Sending and Sharing Securely

Overview

Often we need to send files, documents and other information to colleagues at Stanford and elsewhere. To make sure that files containing High, Moderate, or Low Risk Information make it to their destination securely, Stanford provides you with a way to send secure email (for text or small files), and a way to send large files of sensitive information (for files up to 20GB).

(If you've been using a cloud-based service like Gmail, GoogleDocs or DropBox to send files, please see our page on Cloud Computing for tips on what services are secure and approved, and what services aren't.)


Stanford Secure Email

You may not have realized it, but Stanford's own email service has a secure function built right in. If you have a Stanford email address, you can send secure emails just by adding something to your subject line, within your regular email program.

The short instructions:

  1. Make sure that your email program is properly configured (if you're using Office 365 Webmail, it's already set up to work with Secure Email).
  2. Start composing an email; to make it secure, just include Secure: anywhere in the subject line. (You don't even need to remove the Re: if it's a reply.)
  3. If your recipient is not a Stanford employee, they'll have to create a login to "pick up" their secure message.

The long instructions: To find out all about the service, visit the official website at secureemail.stanford.edu.


MedSecureSend (MSS)

Sending a file of up to 20G is easy with MedSecureSend; you just create a temporary login to the system, and you can send files securely to your collaborators anywhere in the world, Stanford affiliates or not. The MSS interface is like a webmail program, so it's easy to use. Visit our MSS tutorial to get started.

NOTE: All MSS accounts are temporary, and sending privileges expire after 30 days of inactivity. If your account is not behaving as expected, just create a new one (you can even use your existing login name).


Email By Smartphone: Mobile Device Management (MDM)

IRT provides Mobile Device Management (MDM) to users of smartphones and other internet-ready mobile devices. MDM configures your phone or tablet with the proper security settings, so that if your device is approved, you can use Stanford email and VPN settings.

Currently MDM is only available for Apple devices and some Android devices, so the University outlines which devices are approved for which levels of sensitive information, and how best to secure your device. Visit the UIT page on MDM for more info.


Stanford Medicine Box

Stanford Medicine has collaborated with Box.com to provide enterprise document management and collaboration in an environment that meets Stanford security requirements. Box is an easy-to-use platform that you can log into with your Stanford credentials. (It is NOT approved for High Risk information.) Box supports creation, management, and collaboration for documents that have been written in common desktop tools (like Microsoft Word and Excel).

 

If you have a SUnet ID, you can log in now to set up your account. Visit the SoM page on Stanford Medicine Box for more.


Cloud Computing

Stanford also has agreements with other cloud service providers. Because of various security policies and regulations, regular instances of Gmail, Google Docs, DropBox, and other services aren't approved for High Risk information. The School of Medicine is currently working on a secure instance of the Google Cloud Platform, to serve the broader cloud computing needs of the SoM community. For the moment, we outline for you which services are approved for which levels of sensitive information.

To see a more complete list of existing cloud services, and which ones are approved for which Stanford uses, visit our page on Cloud Computing.

To keep up with our progress with the Google Cloud Platform, visit our page on Cloud Infrastructure.


External Drives

 

If you need to transport or store sensitive data on a physical medium, such as a USB drive or external hard drive, Stanford security regulations require that drive to be encrypted. There are commercial options we recommend, such as the Apricorn Aegis Padlock and the Apricorn Secure Key. (IRT Security is looking for options to provide School of Medicine affiliates with the drives free of charge.)

It is also possible to encrypt a drive yourself, using your operating system's native encryption software. (Note: Some methods require erasing the drive, so make sure to back up any necessary information beforehand. Also, it's possible there may be problems with compatibility, if you attempt to use the encrypted drive on an older computer.)

Mac OS 10.8 and later:

  1. Connect the drive to your computer.
     
  2. Right-click (or option-click) on the drive's icon, either in the finder window or on your desktop, and select the "Encrypt" option.
     
  3. A dialog box will pop up, and ask you to choose a password and provide a hint. Remember: if you forget your password, you won't be able to access your drive, so choose one that's easy for you to remember, but difficult for others to guess. Once you've chosen a password and hint, click "Encrypt Drive."
     
  4. Once you've pressed "Encrypt Drive," there won't be a progress bar or other indication that the encryption process is happening—but it is, so take care not to eject the drive or let your computer sleep until the disk has been successfully encrypted.
      
  5. To check whether the drive's been encrypted, right-click (or option-click) the drive and select "Get Info" (or highlight the icon and press command-i) to bring up the information dialog box. If the disk is encrypted, the "Format" will read "Mac OS Extended (Journaled, Encrypted)."
     
  6. Now, when you eject the disk and re-insert it, it will ask you for a password.

Note: If you have Mac OS 10.7, or if you received an error requiring a "GUID Positioning Table (GPT) Partitioning Scheme," you need to encrypt using Disk Utility, which will erase the disk first (so if there's information that you need to keep, save it to your hard drive first):

With the disk still connected, open Disk Utility and select the appropriate external drive.

  • If you received an error requiring a "GPT partitioning scheme," select the Partitions tab, find the option for "GUID Partition Table"  and click "Apply."
     
  • If you have MacOS 10.7, select your drive in Disk Utility and select the "erase" tab
  • For "Format," select Mac OS Extended (Journaled, Encrypted)
  • Click "Erase" to proceed.
  • Choose a strong, easily-remembered password, and an appropriate hint, and click "Erase" again to begin the formatting process.
  • When the process is finished, you can eject the disk and re-insert it; each time you connect it, the disk will ask you for the password.

 

Sending and Sharing