Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Risks of File Transfer on a Fully Switched Network

From: Richard Gadsden <gadsden () MUSC EDU>
Date: Tue, 29 Nov 2005 15:20:11 -0500
On Tue, 29 Nov 2005, Sadler, Connie wrote:



I am being told that the risk of transferring sensitive files over our
InTRAnet is so low that we should not require encryption for these
internal file transfers. Transferring over the Internet in the clear is
clearly a problem, but are others willing to share your position on the
transmission of sensitive data in the clear internally (assuming a fully
switched network)??


Hi Connie,

Transferring over the Internet is "clearly a problem" but transferring
over the internal network carries neglible risk? Depending on the types of
data involved, and the types of threats and vulnerabilities that are known
or assumed, one might well conclude the exact opposite. Even if the
internal network environment is fully switched.

At my institution, we do not *require* encryption for all internal
transfers of files containing sensitive data. We recommend it, and we
encourage it whenever practical as a risk managment practice, but... we
don't require it. If we required it, assuming that was even a good idea,
then we'd need to enforce it.

-Richard

 --- o ---
 Richard Gadsden
 Information Security Office
 Office of the CIO - Information Services
 Medical University of South Carolina
 100 Doughty St
 PO Box 250753
 Charleston, SC, USA  29425
Previous By Date Next
Previous By Thread Next

Current thread: