EKU Filesharing and Storage
Basics
EKU-provided cloud services are appropriate for most communication and collaboration; however, the sensitivity and nature of the information must be carefully considered before you choose to store information on a cloud service like Office 365 or Google Drive. Other cloud storage, such as Dropbox, is not an option for university data and should only be used for personal storage. If you use a "consumer" service like Dropbox for university files, you should stop using it and move data to an EKU-sanctioned storage area now.
If you need to share this data internally, you can contact IT for your options.
If you need to share externally, caution should be exercised when doing so. Make sure you understand the sharing mechanisms available before sharing files or folders with anyone--and setup reminders to periodically review any sharing permissions you have set up.
Sensitive Information
Whenever technically feasible, sensitive information should be stored on network file space in restricted directories--not on an office computer or a removable storage device. If a computer must be used to store sensitive information, it must be in a secure location, and each individual authorized to use the computer should have a unique username with a strong password. Sensitive information should not be stored on a laptop or mobile device unless absolutely necessary (and that device is both password-protected and encrypted). Avoid storing any sensitive information in a cloud-based location unless specifically directed to do so. (This includes OneDrive and Google Drive)
Sensitive information is information which, if released improperly, could lead to serious consequences for our students and employees and could open the university up to legal repercussions. Below are some examples of sensitive information:
• Personally Identifiable Information (PII) such as social security numbers, dates of birth, student records, employee records, and financial aid data
• Proprietary information such as University financial data and donor information
• Regulated information, the disclosure of which is subject to regulatory compliance, including FERPA, GLBA, HIPAA, etc.
Where to Share Files
EKU provides a variety of University-managed file sharing and collaboration options Members of the University community should consider the Service Guidelines below to determine appropriate file sharing strategies to serve departmental needs based on data sensitivity.
CAUTION: When sharing and storing files, ensure access is limited to only individuals for whom the information is intended.
USAGE GUIDELINES
Please be aware of all University policies and local, state, and federal laws that must be followed when sharing files electronically.
SERVICE GUIDELINES
Please use the following guidelines to determine which service(s) best fits your institutional/business needs among employees and students and those outside the university.
• EKU file servers can be used for storing and sharing files of any sensitivity level
• Secure Data Storage Service is for storing and sharing restricted and/or sensitive data - contact the IT Service Desk if you need this level of security
• SharePoint is an option for storing or sharing administrative and other highly sensitive files but not those legally or contractually restricted
• EKU’s Office 365 OneDrive and Google Drive are available for sharing teaching and learning files and other files among employees and students
Data Types and Examples | EKU File Servers | Secure Data Storage | SharePoint | Office 365 OneDrive or Google Drive |
Public Data (e.g., calendars, course descriptions, maps, directory, approved census facts, audited finances) | Yes | Yes* | Yes | Yes |
Internal: Non-Sensitive (e.g., internal department/college documents, meeting agendas, project documents, teambuilding events) | Yes | Yes* | Yes | Yes |
Internal: Sensitive (e.g., salary plans, employment data, budgets, donor information, IRB data) | Yes | Yes* | Yes | No |
Legally/Contractually Restricted (e.g., PHI, SSN, PII, student records, medical records) | No | Yes | No | No |
*While this area is secure for all data, we only recommend it for the last category of data in this table. This is because none of the other options are viable options.