SAFE Global Encryption Directory (SGED)

Why Encrypt?

Data is the new oil, and arguably, more financially valuable. In healthcare, data is the output of millions or even billions of dollars of investment in research and development. If disclosed to the wrong person or in a wrong forum, it can cause irreparable loss to your business with huge legal, financial and brand damage. It is even more sensitive for participants in the SAFE community due to additional government regulations applicable to data security and integrity such as patient information.

The best way to protect data is to encrypt it from end-to-end. In other words when the data is at rest in your network systems, it is stored encrypted. It gets decrypted when authorized users access it and it is encrypted again for the recipient’s eyes only when it is shared with a recipient via email.

Combining Strong Identity with Strong Encryption

Encrypting data is often not good enough. Strong identity plays a very important role when exchanging intellectual property or other sensitive information with partners. Many organizations choose to encrypt data to protect against unauthorized disclosure to someone who captured the information in transit or at rest. What is often overlooked is the risk of encrypting sensitive data to the wrong individual to start with. You must know the identity of the individual you wish to encrypt to with a high degree of confidence, otherwise, you risk encrypting data to someone who should not have access.

It is this sharing of data with an authorized 3rd party recipient which is tricky. The recipient may have changed his/her encryption certificate since they shared it with the sender last and hence the sender may be encrypting the data for a wrong recipient or a compromised certificate potentially exposing the data to rogue users.

SAFE Identity operates a PKI Trust Framework with the primary goal of defending against this very attack. By combining strong PKI encryption with high assurance identities, you can effectively mitigate many of the risks associated with intellectual property or sensitive information loss and disclosure by strongly verifying the identity of the individual before encrypting to them.

SGED: A Service to Enable Encryption for the SAFE Community

In the past, organizations that wished to use strong PKI encryption would host their organization’s public keys in a directory contained within the enterprise. This solved the problem of using strong PKI encryption for employees within the enterprise domain. However, discovering public keys hosted in a partner’s directory as part of a different domain remained a major inhibitor for secure collaboration between organizations. SGED solves this problem, read on to find out how.

SGED offers a central repository of all SAFE certified certificates and provides a seamless Outlook integration allowing senders to always choose the most current and valid recipient certificate when sending encrypted emails, inside and outside their enterprise. SGED automatically gets updated whenever a certificate is issued by a SAFE Bridge CA Member.

When using SGED via the Outlook plugin, the sender can rest assured that the email will be encrypted for the right recipient using his/her most recent certificate every time.