Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: File sharing settings with cloud collaboration tools
From: "Shamblin, Quinn" <qrs () BU EDU>
Date: Wed, 6 Nov 2013 13:01:54 +0000

Boston University is using Google Apps and is working on deploying Office
365.  

 

We have recently approved the version of Google Drive that is part of BU
Google Apps for use in storing information and up through our "confidential"
level of classification.  This means data up to the level of FERPA Data, but
not to the level of HIPPA, PCI or other heavier privacy legislations (which
we designate "restricted use").  So people are permitted to store student
grades but nothing more sensitive than that.  However in providing
permission for them to do so, we also made it clear that they are
responsible for setting up security correctly, we do not allow such
information to be posted to a folder unless the permissions on that folder
are named access that require authentication.

 

We have not yet extended such capability to Office 365 but will likely do so
at the appropriate time.

 

Quinn R Shamblin
----------------------------------------------------------------------------
-------
Executive Director of Information Security, Boston University
CISM, CISSP, ITIL  (Previously GCFA, PMP)

Office: 617-358-6310    Mobile: 617-999-7523

Contact me securely:  <https://securecontact.me/qrs () bu edu>
https://securecontact.me/qrs () bu edu

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dan Han
Sent: Tuesday, November 5, 2013 3:04 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] File sharing settings with cloud collaboration tools

 

Good afternoon,

 

If your institution is using Google Apps, Office 365, or any other cloud
based collaboration tools, how are the sharing options configured for these
tools? Particularly, does your institution allow documents and files to be
shared with the public without authentication? (e.g. Making a file publicly
available or allow access to anyone with a link) 

 

If so, and feel free to ignore this part of the question, have you seen any
sensitive information posted publicly, and how are you handling these
potential incidents? Thank you.  

 

Dan Han

Virginia Commonwealth University



-- 
Dan Han
Virginia Commonwealth University

Sent from my mobile device

Attachment: smime.p7s
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault