Educause Security Discussion mailing list archives
Re: O365 A1 and OneDrive
From: David D Grisham <DGrisham () SALUD UNM EDU>
Date: Wed, 31 Oct 2018 15:39:48 +0000
I didn't see an answer to Michael Schalip's post about anyone moving to O365 & OneDrive in a Health Science Center. Further, if you have a hospital or hospital system that will be in the same network as the Health Science Center did you include the healthcare components or just education and research? We are concerned about securing the healthcare component's email systems. Cheers.-grish David Grisham David Grisham, PhD, CISM, CRISC Manager, Cybersecurity, UNM Hospitals, UNM Health Science Center 505.272.5657 Dgrisham () salud UNM edu<mailto:Dgrisham () salud UNM edu> DO NOT provide your username, password, or any personal information in any email. UNMH WILL NEVER ask you for your username or password via email. DO NOT CLICK links or attachments unless you are positive the content is safe. From: The EDUCAUSE Security Community Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Patricia Malek Sent: Wednesday, October 31, 2018 8:26 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] O365 A1 and OneDrive [[-- External - this message has been sent from outside the University --]] Aaron, Your matrix is very helpful. Just a follow up question regarding sensitive data that falls under the umbrella of FERPA, GDPR or GLBA, do you have controls in place to prevent downloading of sensitive data to non-authorized storage such as local hard drives of personal computers? Thank you. Patricia Malek, CISSP, GSEC Director of CyberSecurity Technology Services [Description: Description: Description: cid:3336388681_2393357] pamalek () loyola edu<mailto:pamalek () loyola edu> www.loyola.edu/informationsecurity<http://www.loyola.edu/informationsecurity> Security Alert: Loyola Technology Services will never ask for your password. Please do not share it with others. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Baillio, Aaron Sent: Wednesday, October 31, 2018 9:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] O365 A1 and OneDrive We're also on an A1+ license and have allowed faculty and staff to use OneDrive for almost 3 years now. We developed a data matrix that show what types of data can be placed in which locations. http://www.ou.edu/content/dam/IT/security/Docs/CloudStorageMatrix.pdf We also got a CASB in place to do malware/DLP and UEBA. It's been invaluable and puts the lawyers at ease about using these locations for certain data types because we can monitor for it. B. Aaron Baillio, Sec+, CEH, CISSP University of Oklahoma, Information Technology Deputy CISO O: 405-325-7948 C: 254-400-6404 From: The EDUCAUSE Security Community Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Childs, Aaron Sent: Wednesday, October 31, 2018 7:51 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] O365 A1 and OneDrive Good Morning Brent, Unfortunately no. It does not appear you can target an audience for DLP. That would be a nice feature request for Microsoft. Our entire campus is in the same instance. Have a good day, Aaron Aaron Childs, Director [cid:image006.jpg@01D2D928.B291E230] Infrastructure Services Information Technology Services Wilson Hall - 577 Western Ave. Westfield MA 01086 P 413.572.5527 F 413.572.5615 aaron () westfield ma edu<mailto:aaron () westfield ma edu> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Haselhoff, Brent Sent: Wednesday, October 31, 2018 8:42 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] O365 A1 and OneDrive Caution External Email: This email originated outside of WSU. Do not click links, open attachments, or respond if it appears to be suspicious. Aaron, We you able to set up different DLP policies for Faculty/Staff vs. students? Or are your faculty/staff on a different instance from your students? Thanks Brent Brent Haselhoff Manager, IT Security and Identity Management brent.haselhoff () wku edu<mailto:brent.haselhoff () wku edu> 270-745-2012 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Childs, Aaron Sent: Wednesday, October 31, 2018 7:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] O365 A1 and OneDrive ** This message originated from outside WKU. Always use caution following links. ** Good Morning William, We have slowly allowed our Faculty and Staff to use OneDrive. We give them a preamble of what they can and cannot save on the OneDrive before assigning the license. In addition to that we have enabled a couple of Data Loss Prevention policies in the Security & Compliance Admin Center. So far it works well. We get an email notification if someone violates the policy. You can also change the sharing settings in the OneDrive Admin Center to control how your faculty and staff can share files. Have a good day, Aaron Aaron Childs, Director [cid:image006.jpg@01D2D928.B291E230] Infrastructure Services Information Technology Services Wilson Hall - 577 Western Ave. Westfield MA 01086 P 413.572.5527 F 413.572.5615 aaron () westfield ma edu<mailto:aaron () westfield ma edu> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Ferland, William Sent: Tuesday, October 30, 2018 5:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] O365 A1 and OneDrive Caution External Email: This email originated outside of WSU. Do not click links, open attachments, or respond if it appears to be suspicious. Everyone - I apologize. The question is in regard to OneDrive, not OneNote. ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Ferland, William <wferland () CCRI EDU<mailto:wferland () CCRI EDU>> Sent: Tuesday, October 30, 2018 4:17 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] O365 A1 and OneNote Hello everyone, We have just migrated our faculty and staff to the O365 A1 Education Plan and are now looking at what level of OneNote access permissions to provide users. I have some anxiety relative to data security and how we proceed. Any experience/advice/concerns you can share would be greatly appreciated. Thanks. Bill William Ferland Director of IT Operations and Information Security Community College of Rhode Island 400 East Road Warwick, RI 02886
Current thread:
- O365 A1 and OneNote Ferland, William (Oct 30)
- Re: O365 A1 and OneDrive Ferland, William (Oct 30)
- Re: O365 A1 and OneDrive Childs, Aaron (Oct 31)
- Re: O365 A1 and OneDrive Haselhoff, Brent (Oct 31)
- Re: O365 A1 and OneDrive Childs, Aaron (Oct 31)
- Re: O365 A1 and OneDrive Baillio, Aaron (Oct 31)
- Re: O365 A1 and OneDrive Patricia Malek (Oct 31)
- Re: O365 A1 and OneDrive David D Grisham (Oct 31)
- Re: O365 A1 and OneDrive Baillio, Aaron (Oct 31)
- Re: O365 A1 and OneDrive Childs, Aaron (Oct 31)
- Re: O365 A1 and OneDrive Ferland, William (Oct 30)
- Re: O365 A1 and OneDrive Michael Schalip (Oct 31)