Re: Secure file transfers

["Winders, Timothy A" <twinders () SOUTHPLAINSCOLLEGE EDU>]

All data transfers inside the state of Texas containing student
confidential information are done with SFTP.  This change was made
approximately 2 years ago.

FTP is not secure enough.  I would run away from any vendor that told me
that.

Tim Winders | Associate Dean of Information Technology | South Plains
College


> -----Original Message-----
> From: Theresa M Rowe [mailto:rowe () OAKLAND EDU]
> Sent: Monday, May 07, 2007 7:54 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Secure file transfers
>
> We have a big push for using outsourced ASP/data hosting services
here.
> We have a strong policy for contract review, including a security
> review.
>
> We've been insisting on secure file transfer methods for data
exchanges
> between the university and the vendor.  We've accepted VPN or SFTP as
> methods for data exchange, especially for those contracts where the
> data exchanges include confidential data (we have a state law in
> Michigan that protects certain data such as social security numbers
and
> credit card numbers).  Data exposure (unauthorized access) of those
> data elements can result in a maximum $750,000 fine for the
university.
> We've been getting a push back from some vendors that "standard FTP"
is
> secure enough.  We've been saying it isn't good enough.
>
> I am checking in on best practice.  I'd appreciate your thoughts on
> this.
>
> Thanks in advance -
> Theresa
> Theresa Rowe
> Assistant Vice President
> University Technology Services
> www.oakland.edu/uts - the latest news from University Technology
> Services