like Microsoft Word and Excel).
If you have a SUnet ID, you can log in now to set up your account. Visit the SoM page on Stanford Medicine Box for more.
Stanford also has agreements with other cloud service providers. Because of various security policies and regulations, regular instances of Gmail, Google Docs, DropBox, and other services aren't approved for High Risk information. The School of Medicine is currently working on a secure instance of the Google Cloud Platform, to serve the broader cloud computing needs of the SoM community. For the moment, we outline for you which services are approved for which levels of sensitive information.
To see a more complete list of existing cloud services, and which ones are approved for which Stanford uses, visit our page on Cloud Computing.
To keep up with our progress with the Google Cloud Platform, visit our page on Cloud Infrastructure.
If you need to transport or store sensitive data on a physical medium, such as a USB drive or external hard drive, Stanford security regulations require that drive to be encrypted. There are commercial options we recommend, such as the Apricorn Aegis Padlock and the Apricorn Secure Key. (IRT Security is looking for options to provide School of Medicine affiliates with the drives free of charge.)
It is also possible to encrypt a drive yourself, using your operating system's native encryption software. (Note: Some methods require erasing the drive, so make sure to back up any necessary information beforehand. Also, it's possible there may be problems with compatibility, if you attempt to use the encrypted drive on an older computer.)