2018 Internet2 Global Summit

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Secure Box

Time 05/09/18 03:00PM-04:00PM

Room Pacific 16-17

Session Abstract

Our users want their data everywhere they are, but "everywhere" is a pretty scary place for restricted data like PHI. But if we don't offer a solution, our users will create their own, which is even scarier! So what do we do? Put our data in the cloud, and watch that cloud!

UCSF is UC's only campus working exclusively on health science, and 40% of our workforce is employed by the Medical Center. With clinicians, educators and researchers all over the globe "advancing health worldwide," we need to provide access to data everywhere our users are. Cloud services provide the features and scale that we need at a price we can (usually) afford, but the cloud is...cloudy on security. All that easy access means more ways for people to make poor decisions.

Assuming we would have to use two Box instances to secure our restricted data, UCSF sent out an RFP in Spring 2015. We asked for proposals which would leverage our existing data loss prevention (DLP) solution, already used to report on and secure restricted data at UCSF. Two vendors reached the proof of concept stage, and only CipherCloud passed all critical use cases and earned a rating of excellent. Critically, CipherCloud was the only solution providing persistent file-level encryption with central key management. This means the file stays encrypted even if a user shares it with someone via other methods (like email or removable storage). The file cannot be accessed/decrypted without authorized UCSF credentials (via Box SSO) and the CipherCloud decryption agent that is supplied with their offering. This extends to the mobile client too. Encryption is built-in, and the key management comes with the CipherCloud product. Because of these features, we were able to implement CipherCloud on top of our existing UCSF Box instance, which minimized user confusion, and greatly increased user adoption.

We presented this session at the 2017 UC Computing Services Conference at UCSD, and the project won a Larry L. Sautter Silver Award for Innovation in Information Technology for 2017.


Speaker Erik Wieland University of California - San Francisco

Presentation Media

media item thumbnail Secure Box

Speaker Erik Wieland University of California - San Francisco

Primary track Trust, Identity, and Security

platinum Sponsors

gold Sponsors

bronze Sponsors