it.ucsf.edu

CipherCloud

Jennifer Pham's picture

The purpose of CipherCloud is to make UCSF Box safe for storing restricted data (e.g., PHI, PII, PCI, FERPA).

CipherCloud is a process application that does two things. One, it scans files outside of your secure folder for UCSF PHI and encrypts them. Two, it encrypts all files in your Secure-(email) secure folder, within UCSF Box. Once encrypted, only UCSF users with access to the folder and the CipherCloud agent can decrypt the files. Encrypted files cannot be shared with collaborators outside of UCSF.

What does CipherCloud encrypt?


  • Everything inside the Secure-(email) secure folder – CipherCloud will automatically encrypt all file formats under 400MB in your secure folder and its subfolders.
  • Only PHI outside of the secure folder – CipherCloud will scan for and encrypt all file formats that contain matches to UCSF PHI and are not multimedia file formats (such as images, video, audio, scanned PDFs) under 400MB.
Do NOT place PHI into a Box Note or place a Box Note into your secure folder.

Once a Box Note has been encrypted, it is impossible to open. After CipherCloud decrypts a file, it then attempts to open it with the most suitable application installed on your computer. Because Box Notes is a Box web application which can only be opened directly in the browser, you will get an error. The only thing you can do is revert it to its previous version. If your Box Note was placed inside your secure folder and does not contain PHI, the encryption can be removed by dragging the file outside of your secure folder while still remaining on your UCSF Box account.

CipherCloud FAQs


  • How long does it take to encrypt and decrypt a file on UCSF Box?

The encryption process should take less than a minute. If a file has not been encrypted or decrypted after 5 minutes, please contact the IT Service Desk.

You will know your file has been encrypted after CipherCloud replaces the file with a file of the same name and a .ccsecure extension. If the file was encrypted outside of your secure folder, a PDF marker file with the same name as the encrypted file will also be created containing a message that the file has been encrypted because it has UCSF PHI and the steps the user needs to follow to access the encrypted file.

  • I don’t store UCSF PHI on Box. Why was my file encrypted?

Many people don't realize they have UCSF PHI, which is one reason it's so important to use a tool like CipherCloud. For more information about what PHI is and isn't, and your responsibilities when handling it, please refer to the UCSF Privacy Office's Workforce Resources and Guidance. If you feel your file was encrypted in error, please contact the IT Service Desk. If your file was not encrypted in error, you can decrypt it with the CipherCloud agent.

  • Can I edit encrypted files on my mobile device?

You can access encrypted files on your mobile device as long as you have the CipherCloud app installed. To edit a file once CipherCloud has opened it, use the open in icon in the lower left to select an application which can open the file for editing. Please note, this will put an unencrypted copy of the file on your mobile device. As with all mobile applications, your ability to edit the file depends on which apps you have installed. You may only have the option to import or copy a file into an application to edit it, so if you need to make edits we recommend doing this from a computer instead. This will ensure that you are not saving unencrypted copies of restricted data on your mobile device.

More Info


Secure Box (CipherCloud)