Storage and communication services - acceptable practices
Storage and communication services - acceptable practices
Purdue Data Handling Documentation and acceptable practices
Purdue's data handling documentation can be found at: https://www.purdue.edu/securepurdue/data-handling/index.php
The acceptable service use subsection contains an image that clarifies what services one can use to store what kinds of data: https://www.purdue.edu/securepurdue/data-handling/acceptable_service_use.php
The image on that page is repurposed below for ease of lookup and accessibility.
For example, Zoom cannot be used to display HIPAA data - however, Webex can. Similarly, Box.com cannot be used to store sensitive or restricted data unless one specifically requests a REED folder setup for such use.
If you have any questions, please ContactUs before you start - we can likely save you a lot of trouble if you need to reclassify your storage after the fact.
| Service | Product | Sensitive | Restricted | FERPA | HIPAA | GLBA | CUI |
|---|---|---|---|---|---|---|---|
| Filesharing | Box.com (Personal) | N | N | N | N | N | N |
| Filesharing | Box.com (REED Folder*) | Y | Y | Y | Y | Y | N |
| Filesharing | Filelocker | Y | Y | Y | Y | Y | !1 |
| Filesharing | Microsoft One Drive | N | N | N | N | N | N |
| Messaging | Microsoft O365 Email | N | N | N | N | N | N |
| Collaboration | Microsoft SharePoint | N | N | N | N | N | N |
| Collaboration | Microsoft Teams | !2 | N | N | N | N | N |
| Conferencing | Webex (Normal) | Y | Y | N | N | N | |
| Conferencing | Webex(Restricted) | Y | Y | Y | Y | N | N |
| Conferencing | Zoom (Paid) | ! 3 | N | ! 3 | N | N | N |
| Conferencing | Zoom (Free) | N | N | N | N | N | N |
| N | Services that show this designation for a data classification should NOT be used. |
| ! | Services that show this designation for a data classification may be used with caution. |
| Y | Services that show this designation for a data classification are fully approved to be used. |
| !1 | Filelocker is intended to be used as a file transfer service and not for long-term storage. |
| !2 | Microsoft Teams does not require multi-factor authentication and allows complex permissions to be set. Ensure access is limited to authorized users and never via a public link. |
| !3 | Zoom does not require multi-factor authentication and is not offered as a centrally supported service. Users have the ability to change systems settings and therefore must ensure the environment as configured is secure and compliant. When necessary, access should be granted to specific users rather than sharing account information. Storing recorded meetings in the cloud could expose protected data and should be avoided. |
* More information about the REED folder can be found here
Last modified: 2021/04/23 08:50:8.657995 GMT-4 by
steven.e.schmidt.1
Created: 2021/04/15 02:30:30.652783 GMT-4 by sundeep.rao.1.
Categories
- Knowledge Base > Software > Data Storage and File Sharing
- Knowledge Base > Security > Travel and Export Control
- Knowledge Base > Security > Export Control