ITS Approved Storage Locations

Safely Storing Data

To protect the mission and business of the university, it is critical that university users only use approved storage locations for university data. The following locations have been reviewed for appropriate technical and contractual controls to handle data consistent with U of I policies and standards.

 

Data Classification

University policy (APM 30.11) classifies data based on the risk, as "Low," "Moderate," or "High" to assist the university to remain compliant and to focus security controls on the data that presents the most significant risk. Services or locations below have been approved for the data classifications indicated. Individual departments, projects, or research areas may have specific, additional restrictions beyond the ITS defaults.

 

Approved File Storage

Service Low Risk Moderate Risk High Risk
On-premise: files.uidaho.edu (S:) yes yes yes
Local Hard Drive (Windows or macOS - only when encrypted and managed by ITS1) yes yes yes
Microsoft 365: OneDrive 2 (replacement for U:)  yes yes  
Microsoft 365: Sharepoint / Teams Storage 2 yes yes  
Microsoft 365: Sharepoint / Storage-* sites (replacement for S:) yes yes  
Microsoft 365: Sharepoint / Storage-HighRIsk sites (future deployment) yes yes yes

1 While encrypted local hard drives are approved, it is strongly recommend that you always minimize any local storage, especially of any high risk data.

2 External sharing and collaboration enabled, but owners must still limit access to those with a legitimate educational interest or need to know.

Non-Approved Storage Locations

Google Drive, DropBox, Box, iCloud, Nextcloud and more are not approved University of Idaho data storage locations. This is not because these storage solutions are inherently unsafe, but because they have not been assessed for the technical and contractual controls required of almost any non-public university data. To ensure the university remains compliant with all applicable laws, contracts, grant requirements, and policy, U of I performs vendor security assessments and signs agreements with Microsoft and other vendors that protect our data. The technical and contractual controls makes sure we remain in control of that data and can respond to legal and public records requests when required.

If you have questions about storage options, data classifications or safety of your data, please submit a request through here to the IT Security Office.
 

Details

Article ID: 1670
Created
Thu 6/18/20 11:54 AM
Modified
Fri 6/19/20 2:07 PM