Secure Storage and Sharing

The data classifications listed below are recommended categories to help evaluate and differentiate University data based on associated risks.  

A one page PDF summary of our Data Classification Guidance is available.

Please Note:  Institutional records should be classified based on the data element(s) that would have the most restrictive classification.

Data Classification Level

Secure Storage & File Exchange

Data whose unauthorized disclosure and/or loss of control would reasonably result in significant financial losses, unacceptable risks, or impairment to the efficient conduct of the University mission.

Confidential Data often have these attributes:

  • Protection of this data is prescribed within legal and/or contractual requirements.

  • Not considered a public record subject to disclosure (G.S. 132).

  • Handling of this data addressed by detailed data security requirements.

Examples:

  • Personal Identifiers: Social Security Numbers, Drivers license, State identification card, or Passport numbers

  • Financial Data: Credit Card Numbers, Debit Card Numbers, Checking / Savings Account Numbers

  • Authentication Data: Biometric Information, Passwords, Digital Signatures

  • Health Information: Protected Health Info.

Compliance Areas:

NC Identity Theft Protection Act (GS 75-65)

GLBA (CFI)

HIPAA (PHI)

PCI-DSS (CHD)

Approved Storage

ASU Confidential Data should only be stored on authoritative data sources or approved storage solutions. At a shared services level this includes:

Banner

Fortis

uStor

Secure Exchange

ASU Confidential Data should only use approved file sharing solutions:

Filelocker

 

       

INSECURE METHODS!

Confidential data should NEVER be stored or shared via:

- Email, Instant Messaging, Social Networks, P2P Solutions

- ASU owned PCs or Laptops (Can be used to upload or access data but not long terms storage or direct file-sharing).

- Removable Media (Thumb-drives, Ext. Hard-Drives)

- Any Cloud Storage Solutions (Google Drive, SkyDrive, Amazon Drive, Dropbox, Box, etc)

- Any Personal Computer Devices (including Smartphones).


Data that is considered private and must be protected, but has lesser degree of impact associated with unauthorized disclosure and/or loss of control versus confidential data.

Sensitive Data often have these attributes:

  • Protection measures not prescribed by legal or contractual requirements.

  • Access rights established around identified processes and needs.

  • Handling of this data requires elevated data security requirements.

Approved Storage

ASU Sensitive Data should only be stored on approved systems such as:

Banner

Fortis

uStor

University owned/managed computers

ASU Google Drives

Secure Exchange

ASU Senstive Data should only use approved file sharing solutions:

Filelocker

 

       

INSECURE METHODS!

Senstive data should NEVER be stored or shared via:

- Email, Instant Messaging, Social Networks, P2P Solutions

- Removable Media (thumb-drives, ext. hard-drives)

- Any Personal Cloud Storage Accounts (Google Drive, SkyDrive, Amazon Drive, Dropbox, Box, etc)

- Any Personal Computer Devices (including Smartphones).

 

Data that is proprietary or produced only for use by members of the University community who have a legitimate purpose to access such data.

Internal Data often have these attributes:

  • Access established for fulfillment of daily business requirements

  • Handling of this data requires general security requirements.

 

In general, ASU Internal Data should only be stored and shared via University owned, maintained, or purchased devices, solutions, and services.

       

INSECURE METHODS!

In general, Internal data should not be stored or shared via:

- Any Personal Computer Devices (including Smartphones).

  

 Institutional information that has few restrictions or is intended for public use.

There are no security restrictions or guidance needed for Public Data. 

Looking For IT Services?

Logo for Technology Application Service Catalog


Advanced