Educause Security Discussion mailing list archives
Re: Encrypting Data to Third Parties
From: Yonesy Nunez <Yonesy.Nunez () NEWSCHOOL EDU>
Date: Tue, 28 Jul 2009 12:22:09 -0400
Hello Patty, We use the Accellion product Filesender. The reality of using public key infrastructure is that not that many people actually use it (evidenced by the number of e-mails that come to this list, 1 out of 20 posters use PKI). Add to that the fact that some maybe using PGP, GPG, certificates and you have very difficult problem. Now, some answers to your specific questions based on the solution we use: 1. Accellion uses and SFTP like system (which in turn uses the OpenSSL suite of products) 2. The files are hosted at your site and are encrypted in transit (SSL/TLS) 3. SSL public key encryption (you need a Third Party certificate) 4. File is stored on your secured server and retrieved securely by the intended recipient (the recipient has to sign-up for the your local Filesender service) 5. For us, this was the best solution based on mitigating real risk to the sensitive documents we are transmitting. Overall, this product has been a hit at our University. I hope this helps. Don't hesitate to contact me directly if you'd like to discuss further. Best regards, Yonesy -- Yonesy F. Nuñez | THE NEW SCHOOL Director, Information Security 55 W 13th Street, Rm 705 New York, NY 10003 P| 212.229.5600 x4728 E| yonesy.nunez () newschool edu
"Patria, Patricia" <PPatria () BENTLEY EDU> 7/28/2009 11:44 AM >>>
In addition to the recent question about encrypting laptops, would anyone be willing to share their encryption standards for sending confidential data to third parties (i.e. excel spreadsheets and word docs to vendors, partners, etc.)? Specifically, we are trying to determine if we should use SFTP or an encryption program for encrypting sensitive attachments and/or e-mail. 1. Are you using SFTP? If so, do you house the SFTP site internally or is it hosted? 2. If you do not use SFTP, which file encryption tool are you using? Is it centralized or do you require departments to purchase it on their own? 3. Are you using Public Key Encryption? 4. Does the tool encrypt the e-mail, the attachment or both? 5. Any other advise you can offer. Thank you in advance for any information you can provide. Patty Patty Patria Chief Security Administrator | Bentley University 175 Forest Street, Waltham, MA 02452 |781.891.2364
Current thread:
- Encrypting Data to Third Parties Patria, Patricia (Jul 28)
- <Possible follow-ups>
- Re: Encrypting Data to Third Parties Hart, Lee Anne (Jul 28)
- Re: Encrypting Data to Third Parties Yonesy Nunez (Jul 28)
- Re: Encrypting Data to Third Parties James Cooley (Jul 28)
- Re: Encrypting Data to Third Parties Sean Maher (Jul 28)