Sending Information Securely
Often we need to send files, documents and other information to colleagues at Stanford and elsewhere. To make sure that files containing High, Moderate, or Low Risk Information (previously Prohibited, Restricted or Confidential information) make it to their destination securely, Stanford provides you with a way to send secure email (for text or small files), and a way to send large files of sensitive information (for files up to 20GB).
(If you've been using a cloud-based service like Gmail, GoogleDocs or DropBox to send files, please see our page on Cloud Computing for tips on what services are secure and approved, and what services aren't.)
Stanford Secure Email
You may not have realized it, but Stanford's own email service has a secure function built right in. If you have a Stanford email address, you can send secure emails just by adding something to your subject line, within your regular email program.
The short instructions:
- Make sure that your email program is properly configured (if you're using Zimbra Webmail, it's already set up to work with Secure Email).
- Start composing an email; to make it secure, just include Secure: anywhere in the subject line. (You don't even need to remove the Re: if it's a reply.)
- If your recipient is not a Stanford employee, they'll have to create a login to "pick up" their secure message.
The long instructions: To find out all about the service, visit the official website at secureemail.stanford.edu.
Sending a file of up to 20G is easy with MedSecureSend; you just create a temporary login to the system, and you can send files securely to your collaborators anywhere in the world, Stanford affiliates or not. The MSS interface is like a webmail program, so it's easy to use. Visit our MSS tutorial to get started.
NOTE: All MSS accounts are temporary, and sending privileges expire after 30 days of inactivity. If your account is not behaving as expected, just create a new one (you can even use your existing login name).
Email by Smartphone: Mobile Device Management (MDM)
IRT provides Mobile Device Management (MDM) to users of smartphones and other internet-ready mobile devices. MDM configures your phone or tablet with the proper security settings, so that if your device is approved, you can use Stanford email and VPN settings.
Currently MDM is only available for Apple devices and some Android devices, so on our MDM page we outline which devices are approved for which levels of sensitive information, and how best to secure your device. Visit our page on MDM for more info.
Stanford Medicine Box
Stanford Medicine has collaborated with Box.com to provide enterprise document management and collaboration in an environment that meets Stanford security requirements. Box is an easy-to-use platform that you can log into with your Stanford credentials. (It is NOT approved for High Risk information.) Box supports creation, management, and collaboration for documents that have been written in common desktop tools (like Microsoft Word and Excel).
If you have an SUID, you can log in now to set up your account. Visit the page on Stanford Medicine Box for more info.
If you need to transport or store sensitive data on a physical medium, such as a USB drive or external hard drive, Stanford security regulations require that drive to be encrypted. There are commercial options we recommend, such as the Apricorn Aegis Padlock and the Apricorn Secure Key. (IRT Security is looking for options to provide School of Medicine affiliates with the drives free of charge.)
It is also possible to encrypt a drive yourself, using your operating system's native encryption software. (Note: Some methods require erasing the drive, so make sure to back up any necessary information beforehand. Also, it's possible there may be problems with compatibility, if you attempt to use the encrypted drive on an older computer.)