Educause Security Discussion mailing list archives
Re: Secure file transfers
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Tue, 15 May 2007 09:12:00 -0400
Theresa M Rowe wrote:
We have a big push for using outsourced ASP/data hosting services here. We have a strong policy for contract review, including a security review. We've been insisting on secure file transfer methods for data exchanges between the university and the vendor. We've accepted VPN or SFTP as methods for data exchange, especially for those contracts where the data exchanges include confidential data (we have a state law in Michigan that protects certain data such as social security numbers and credit card numbers). Data exposure (unauthorized access) of those data elements can result in a maximum $750,000 fine for the university. We've been getting a push back from some vendors that "standard FTP" is secure enough. We've been saying it isn't good enough. I am checking in on best practice. I'd appreciate your thoughts on this.
We have a few vendors that we exchange information with via PGP or GPG encrypted email; the Enigmail extension for Thunderbird, and the tools at gpg4win.org are very helpful. --Matt -- Matt Gracie (716) 888-2403 Information Security Administrator graciem () canisius edu Canisius College ITS 425531N / 0785109W http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- Re: Secure file transfers, (continued)
- Re: Secure file transfers Matthew Keller (May 07)
- Re: Secure file transfers Samuel Young (May 07)
- Re: Secure file transfers Ken Connelly (May 07)
- Re: Secure file transfers Wyman Miles (May 07)
- Re: Secure file transfers Samuel Young (May 07)
- Re: Secure file transfers Buz Dale (May 07)
- Re: Secure file transfers Harrold Ahole (May 07)
- Re: Secure file transfers Joe St Sauver (May 07)
- Re: Secure file transfers Alan Amesbury (May 07)
- Re: Secure file transfers Alan Amesbury (May 07)
- Re: Secure file transfers Matthew Gracie (May 15)