Body
Overview
To protect the mission and business of the university, it is critical that university users only use approved storage locations for university data. The following locations have been reviewed for appropriate technical and contractual controls to handle data consistent with U of I policies and standards.
University policy (APM 30.11) classifies data based on the risk, as "Low," "Moderate," or "High" to assist the university to remain compliant and to focus security controls on the data that presents the most significant risk. Services or locations below have been approved for the data classifications indicated. Individual departments, projects, or research areas may have specific, additional restrictions beyond the OIT defaults.
Service |
Low Risk |
Moderate Risk |
High Risk |
Files.uidaho.edu (S:) |
|
|
|
Local Hard Drive (Windows or macOS - only when encrypted and managed by OIT) |
|
|
|
Microsoft 365: OneDrive 2 (replacement for U:) |
|
|
|
Microsoft 365: Sharepoint / Teams Storage 2 |
|
|
|
Microsoft 365: Sharepoint / Storage-* sites (replacement for S:) |
|
|
|
Adobe Creative Cloud (when managed by OIT and used only on an OIT-managed device, otherwise Low only) |
|
|
|
Storage provided by Research Computing and Data Services (RCDS), including Falcon, unless otherwise labeled |
|
|
|
Secure Data Enclaves provided by OIT and RCDS, with an approved System Security Plan (SSP) |
|
|
|
Google Workspace3 (only for specific constituents, and when accounts are managed by OIT) |
|
|
|
The approved storage locations above are not the complete list of approved applications. Specific applications, like Zoom, are approved for storing their own data types or sets with specific notices or precautions, or at particular data classifications.
1 While encrypted local hard drives are approved, it is strongly recommend that you always minimize any local storage, especially of any high risk data.
2 External sharing and collaboration enabled, but owners must still limit access to those with a legitimate educational interest or need to know.
3 Google Workspace is now under contract with U of I, but is only approved for low risk data when used with a U of I (@uidaho.edu) account in context of a specific grant, project, or required application with an approved data management plan, security plan, and prior authorization from OIT. Gmail is not approved for communications (email) and OIT will not be supporting Google Workspace tools, only authentication and access to specific constituents or applications that require use of Google.
Google Drive (except as noted above), DropBox, Box, iCloud, Nextcloud and more are not approved University of Idaho data storage locations. This is not necessarily because these storage solutions are inherently unsafe, but because they have not been assessed for the technical and contractual controls required of almost any non-public university data. To ensure the university remains compliant with all applicable laws, contracts, grant requirements, and policy, U of I performs vendor security assessments and signs agreements with Microsoft and other vendors that protect our data. The technical and contractual controls makes sure we remain in control of that data and can respond to legal and public records requests when required.
If you have questions about storage options, data classifications or safety of your data, please submit a request through here to the OIT Security Office.