Educause Security Discussion mailing list archives
Re: File sharing settings with cloud collaboration tools
From: "Shamblin, Quinn" <qrs () BU EDU>
Date: Wed, 6 Nov 2013 13:01:54 +0000
Boston University is using Google Apps and is working on deploying Office 365. We have recently approved the version of Google Drive that is part of BU Google Apps for use in storing information and up through our "confidential" level of classification. This means data up to the level of FERPA Data, but not to the level of HIPPA, PCI or other heavier privacy legislations (which we designate "restricted use"). So people are permitted to store student grades but nothing more sensitive than that. However in providing permission for them to do so, we also made it clear that they are responsible for setting up security correctly, we do not allow such information to be posted to a folder unless the permissions on that folder are named access that require authentication. We have not yet extended such capability to Office 365 but will likely do so at the appropriate time. Quinn R Shamblin ---------------------------------------------------------------------------- ------- Executive Director of Information Security, Boston University CISM, CISSP, ITIL (Previously GCFA, PMP) Office: 617-358-6310 Mobile: 617-999-7523 Contact me securely: <https://securecontact.me/qrs () bu edu> https://securecontact.me/qrs () bu edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dan Han Sent: Tuesday, November 5, 2013 3:04 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] File sharing settings with cloud collaboration tools Good afternoon, If your institution is using Google Apps, Office 365, or any other cloud based collaboration tools, how are the sharing options configured for these tools? Particularly, does your institution allow documents and files to be shared with the public without authentication? (e.g. Making a file publicly available or allow access to anyone with a link) If so, and feel free to ignore this part of the question, have you seen any sensitive information posted publicly, and how are you handling these potential incidents? Thank you. Dan Han Virginia Commonwealth University -- Dan Han Virginia Commonwealth University Sent from my mobile device
Attachment:
smime.p7s
Description:
Current thread:
- File sharing settings with cloud collaboration tools Dan Han (Nov 05)
- Re: File sharing settings with cloud collaboration tools Shamblin, Quinn (Nov 06)