How do I secure my own environment?

Owned by Former user (Deleted)
Last updated: Jun 09, 2023 by Former user (Deleted)
2 min read

Beware of this pitfall

A common misconception is that it is inherently secure to send data from your workstation to another system simply because your system has full disk encryption enabled. In truth, when a file is sent in this scenario the file is unencrypted prior to being sent. This means that the unencrpyted file is being transmitted and arrives unencrpyted at the recipients end. Even in the case that you use an encrypted channel such as https, this only ensures that the transmission of the file is encrypted. The end result is the same and the file that is received will be the unencrypted version of the file you sent. To ensure that the data you are sending arrives as an encrypted file, you must encrypt that file using file-level encryption prior to sending it.

We want your feedback

Please email securemyresearch@iu.edu to report errors/omissions and send critiques, suggestions for improvements, new use cases/recipes, or any other positive or negative feedback you might have.  It will be your contribution to the Cookbook and appreciated by all who use it.

See this video, Securing HIPAA Workflows on UITS Systems, for a HIPAA-centric example of how to secure your workflow that is also broadly applicable, and addresses some of the principles mentioned on this page.