Secure File Storage and Sharing

About

  • The data classifications listed below are recommended categories to help evaluate and differentiate University data based on associated risks.
  • Download summary PDF: One page PDF summary of our Data Classification Guidance
  • Please Note: Institutional records should be classified based on the data element(s) that would have the most restrictive classification. 

Guidelines

Data Classification LevelDescription of 
Classification Level
Secure Storage & File Exchange
green check mark
Insecure Methods
red slash
Confidential (High Security)

Data whose unauthorized disclosure and/or loss of control would reasonably result in significant financial losses, unacceptable risks, or impairment to the efficient conduct of the University mission.

Confidential Data often have these attributes:

  • Protection of this data is prescribed within legal and/or contractual requirements.
  • Not considered a public record subject to disclosure (G.S. 132).
  • Handling of this data addressed by detailed data security requirements.

Examples:

  • Personal Identifiers: Social Security Numbers, Drivers license, State identification card, or Passport numbers
  • Financial Data: Credit Card Numbers, Debit Card Numbers, Checking / Savings Account Numbers
  • Authentication Data: Biometric Information, Passwords, Digital Signatures
  • Health Information: Protected Health Info.

Compliance Areas:

Approved Storage

ASU Confidential Data should only be stored on authoritative data sources or approved storage solutions. At a shared services level this includes:

Secure Exchange

ASU Confidential Data should only use approved file sharing solutions:

Filelocker

Confidential data should NEVER be stored or shared via:

  • Email, Instant Messaging, Social Networks, P2P Solutions
  • ASU owned PCs or Laptops (Can be used to upload or access data but not long terms storage or direct file-sharing).
  • Removable Media (Thumb-drives, Ext. Hard-Drives)
  • Any Cloud Storage Solutions (Google Drive, SkyDrive, Amazon Drive, Dropbox, Box, etc)
  • Any Personal Computer Devices (including Smartphones).

Sensitive Data (Medium Security)

Data that is considered private and must be protected, but has lesser degree of impact associated with unauthorized disclosure and/or loss of control versus confidential data.

Sensitive Data often have these attributes:

  • Protection measures not prescribed by legal or contractual requirements.
  • Access rights established around identified processes and needs.
  • Handling of this data requires elevated data security requirements.

Approved Storage
ASU Sensitive Data should only be stored on approved systems such as:

Secure Exchange
ASU Senstive Data should only use approved file sharing solutions:

Sensitive data should NEVER be stored or shared via:

  • Email, Instant Messaging, Social Networks, P2P Solutions
  • Removable Media (thumb-drives, ext. hard-drives)
  • Any Personal Cloud Storage Accounts (Google Drive, SkyDrive, Amazon Drive, Dropbox, Box, etc)
  • Any Personal Computer Devices (including Smartphones).
 
Internal Data 
(Standard Security) 

Data that is proprietary or produced only for use by members of the University community who have a legitimate purpose to access such data.

Internal Data often have these attributes:

  • Access established for fulfillment of daily business requirements
  • Handling of this data requires general security requirements.

In general, ASU Internal Data should only be stored and shared via University owned, maintained, or purchased devices, solutions, and services.

In general, Internal data should not be stored or shared via:

  • Any Personal Computer Devices (including Smartphones).
 
Public Data 
(Minimum Security) 

Institutional information that has few restrictions or is intended for public use.

There are no security restrictions or guidance needed for Public Data.