What About Other Devices?
The School of Medicine prohibits the storage of any Stanford data on computers or mobile devices that do not have the required mobile device management software, as specified by the school's Data Security Policy. If you feel that you need an exception to this policy, please submit a Data Security Exception Request and provide a detailed description of your business purpose for requesting an exception.
Mobile
The Apple Watch does not yet require MDM. For now, Stanford affiliates can use the Apple Watch for Stanford information, provided users configure these minimum security settings.
A Stanford Mobile Device Management and encryption solution for Android devices running Android OS 4.0 and above. More information can be found here. Older Android devices cannot be used to access or store Stanford data.
BlackBerry devices are supported ONLY if they are configured to use the ITS Exchange/BlackBerry Enterprise Server services. Since these cost a combined $22/month (and that's going up dramatically as of 9/1/13), it may make more sense to replace the device with an iPhone or iPad.
These devices are not currently eligible to be enrolled in the Stanford Mobile Device Management (MDM) system, the required encryption solution. They need to be replaced with an iPhone/iPad (or Android 4.0+ device), or reconfigured to NOT use their e-mail application to access Stanford e-mail or store Stanford data in any other way.
Cloud-Based Data Services
The use of cloud-based services to store and share PHI is prohibited unless the service is specifically approved by Stanford and appropriate legal agreements with the vendor are in place. This means services like Stanford Box, DropBox, Egnyte, GMail, Google Docs, Google Drive, iCloud, Amazon Web Services and Microsoft SkyDrive *cannot* be used to store PHI as currently these vendors are not approved. A list of appropriate services that can be used with PHI is available on IRT's Security Services website.
External Hard Drives/Thumb Drives
Encryption on portable drives can present a unique set of challenges. Since the primary point to such drives is often to be able to use them on multiple computers, it's important to have the drive *not* rely upon software on the computer. Some products which we can recommend would include:
Apricorn Aegis Padlock series. These external hard drives are physically small, portable, and have a numeric keypad on the top. The drive is fully-encrypted, and can only be used by entering the correct combination on the keypad.
Apricorn Aegis Secure Key series. These USB Flash Drives have a numeric keypad under their removable cover. The drive is fully-encrypted, and can only be used by entering the correct combination on the keypad.
Corsair Flash Padlock 2 series. These USB Flash Drives have a numeric keypad on the top. The drive is fully-encrypted, and can only be used by entering the correct combination on the keypad.
Kingston DataTraveler Locker+ G2 series. These USB Flash Drives carry a copy of their own encryption software. The drive is fully-encrypted, and can only be used by entering the correct passphrase in the included software.
Theoretically, it is possible to encrypt any external drive with software (such as TrueCrypt). But you may run into significant problems around trying to use that encrypted drive on other computers, since the other computer would *also* need to have the same encryption software installed on it. That's why we would recommend using one of the above products.
Linux Computers
End-user computers running the Linux operating system are not currently compatible with the required BigFix and encryption software. Please submit a Data Security Exception Request to let us know you have a Linux exception. IRT recommends though does not require you encrypt your computer using the native Linux encryption application. If you have done local encryption, please let us know in your Compliance Variance Request the specific encryption application you have installed.
