Secure Transit & Storage HOW TO SECURE LY STORE & SEND CONFIDENTIAL DATA by The UTHSC Inf ormation Security Team
Dec 15, 2015
Secure Transit & Storage
HOW TO SECURELY STORE & SEND CONFIDENTIAL
DATA by
The UTHSC Information Security Team
Current Challenges
Certain data files require large amounts of storage
Having multiple copies and secure backups in the event data or file is lost or corrupted
Securing files and data but also making those files easily accessible
Share and send confidential data securely
Confidential Data & InformationUnique Identifiers
ExamplesName & Email AddressesAddress and Phone/Fax NumberSSNsIdentifying PhotographyAccount, certificate, and license numbersVehicle identifiers and serial numbers, including license plate numbersDevice identifiers and serial numbersURLs and IP Addresses
Applies to ALL applicable Federal, State, Local laws and regulations related to safeguarding confidential data and information.
What To Do
Protect confidential data or information. Recognizing the unique identifiers. Refrain from texting confidential data/information.
Use trusted and authorized email systems to send and receive confidential data and information. There are a number of email systems you do not want to use including Gmail, Yahoo, AOL, and other unauthorized email systems.
Keep confidential data contained. Try to refrain from forwarding emails.
What’s the Potential Harm?
Breaches of data security can result in
Damage to reputation
Disruption of operations
Legal liability under new and amended laws, regulations, and guidelines, as well as under contracts
Financial costs
SOLUTIONS!
Storage
Hard Drive & Device Storage
Computer (Desktop workstations)
Laptop
iPad
Tablet
iPhone
Android
Cloud Storage (or Virtual Storage)
Xythos
Office365
Transit
Shared Drive or Secure File Sharing
Xythos
Office365 SharePoint
Office365 Exchange
NcryptedCloud
Encrypted USB
Encrypted Email
Secure Email
XythosStorage & Secure File Sharing
Xythos is content management software that allows you to place files in a central location so they can be accessed via the internet. You can upload, access, and share files from anywhere with any computer that is connected to the internet. With a Xythos account you can share your files and folders with anyone at UTHSC or outside of the college.
Xythos offers:
An alternative secure way of sharing files without the use of e-mail attachments
Ease of access from anywhere
A browser-based, OS-Independent web interface
Flexible, user defined shares to anyone on and off campus
Secure file transfers https://academic.uthsc.edu/edtech/xythos/
SharePoint Online (O365)Storage & Secure File Sharing
Cloud-based collaboration; all the functionality of our existing SharePoint server plus more
Retirement of the on-premise SharePoint server will be considered after the Office 365 Education implementation. All existing SharePoint data will be retained.
Rollout: Fall 2015
http://www.uthsc.edu/its/pmo/projects/index.php
Encrypted Cloud
EnCrypted Cloud is an encryption and sharing mechanism.
Protect and share your files in seconds from your existing cloud provider on any device.
Track & control access to your files even after you’ve hit Send.
Connect with current cloud drives like Dropbox, GoogleDrive, OneDrive, and Box.
Contact the UTHSC Information Security Team if you or your department is interested in trying Encrypted Cloud.
https://www.encryptedcloud.com/
Exchange (O365)
Migration to cloud-based email server (no changes to Outlook); increase in quota from 1GB to 25GB
Encrypted Email
Rollout: Fall 2015
http://www.uthsc.edu/its/pmo/projects/index.php
UT Courier Secure Email (UT Vault)
Transmit confidential data and information with UT and non-UT personnelUT Users
Max file size: 1.5GBCumulative Storage: 10GBNumber of messages allowed to be sent: 50/hrNumber of messages a single address can receive: 50/hr
Non-UT UsersMax file size: 1.5GBCumulative Storage: 3GBNumber of messages allowed to be sent: 3/hrNumber of messages a single address can receive: 2/hr
https://vault.utk.edu/http://help.utk.edu/kb/index2.php?searchfor=UT+Vault&func=search
Computer and Laptops
Full Disk Encryption (FDE)
Trend Micro
Minimizes impact in case of data theft and accidental data loss along with information security violations, reputation damage, and revenue loss.
In the event a device is lost or stolen, full disk encryption ensures your data is unreadable.
Rollout: Fall 2015
http://www.uthsc.edu/its/pmo/projects/index.php
iPads and Tablets
Passcode
Download and Install all Office365 Apps from Microsoft, Inc. using your UTHSC credentials (Rollout: 2015-2016 Fiscal Year)
Tablets (android devices)
Native Encryption within settings
iPhones & Androids
Passcode
Download and Install all Office365 Apps from Microsoft, Inc. using your UTHSC credentials (Fall 2015)
Tablets (android devices)
Native Encryption within settings
Encrypted USB
Encrypted and Authorized USB or Jumpdrives are suitable for transit of confidential data and information
Individuals MUST take necessary precautions in safekeeping the USB
Summary
Learn to recognize unique identifiers.
NEVER text confidential data or information.
Use ONLY secure and authorized systems to store and transfer confidential data and information.
THINK before you send or store. If you are in doubt, contact Information Security.
UTHSC Information Security Team
L. Kevin Watson
(901) 448-7010
Frank Davison
(901) 448-1260
Jessica McMorris
(901) 448-1579
Ammar Ammar
(901) 448-2163
• Information Security Email: [email protected]
• Website: security.uthsc.edu
• To report phishing and spam email forward it to [email protected]