Secure File Storage and Sharing

Data Elements Secure Storage & Exchange

The Data Elements Secure Storage & Exchange table lists individual data elements that must be treated as Confidential or Sensitive Data due to Appalachian’s legal, contractual and risk-based objectives. If you are dealing with one of these data elements and evaluating new processes or storage and sharing options, then you need to contact the ITS Office of Information Security for review and assistance.

Secure File Storage & Sharing Guidelines

About

  • The data classifications listed below are recommended categories to help evaluate and differentiate University data based on associated risks.
  • Note: Institutional records should be classified based on the data element(s) that would have the most restrictive classification. 
  • Data Management Standard: The object of this standard is to clearly define the roles, responsibilities and specific requirements needed to provide secure and optimal management of data to support the University's mission.


Data Classification LevelDescription of 
Classification Level
Secure Storage & File Exchange
green check mark
Insecure Methods
red slash
Confidential (High Security)

Data whose unauthorized disclosure and/or loss of control would reasonably result in significant financial losses, unacceptable risks or impairment to the efficient conduct of the University mission.

Confidential Data often have these attributes:

  • Protection of this data is prescribed within legal and/or contractual requirements.
  • Not considered a public record subject to disclosure (G.S. 132).
  • Handling of this data addressed by detailed data security requirements.

Examples:

  • Personal Identifiers: Social Security Numbers, Drivers license, State identification card or Passport numbers
  • Financial Data: Credit Card Numbers, Debit Card Numbers, Checking / Savings Account Numbers
  • Authentication Data: Biometric Information, Passwords, Digital Signatures
  • Health Information: Protected Health Info

Compliance Areas:

Approved Storage

App State Confidential Data should only be stored on authoritative data sources or approved storage solutions. At a shared services level this includes:

Secure Exchange

App State Confidential Data should only use approved file-sharing solutions:

FileShare

Confidential data should NEVER be stored or shared via:

  • Email, Instant Messaging, Social Networks, P2P Solutions
  • App State-owned PCs or Laptops (Can be used to upload or access data but not long terms storage or direct file-sharing).
  • Removable Media (Thumb-drives, Ext. Hard-Drives)
  • Any Cloud Storage Solutions (Google Drive, SkyDrive, Amazon Drive, Dropbox, Box, etc)
  • Any Personal Computer Devices (including Smartphones).

Sensitive Data (Medium Security)

Data that is considered private and must be protected, but has a lesser degree of impact associated with unauthorized disclosure and/or loss of control versus confidential data.

Sensitive Data often have these attributes:

  • Protection measures not prescribed by legal or contractual requirements.
  • Access rights established around identified processes and needs.
  • Handling of this data requires elevated data security requirements.

Approved Storage
ASU Sensitive Data should only be stored on approved systems such as:

  • University-owned/managed computers
  • App State Google Drives

Secure Exchange
App State sensitive Data should only use approved file-sharing solutions:

Sensitive data should NEVER be stored or shared via:

  • Email, Instant Messaging, Social Networks, P2P Solutions
  • Removable Media (thumb drives, ext. hard drives)
  • Any Personal Cloud Storage Accounts (Google Drive, SkyDrive, Amazon Drive, Dropbox, Box, etc)
  • Any Personal Computer Devices (including Smartphones).
 
Internal Data 
(Standard Security) 

Data that is proprietary or produced only for use by members of the University community who have a legitimate purpose to access such data.

Internal Data often have these attributes:

  • Access established for fulfillment of daily business requirements
  • Handling of this data requires general security requirements

In general, App State Internal Data should only be stored and shared via University-owned, maintained, or purchased devices, solutions, and services.

In general, Internal data should not be stored or shared via:

  • Any Personal Computer Devices (including Smartphones).
 
Public Data 
(Minimum Security) 

Institutional information that has few restrictions or is intended for public use.

There are no security restrictions or guidance needed for Public Data.