Educause Security Discussion mailing list archives
Re: Secure file transfers
From: "Winders, Timothy A" <twinders () SOUTHPLAINSCOLLEGE EDU>
Date: Mon, 7 May 2007 08:01:34 -0500
All data transfers inside the state of Texas containing student confidential information are done with SFTP. This change was made approximately 2 years ago. FTP is not secure enough. I would run away from any vendor that told me that. Tim Winders | Associate Dean of Information Technology | South Plains College
-----Original Message----- From: Theresa M Rowe [mailto:rowe () OAKLAND EDU] Sent: Monday, May 07, 2007 7:54 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Secure file transfers We have a big push for using outsourced ASP/data hosting services
here.
We have a strong policy for contract review, including a security review. We've been insisting on secure file transfer methods for data
exchanges
between the university and the vendor. We've accepted VPN or SFTP as methods for data exchange, especially for those contracts where the data exchanges include confidential data (we have a state law in Michigan that protects certain data such as social security numbers
and
credit card numbers). Data exposure (unauthorized access) of those data elements can result in a maximum $750,000 fine for the
university.
We've been getting a push back from some vendors that "standard FTP"
is
secure enough. We've been saying it isn't good enough. I am checking in on best practice. I'd appreciate your thoughts on this. Thanks in advance - Theresa Theresa Rowe Assistant Vice President University Technology Services www.oakland.edu/uts - the latest news from University Technology Services
Current thread:
- Secure file transfers Theresa M Rowe (May 07)
- <Possible follow-ups>
- Re: Secure file transfers Winders, Timothy A (May 07)
- Re: Secure file transfers Brian Epstein (May 07)
- Re: Secure file transfers Ken Connelly (May 07)
- Re: Secure file transfers Glenn Forbes Fleming Larratt (May 07)
- Re: Secure file transfers Jones, Dan (May 07)
- Re: Secure file transfers Valdis Kletnieks (May 07)
- Re: Secure file transfers scott hollatz (May 07)
- Re: Secure file transfers Cal Frye (May 07)
- Re: Secure file transfers Joe St Sauver (May 07)
- Re: Secure file transfers Harrold Ahole (May 07)
- Re: Secure file transfers scott hollatz (May 07)
(Thread continues...)