Re: Encrypting Data to Third Parties

[Sean Maher <seanm () UAB EDU>]

Speaking from a capability standpoint and not a policy or standards standpoint. PGP WDE does give you the option of 
encrypted ZIP files if the recipient has PGP as well, or self-decrypting zip files can be created on the windows 
version which doesn't require the recipient to have PGP.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Patria, 
Patricia
Sent: Tuesday, July 28, 2009 10:45 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Encrypting Data to Third Parties

In addition to the recent question about encrypting laptops, would anyone be willing to share their encryption 
standards for sending confidential data to third parties (i.e. excel spreadsheets and word docs to vendors, partners, 
etc.)? Specifically, we are trying to determine if we should use SFTP or an encryption program for encrypting sensitive 
attachments and/or e-mail.


1.       Are you using SFTP? If so, do you house the SFTP site internally or is it hosted?

2.       If you do not use SFTP, which file encryption tool are you using? Is it centralized or do you require 
departments to purchase it on their own?

3.       Are you using Public Key Encryption?

4.       Does the tool encrypt the e-mail, the attachment or both?

5.       Any other advise you can offer.

Thank you in advance for any information you can provide.

Patty

Patty Patria
Chief Security Administrator | Bentley University
175 Forest Street, Waltham, MA 02452 |781.891.2364