Using Digital Certificates to Secure SensitiveCommunications Within the UW Medical School             Nicholas Davis – DoI...
Overview• Old business processes vs. new  business processes• Protecting your electronic identity• Email security• Digital...
Old vs. New Business Processes• UW-Madison has  historically relied upon  manual business  processes• Transcripts, HR Data...
Old vs. New Business Processes• As the amount of information we  manage has increased, we have  turned to electronic infor...
Old vs. New Business Processes• Today, we send official  documents as email  attachments• We send email and documents  to ...
Protecting Your Personal             Identity• When you send a document, how  does the receiver know it came  from you?• W...
Email Security• How secure is the email you  sent this morning?• What happens to an email  once you click the “send”  butt...
Digital Certificates Defined• A digital certificate is NOT a  software application• A digital certificate is an  “electron...
What Digital Certificates Can Do     For Your Department• Provide proof of document or  email message authorship• Proves t...
Example
Example
Encryption• Protects your email from being  read and/or altered from the  moment it leaves your computer• Simple as “click...
Example
If The Encrypted Email Is       Intercepted
Uses• Signing documents (and  email) to prove authorship• Encrypting sensitive emails  and attachments
Think About ThisCould cause harm in   a critical situationCase Scenario   Multiple hoax   emails sent with   Chancellor’s ...
Case Scenarios To Be Avoided• HR related email concerning  Nicholas Davis is intercepted  by someone on the campus  networ...
The Technology Is Trustworthy• X.509 is the industry  standard• Used by many  Federal Government  agencies and  Universiti...
The Technology Is Managed• DoIT generates,  distributes,  supports and  manages the digital  certificate program• Our cert...
Questions, Comments• Nicholas Davis• ndavis1@wisc.edu (info)• pki@doit.wisc.edu (support)
Upcoming SlideShare
Loading in …5
×

Healthcare information security secure sensitive communications within the uw medical school

199 views
167 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
199
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Healthcare information security secure sensitive communications within the uw medical school

  1. 1. Using Digital Certificates to Secure SensitiveCommunications Within the UW Medical School Nicholas Davis – DoIT Middleware March 1, 2010
  2. 2. Overview• Old business processes vs. new business processes• Protecting your electronic identity• Email security• Digital certificates defined• What digital certificates can do for your department• How digital certificates can help your increase security• Questions• Next Steps
  3. 3. Old vs. New Business Processes• UW-Madison has historically relied upon manual business processes• Transcripts, HR Data, Contracts, Research Data, Health Information, Financial and Accounting Information—all kept on paper• Physically secure• Difficult to access, replicate and distribute
  4. 4. Old vs. New Business Processes• As the amount of information we manage has increased, we have turned to electronic information systems to help us organize and disseminate information in a more efficient manner
  5. 5. Old vs. New Business Processes• Today, we send official documents as email attachments• We send email and documents to group mail lists• Access to information is much greater than it was in the days of manual processes• With new technologies there are new threats
  6. 6. Protecting Your Personal Identity• When you send a document, how does the receiver know it came from you?• When you send an electronic document, wouldn’t you want the same assurance?
  7. 7. Email Security• How secure is the email you sent this morning?• What happens to an email once you click the “send” button?• Network, Intermediary Servers, Receiving Email Server, End Users Workstations• Laptops!
  8. 8. Digital Certificates Defined• A digital certificate is NOT a software application• A digital certificate is an “electronic passport”, with special added features• Proves your identity• Allows you to protect your information with encryption• Functionality already built into existing applications on your computer
  9. 9. What Digital Certificates Can Do For Your Department• Provide proof of document or email message authorship• Proves that the document (Word, Excel, PDF, Powerpoint) came from you• Proves that the document has not been altered from original form
  10. 10. Example
  11. 11. Example
  12. 12. Encryption• Protects your email from being read and/or altered from the moment it leaves your computer• Simple as “click and send”• In order to receive encrypted email, you must have a digital certificate• In order for encryption to work bi- directionally, both users must have digital certificates
  13. 13. Example
  14. 14. If The Encrypted Email Is Intercepted
  15. 15. Uses• Signing documents (and email) to prove authorship• Encrypting sensitive emails and attachments
  16. 16. Think About ThisCould cause harm in a critical situationCase Scenario Multiple hoax emails sent with Chancellor’s name and email. When real crisis arrives, people might not believe the warning.It is all about trust!
  17. 17. Case Scenarios To Be Avoided• HR related email concerning Nicholas Davis is intercepted by someone on the campus network and sent to newspaper• Laptop containing spreadsheet with SSNs of all UW faculty is stolen at Moscow airport.
  18. 18. The Technology Is Trustworthy• X.509 is the industry standard• Used by many Federal Government agencies and Universities around the world• Used in all Western European passports• Used by GE, Raytheon, J&J, P&G
  19. 19. The Technology Is Managed• DoIT generates, distributes, supports and manages the digital certificate program• Our certificates are provided by Verisign, the most widely trusted issuer of digital certificates• We keep copies— just in case
  20. 20. Questions, Comments• Nicholas Davis• ndavis1@wisc.edu (info)• pki@doit.wisc.edu (support)

×