Re: Sharing PII information with 3rd parties (encryption)

[Garrett Lanzy <Garrett.Lanzy () SO MNSCU EDU>]

MnSCU is using the MOVEit DMZ solution from Ipswitch, which has the same functionality as Dave describes for Bizcom 
Delivery Server.  The solution is available to any employee within our system, and can be used to perform secure 
"ad-hoc" communication with third parties.  Since each of our (30+)  institutions maintain their own e-mail system, any 
solution which ties directly to e-mail would not be feasible/scalable for us.

We're currently using it as a hosted (SaaS) solution, as that allowed for quicker deployment than we would have been 
able to do otherwise.  We are planning to bring it "in house" next year (which will provide some advantages due to 
automatically creating accounts for all employees, which is not cost-effective for us using the hosted solution).

- grl

Garrett Lanzy, Information Security Specialist
Minnesota State Colleges and Universities
30 E 7th St, Ste 350
St. Paul, MN 55101
651-201-1591
garrett.lanzy () so mnscu edu


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Curry
Sent: Tuesday, November 22, 2011 8:37 AM
To: The EDUCAUSE Security Constituent Group Listserv; Garrett Lanzy
Subject: Re: [SECURITY] Sharing PII information with 3rd parties (encryption)

We use Biscom Delivery Server to send confidential information both between different offices of the university as well 
as between the university and third parties.

It's one of those systems where you sign in and use a webmail-like interface to create a message to the recipient(s) 
and upload the files you want to send; it then sends an email to the recipient with a link that he or she can use to 
log in and download the files. It's got auditing and encryption and linkage to Active Directory and all those good 
things.

--Dave



--

DAVID A. CURRY, CISSP * DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL * 55 W. 13TH STREET * NEW YORK, NY 10011

+1 212 229-5300 x4728 * david.curry () newschool edu<mailto:david.curry () newschool edu>


On Tue, Nov 22, 2011 at 09:10, Moyer, Janice <jmoyer3 () mccneb edu<mailto:jmoyer3 () mccneb edu>> wrote:
I am looking to understand what applications/methods are being used by your organization to share Personally 
Identifiable Information (PII) with third parties? Secure email,  document management, secure ftp, etc?

Thank you,

Janice Moyer, CISSP, Sec+, CISM
Network Security Engineer
Information Technology Services
Metropolitan Community College
Desk 402-457-2925<tel:402-457-2925>
Cell 402-429-0979<tel:402-429-0979>
Email jmoyer3 () mccneb edu<mailto:cmpee () mccneb edu>
Do what it is that you do just a little bit better everyday in every way!