Educause Security Discussion mailing list archives
Re: Storing SSN on file server
From: "Davis, Kevin" <kedavis () DAVIDSON EDU>
Date: Mon, 19 Mar 2018 19:23:45 +0000
Minh, We have been struggling with a similar question around some of our sensitive data and a very similar use case. While we are able to corral such servers to on campus posture, we would prefer a more hardened environment with improved encryption, authentication and logging. The options we have been considering are: 1) Using FIPS 140-2 compliant ZIP tools and requiring any such files be zipped with a unique password maintained by the department — our short term solution. 2) Moving to an enterprise file share/sync solution (Dropbox, Box, OneDrive, etc.) We are actively interested in doing this with our current vendor, since we would gain 2FA for access and we believe their security is likely to be far superior to our own. (While we do 2FA at the edge for VPN, given risk of malware, RAT, etc., I prefer to have 2FA on the EFSS application platform in this context.) Our big hangup today, and one we’re working with our vendor on, is that their platform is sharing-oriented and we’ve struggled to have “secure folders” that can’t be synced to local computers. 3) Set up a standalone, restricted encrypted file server with limited access — but we don’t love this idea. Kevin -- Kevin Davis Deputy CIO & Director, Core Services Davidson College Technology & Innovation (T&I) From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Minh Nguyen <mtnguyen () UCDAVIS EDU<mailto:mtnguyen () UCDAVIS EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Monday, March 19, 2018 at 12:18 PM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] Storing SSN on file server Hello All, I have several users who need to store social security numbers in spreadsheets and PDF’s as part of their work. They cannot get rid of the SSN because the federal government requires the SSN for reporting purposes. This group has access to my file server where they have been storing the Excel and PDF files. I am not comfortable with this. Does anyone have any suggestions on how I can securely save these files? I could ask them to encrypt every single Excel and PDF file, but I don’t know if they will do this. The files does have to be stored on our file server for backup purposes since we do not backup local desktop. In addition, the files are shared among a few users, so it can’t be store locally. Any other suggestions? Thanks Minh =========================================== Minh T. Nguyen, CISSP Graduate Studies – Director of Information Technology University of California, Davis Google Voice: (530) 454-7647 E-Mail: mtnguyen () ucdavis edu<mailto:mtnguyen () ucdavis edu> LinkedIn: www.linkedin.com/in/DiverMinh<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fin%2FDiverMinh&data=02%7C01%7Ckedavis%40DAVIDSON.EDU%7Cc3f58fb6a3b74151755b08d58db6846c%7C35d8763cd2b14213b629f5df0af9e3c3%7C1%7C0%7C636570737432308241&sdata=W1QyLhi%2FwCRmZx89obf9a9wcGAEJWjxEztJGhyKrWmQ%3D&reserved=0> ===========================================
Current thread:
- Storing SSN on file server Minh Nguyen (Mar 19)
- Re: Storing SSN on file server Barton, Robert W. (Mar 19)
- Re: Storing SSN on file server Gioia, Matthew P. (Mar 19)
- Re: Storing SSN on file server Haselhoff, Brent (Mar 19)
- Re: Storing SSN on file server Macatiag, Darwin (Mar 19)
- Re: Storing SSN on file server Kevin Wilcox (Mar 19)
- Re: Storing SSN on file server randy (Mar 19)
- Re: Storing SSN on file server Macatiag, Darwin (Mar 19)
- Re: Storing SSN on file server Barton, Robert W. (Mar 19)
- <Possible follow-ups>
- Re: Storing SSN on file server Davis, Kevin (Mar 19)