Re: Remote access and data offloads.

[Russell Fulton <r.fulton () AUCKLAND AC NZ>]

Doug Sandford wrote:
> Does anyone have a workable institutional poly regarding remote
> desktop access versus VPN? We want to put something together that
> 'encourages' the use of a VPN connection that permits a degree of
> accountability. Although our Acceptable Use Policy addresses
> University data in all forms as just that, we would like to reiterate
> that issue of downloading institutional data to home computers etc.
We are currently working on a remote access policy but it is more
focused on getting users to use appropriate levels of security
technology (and common-sense) depending on what sort of data
institutional data they are accessing.   (Or just as importantly which
set of access credentials they are using).

EG. for strictly confidential material we recommend VPN from a system
that compiles with our standards -- fully patched, AV, blah, blah,
blah... (e.g. a personal laptop which has been set up by local IT staff
or a managed desktop at another university).

As always the real purpose of the policy is to get people to stop an
think before hopping into a some airport cyber cafe  to check on their
grant application.

Russell