Online Storage Security Frequently Asked Questions
- What is online storage?
- Are the drives I see on my local machine a form of online storage provided by the Information Technology department?
- Is the Oracle Document Imaging System considered online storage?
- How do I know what information is protected and what isn’t? Or what is sensitive and what isn’t?
- Is there online storage I should NOT use to store sensitive or protected information?
- Where should I store files with Social Security numbers or other protected information?
- Who can see the data I store on the drives provided by the university such as my P: drive?
- Are there security issues with using online storage?
- What are other terms I might hear describing online storage?
- What other types of online storage are there?
- What is cloud storage?
- Is there any particular type of information I should be careful with?
- What other types of information should I be careful with?
- Is my password sensitive information?
Are the drives I see on my local machine a form of online storage provided by the Information Technology department?
Yes; the J:, P:, Q:, R:, S:, and V: drives are all examples of storage provided over the network by the Information Technology Department.
How do I know what information is protected and what isn’t? Or what is sensitive and what isn’t?
Please refer to university policies OP 44.00 and OP 44.01 as well as the IT Glossary. In very general terms, if the information ties a person’s name to other identifying information such as SSN or physical address it’s protected. If the information reveals specifics of credit card transactions or financial transactions, it’s protected.
Is there online storage I should NOT use to store sensitive or protected information?
You should not store protected information on any storage provided by a third party vendor. Third party vendor on-line storage services are not controlled by the university and should be considered public. Free web or cloud based services such as Google Docs, Dropbox, Skydrive, ADrive, 4Shared and others. The contractual obligations of the vendors are very limited and do not relieve you of the responsibility for any exposure of protected information.
Where should I store files with Social Security numbers or other protected information?
The best answer is don’t ask for or keep SSNs unless you need them for business or legal reasons and then only on secure locations such as your P: drive. Store it in the most limited access storage available that still allows access to those needing it. If you are uncertain where to store the information or you need to share SSNs across groups or offices, contact the Technology Support Center and we can help arrange a safe place to share the information.
Who can see the data I store on the drives provided by the university such as my P: drive?
Your P: drive is accessible only by you. The Q: drive is divided up by department and is typically viewable by the department’s employees, including student workers. The S: and V: drives are used for specific applications shared across user groups with permissions applicable to those groups. The J: drive houses information usually used by only a pair of individuals or departments that need to share information, but also need to keep that information to a limited audience. The R: drive is accessible by all employees and some student workers and should be treated as if it were public since it has such broad access.
Are there security issues with using online storage?
Yes, online storage can be seen by a variety of people and how each location is controlled differs based on requirements. Some of the storage provided by the university is viewable by the entire population of employees. Some of the storage is visible to entire departments. Where you store your information should be based on the information’s sensitivity and requirements for dissemination. As a guideline, store your information where it is least visible and still allows access to anyone requiring access to it for work.
What are other terms I might hear describing online storage?
Mapped network drives, network drives, logical drives, logical drive connections, network storage, cloud storage, cloud drives, document imaging systems and others.
What other types of online storage are there?
In addition to more traditional looking file and folder storage like your P: drive, there are document repositories like Sharepoint, online shareable dropbox style storage, online data backup services such as Mozy and Carbonite, online personal drives such as those provided by Google, Microsoft Live, and others.
What is cloud storage?
The term cloud is used as a generic term referring to any online service provided by a second or third party that allows a user to use storage or applications without regard for location of the physical hardware or how the physical hardware is configured and may not require any special software on the user’s side to access it. For example, many cloud based products require only a web browser to access the user’s data. Cloud storage might refer to storage provided by the university or third party vendors such as Google.
Is there any particular type of information I should be careful with?
Yes, there are several. Social Security numbers must be carefully controlled. Any information protected by law, regulation, or statute must be stored based on rules from the applicable law. For example, we must store Social Security numbers only if we require them for a business process and must not let the association of an SSN with the specific person be exposed to anyone other than the SSN owner and those within the university that require the information for business purposes.
What other types of information should I be careful with?
In general terms, any credit card information, Social Security numbers associated with individuals, health related information, patient records, financial information, student grades. This list is not all inclusive. You should take care will all university information.
Is my password sensitive information?
Great question! Passwords along with your username or account name are used to ensure that only authorized users get access to systems. Since they are your key to gaining access to protected information, passwords should be treated with the same care and caution that protected information is. Visit the password web page to find information on how to protect your passwords.