Re: Sharing files

["Bohlk, Christopher J." <cbohlk () PACE EDU>]

I was wondering if anyone who chose one of the hosted secure file sharing solutions was able to get the vendor to sign 
a contract that made them fully responsible for breach notification, monitoring, and potential damages in the event 
that they were compromised and the customers data was breached?  If so, what vendor provides this service and did this 
increase the cost to make it unattractive to outsource?

Thanks,
Chris

Chris Bohlk, CISSP, C|EH
Pace University
Information Security Officer
Information Technology Services (ITS)
235 Elm Road, West Hall 212A
Briarcliff Manor, NY 10510
(914)923-2649  Office

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
DiGrazia, Mick A
Sent: Thursday, September 12, 2013 11:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Sharing files

We also use Filelocker as well and it's done well for us. However, the open source project seems to be abandoned - new 
code hasn't been submitted in over a year. We are developing an in-house solution to provide similar, but reduced, 
functionality.

Mick A. DiGrazia
University of Connecticut
Information Security Office
(860) 486-1336
mick.digrazia () uconn edu<mailto:mick.digrazia () uconn edu>

From: <Bradley>, Stephen <bradlesw () MIAMIOH EDU<mailto:bradlesw () MIAMIOH EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Thursday, September 12, 2013 11:19 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Sharing files

We use File Locker from Purdue University.

http://filelocker2.sourceforge.net/

On Thu, Sep 12, 2013 at 10:25 AM, Brandon Payne <brandon.j.payne () svcc edu<mailto:brandon.j.payne () svcc edu>> wrote:
What is everyone else doing for sharing important files between two employee users (not a whole department)? When I say 
important, I mean, these files may contain communication about a particular student, business data, etc. We have Google 
Apps so we try and communicate that these types of files should not be sent through email. Using usb drives is 
inefficient and insecure as these could be personal usb drives brought from home that now has business data. We do 
utilize network shares but there may be more individuals that would be able to view these files if placed there and we 
would like to avoid duplicating files between network shares.

I've seen a few online services that does this like RapidShare, Hotfile, Dropbox for Business, etc. but would it be 
better to have something hosted on campus that we can get more control over with what data stays on campus and not some 
place out there on the Internet?

To add, We've looked at 7zip and Winzip however, the issue with putting a password on a file is users not documenting 
passwords and having to refer back to this file after that person leaves.

Thanks!

--
Brandon Payne
Technical Support Specialist
Sauk Valley Community College



--
Stephen W. Bradley CISSP GCFA GCIH GWAPT SSCP
Senior Security Engineer
Miami University
IT Services
bradlesw () miamioh edu<mailto:bradlesw () miamioh edu>
513-529-1809