Educause Security Discussion mailing list archives
Re: Secure file transfers
From: Alan Amesbury <amesbury () OITSEC UMN EDU>
Date: Mon, 7 May 2007 19:34:01 -0500
Wyman Miles wrote:
Web-based drop-off location or something? (I can't reach the link) Cornell's got a homegrown app called dropbox that does what Rice's homegrown app, webfile did, that does what many campuses have built. Easier and safer to build your own with an SSL Web server than contract someone else to store your content.
Or maybe not. Not every higher ed. institution here has locally available the resources that an institution like Cornell has. That said, I agree it's going to tend to be safer if done carefully. At least on your own machine you physically control the hardware (in particular, physical access to it). You can take clear, auditable steps to secure the platform against unauthorized access, too. Generally speaking, though, if your data's stored on someone else's hardware, it's not really exclusively your data any more.
If I'm going to use some 3rd party HTTPS drop-off location, I'm going to encrypt the content first. And if I'm going to bother to encrypt the content first, I may as well just use any number of protocols to move it around.
Exactly! This is why I think policy should address data at rest as well. For example, I note that their product provides "[s]ecure transfer" but says nothing about protection while the data's at rest. -- Alan Amesbury OIT Security and Assurance University of Minnesota
Current thread:
- Re: Secure file transfers, (continued)
- Re: Secure file transfers scott hollatz (May 07)
- Re: Secure file transfers Matthew Keller (May 07)
- Re: Secure file transfers Samuel Young (May 07)
- Re: Secure file transfers Ken Connelly (May 07)
- Re: Secure file transfers Wyman Miles (May 07)
- Re: Secure file transfers Samuel Young (May 07)
- Re: Secure file transfers Buz Dale (May 07)
- Re: Secure file transfers Harrold Ahole (May 07)
- Re: Secure file transfers Joe St Sauver (May 07)
- Re: Secure file transfers Alan Amesbury (May 07)
- Re: Secure file transfers Alan Amesbury (May 07)
- Re: Secure file transfers Matthew Gracie (May 15)