On the vast majority of the state's websites (any website with utah.gov as part of the "URL" or website address) and all applications residing directly on Utah.gov we use a universal Internet technology called Secure Socket Layer (SSL). When you send information from your computer to our servers at utah.gov it is encrypted (locked) so that the information is protected during its transmission.
What is SSL and just how safe is it?
SSL uses what is referred to as 128-bit encryption. It is the highest level of protection possible for Internet communications, including your credit card and financial transactions.
The longer the lock or number (on a physical safe it could be described as a safe's combination) that is generated during an online session, the more difficult it is to break the encryption code, and that is what keeps your information secure during its transmission. Older browsers support a 40-bit (shorter number) encryption session.
According to Versign, Inc. a leader in digital trust and security services, 128-bit encrypted messages are: "...309,485,009,821,345,068,724,781,056 times harder to break than 40-bit messages. Thus, it would take the same technology used to crack the 40-bit message 1 trillion x 1 trillion years to crack a 128-bit message. That's several trillion times longer than the age of the Earth."
How do I know SSL is "turned on" and working?
First, look for the "s" in the website address as in https://secure.utah.gov
When you are at a website where you plan to transmit secure information, most Internet web browsers will contain a picture of a lock somewhere in the button bar near the bottom of the browser window. It should look something like the picture below (Please Note: The location of the lock may vary depending upon which browser you are using).
As an added protection when you connect to our services, utah.gov applications provide reminders and an easy to use way to upgrade your browser to a 128-bit version. We recommend that you do so. Nevertheless, our applications will still work with 40-bit encryption browsers.
Governmental entities also employee are variety of methods for keeping personally identifiable information/data secure including the reducing the risk of unauthorized release or tampering. Some of these methods include the use of firewalls, border routers, DMZ services, encryption, detection of intruders (instrusion detection), closing off of certain vulnernable network access points (ports), virus scanning detection and removal; security policies; vulnerability testing and audits; elimination of weak authentication and configurations. Although these do not address all possible security measures that the state employs or may employ in the future to protect its data assets this does describe a number of methods the State is using. See also "Data Security and Quality" section.
The State of Utah and Utah.gov take your Internet security very seriously. Our technology and policies are designed to make your online transactions safe, private, and secure. Rigorous policies and procedures are utilized to safeguard your personal information, such as social security numbers, banking information, and personal data.
In addition to SSL Encryption, whenever you see this icon on a Utah State government webpage, the following additional security measures have been taken:
State of the Art SSL (Secure Socket Layer) Encryption - This enables the encryption of sensitive information during an online transaction. Information sent via SSL can no longer be read as plain text.
Cybertrust - Utah.gov policies and procedures have been examined, measured and validated by Cybertrust, the global information security specialist.
Utah.gov Security - Hardware and software that controls the data entering and leaving the Utah.gov network.
Secure Internal Networks - All data transferred between databases is done via secure FTP or Virtual Private Networks (VPN) to ensure that only authorized users can access the network and no one can intercept data.
Data Storage Policies - Unless necessary, Utah.gov does not permanently store financial information so it cannot be retrieved or compromised.
Secure Policies and Procedures - Password and network activity audits are performed quarterly.
Physical Location Security - All physical locations where hardware and software are located are physically secured and only accessible by individuals with proper credentials.
Payment Card Industry Data Security Standards (PCI DSS) Compliant - Adherence to performance measurements outlined in the HYPERLINK "https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml" PCI DSS annual self evaluation, as well as submission to regular scans from Security Metrics to search for network vulnerabilities.
Application Security - A software tool is employed to scan for individual application vulnerabilities.
Sarbanes-Oxley Compliant - Adhere to secure change control procedures.
The State of Utah and Utah.gov work hard to protect your personal information while you do business with government online.