Educause Security Discussion mailing list archives

Re: Encrypted email

From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Thu, 20 Mar 2008 11:08:55 -0400

Heather Flanagan wrote:

For all of you out there handling HIPAA-protected email and other
restricted information -

Do you use an email encryption service or application?  Stanford
University uses Voltage (http://www.voltage.com), and we're starting a
process to review the service overall to determine if this is still the
right solution for us today.  What's worked (or not worked) for you?


This might be a little simplistic for your environment, but we've had a
lot of luck with Thunderbird and Enigmail; it's simple, Free,
cross-platform, and most outside agencies that we need to encrypt
communications with can provide a public key.

A word of advice, though -- make sure that you escrow the keys and
passphrases of the end users. Never underestimate their ability to
forget a passphrase and render an email account's contents unreadable.

--Matt

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg

Current thread:

Encrypted email Heather Flanagan (Mar 18)
- <Possible follow-ups>
- Re: Encrypted email Mike Wiseman (Mar 18)
- Re: Encrypted email Jesse Thompson (Mar 19)
- Re: Encrypted email Jesse Thompson (Mar 19)
- Re: Encrypted email Mike Wiseman (Mar 19)
- Re: Encrypted email Heather Flanagan (Mar 19)
- Re: Encrypted email Matthew Gracie (Mar 20)
- Re: Encrypted email Jesse Thompson (Mar 21)
- Re: Encrypted email Jesse Thompson (Mar 21)