What is CipherCloud?
The purpose of CipherCloud is to make UCSF Box and Office 365 safe for storing restricted data (e.g., PHI, PII, PCI, FERPA).
CipherCloud is a process application that does two things:
- Scans files outside of your Secure folder on Box, and anywhere on Office 365, and encrypts any it finds that contain UCSF PHI
- Encrypts all files in your Secure-(email) Secure folder on UCSF Box, and any file whose name contains ^secure on Office 365
Only UCSF users with access to an encrypted folder and the CipherCloud agent can decrypt the files. Encrypted files cannot be shared with collaborators outside of UCSF.
For more information related to CipherCloud on Office 365 see Encryption in Office 365 (PDF).
What does CipherCloud encrypt?
CipherCloud encrypts everything inside your Secure-(email) secure folder:
- CipherCloud will automatically encrypt all file formats under 400MB in your secure folder and its subfolders.
- The bigger a file is, the longer it will take to decrypt the file.
- You can still store files up to 15GB, but they will not be encrypted if they are over 400MB.
- We recommend that you do not store files that contain restricted data in your UCSF Box if they are larger than 400MB.
Outside your secure folder, CipherCloud will encrypt only UCSF PHI:
- CipherCloud will scan for and encrypt all file formats that contain matches to UCSF PHI that are under 400MB and are not multimedia file formats such as images, video, audio, or scanned PDFs.
Do not place UCSF PHI into a Box Note or place a Box Note into your secure folder.
- Once a Box Note has been encrypted, it is impossible to open:
- After CipherCloud decrypts a file, it then attempts to open it with the most suitable application installed on your computer.
- Because Box Notes is a Box web application that can only be opened directly in the browser, you will get an error message if you try to decrypt it. The only thing you can do is revert it to its previous version.
- However, if your Box Note was placed inside your secure folder and does not contain UCSF PHI, you can remove the encryption by:
- Remaining on your UCSF Box account
- Dragging the file outside your secure folder
How long does it take to encrypt and decrypt a file on UCSF Box?
- The encryption process should take less than a minute. If a file has not been encrypted or decrypted after 5 minutes, contact the IT Service Desk. You will know your file has been encrypted when CipherCloud replaces the file with a file of the same name and a .ccsecure extension.
- If the file was encrypted outside of your Secure folder, a PDF marker file with the same name as the encrypted file will also be created, containing a message that (1) says the file has been encrypted because it has UCSF PHI, and (2) provides the steps the user needs to follow to access the encrypted file.
What is a .ccsecure file type?
- CipherCloud is constantly scanning for UCSF PHI in the background. When it discovers UCSF PHI in a file, it encrypts the file and replaces it with a file of the same name and a .ccsecure extension:
- Original File: MyPatientData.xlsx
- Encrypted File: MyPatientData.xlsx.ccsecure
- Once a file has been encrypted, it cannot be searched or previewed, because its contents can only be accessed by the CipherCloud agent.
I don’t store UCSF PHI on Box. Why was my file encrypted?
- Many people don't realize they have UCSF PHI. This is a major reason why it's so important to use a tool like CipherCloud. If you feel your file was encrypted in error, contact the IT Service Desk. If your file was not encrypted in error, you can decrypt it with the CipherCloud agent.
- For more information about what UCSF PHI is and isn't, and your responsibilities when handling it, refer to the UCSF Privacy Office's Workforce Resources and Guidance.
Can I edit encrypted files on my mobile device?
You can access encrypted files on your mobile device as long as you have the CipherCloud app installed.
To edit a file once CipherCloud has opened it, use the Open icon in the lower left to select an application that can open the file for editing.
Note: This will put an unencrypted copy of the file on your mobile device.
- As with all mobile applications, your ability to edit the file depends on which apps you have installed. If your only option is to import or copy a file into an application to edit it, we recommend doing it from a computer instead.
- This will ensure that you are not saving unencrypted copies of restricted data on your mobile device.