Educause Security Discussion mailing list archives
Re: centralized storage of sensitive data
From: Theresa Semmens <Theresa.Semmens () NDSU EDU>
Date: Wed, 1 Jul 2009 10:17:51 -0500
Educause has several good resources for encryption. One you may find interest in is https://wiki.internet2.edu/confluence/display/secguide/Encryption Within your data protection policy are you providing data classification of your data elements? Customers need to know confidential data is. Be sure your policy takes into account your government's laws and regulations for data protection. It sounds like you are taking a four-pronged approach - policy/procedure -> encryption for data manipulation -> encryption in transit -> encryption for data at rest. For data in transit you will want to look at pros and cons for a VPN, or if working online through the Internet, may want to incorporate SSL, and will need to look at benefits for that as well. Each institution has different climates and cultures for how they perform business, education, and research functions. I recommend that your thoroughly review your processes for each of these three areas and then fit the solution(s) to the needs. When it comes to security, you will never find a "one size fits all" brand. Higher Ed poses a unique set of challenges, and is like herding cats - you can guide them (Higher Ed) in one direction, but that doesn't mean they will end up at that destination. ;-) Good luck with your project. We will be interested in learning what you deploy and how you will deploy it. Theresa Theresa Semmens, CISA Chief IT Security Officer North Dakota State University IACC 210D PO Box 6050 Fargo, ND 58108 Phone: 701-231-5870 Fax: 701-231-8541 Theresa.Semmens () ndsu edu "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of reflect ocean Sent: Wednesday, July 01, 2009 9:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] centralized storage of sensitive data We are building policy for sensitive data manipulation which leads us to a stage where we are evaluating available and affordable solutions to the risk of sensitive digital document manipulation.The goal is to protect sensitive information such faculty docs from leaking by implementing data loss controls. Answering your question:both. Based on this, we are looking for a solution that protects data by offering a centralized encrypted storage and an encrypted tarnsference to the central storage device as well. We have also considered to encrypt this sensitive data from the beginning of its elaboration (i.e local encryption in the PC) but we are just starting to explore solutions. I'm aware of windows server platforms offer some sort of encrypted file server storage but i'm not sure if that includes encyrpted transference from the pc to the file server. Thanks On Wed, Jul 1, 2009 at 9:12 AM, Theresa Semmens<Theresa.Semmens () ndsu edu> wrote:
Your request is bit confusing - are you looking for solutions to encrypt just the storage (resting data), or the transference of data, or both? If it is both, you are wanting to discuss different solutions for different issues. Will you be encrypting e-mail as well? What about the workstations where the data will be manipulated - will they be considered in the protection of sensitive data? Do you have a policy and procedure in place that will provide oversight
and
governance for this project? Without policy and procedure, you will run into a lot of problems. This must be your first step in protecting data. I have to question if you are considering all of the situations and issues for confidential data protection. Theresa Semmens, CISA Chief IT Security Officer North Dakota State University IACC 210D PO Box 6050 Fargo, ND 58108 Phone: 701-231-5870 Fax: 701-231-8541 Theresa.Semmens () ndsu edu "Opportunity is missed by most people because it is dressed in overalls
and
looks like work." Thomas Edison -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of reflect ocean Sent: Wednesday, July 01, 2009 9:01 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] centralized storage of sensitive data We are planning to implement a solution to storage sensitive data which must include encryption and auditory of each access.Storage of information should be centralized and transfer of data across network also should be encryted. I've reviewed some solutions from McAfee and Sophos.If anyone has any recommendation or any other consideration to implement , please let me know. Thanks
Current thread:
- centralized storage of sensitive data reflect ocean (Jul 01)
- <Possible follow-ups>
- Re: centralized storage of sensitive data jeff murphy (Jul 01)
- Re: centralized storage of sensitive data Theresa Semmens (Jul 01)
- Re: centralized storage of sensitive data reflect ocean (Jul 01)
- Re: centralized storage of sensitive data Theresa Semmens (Jul 01)
- Re: centralized storage of sensitive data reflect ocean (Jul 01)