· A place where users can store more files than what your Z: drive allows
· A service where users can share files with others
· A service where users can collaborate on projects, papers, and research
We have set up a working group to discuss these issues and offer the campus a solution. Until we can fully explore and implement a solution that will cover the requirements and be cost effective we would like offer our suggestions on what currently is available to you as an end user and also remind you of some policies on how University data is to be treated.
Why does IT care about these services? It is every employee's job to safeguard University information. There are policies in place to help employee's adhere to keeping University information safe.
APS 6005 IT Security Program - This policy details the entire IT Security Program, but under section 1 IT Resource User Responsibilities, "Establishes IT security requirements for all IT resource users in protecting University information and IT resources."
APS 2006 Retention of University Records - II.2. "University records shall be maintained in a medium owned or controlled by the University. If the University does not offer a practical solution, (as determined by the campus information resource oversight authority) records may be maintained on outsourced IT services (such as web sites, web-based documents or social media sites), as long as departments seek approval from the campus IT security principal to ensure that vendor contracts and/or terms of service meet University standards."
IT is aware that some employees have been using services that have not been approved to store University information. Approved services have met certain guidelines to become approved such as testing, security practices, history of the service, terms of service, etc. Unapproved services have not met or not yet met these guidelines. If any unapproved services listed are below, the service may be putting University information at risk. Any other services that are not listed on this page have not been fully reviewed and if you are using such a service, please contact IT Security for a review.
Both Box.com and SpiderOak.com have track records of protecting users data and has been approved by the IT Security Principal, Greg Williams. Private or Restricted information including University records should not be stored on any non-University system. Contact Greg Williams to determine if you have this type of data and how it can be secured on University owned systems. Additionally, you can find more about information classification here: http://www.uccs.edu/itsecure/campus-and-general-resources/data-discovery-classification-and-clean-up/uccs-guidance-on-information-asset-classification.html
If you are using Dropbox.com for any storage of University material, it has been identified as a risk and you should move your data to an approved vendor or wait until the campus provides a solution.