Using WebSpace to Securely Store Sensitive Digital Data
In October 2006, the Information Security Office (ISO) assessed WebSpace as meeting the university’s required minimum security standards for Category-I data. For faculty, this means WebSpace is safe for storing sensitive digital data.
By being aware of vulnerabilities and taking appropriate, sound steps to protect against those risks, you can ensure the security of the systems involved and safeguard the confidentiality and integrity of sensitive digital data stored on WebSpace.
You can securely store sensitive digital data on WebSpace by following university rules that include correctly classifying your sensitive digital data. Knowing what information is governed by specific laws and regulations will help you protect against:
- Loss of confidentiality if unauthorized persons access the data.
- Loss of integrity if the data is modified and the modification is impossible to detect.
- Loss of availability if the data is partially or fully deleted, maliciously encrypted or otherwise made unavailable or inaccessible to authorized persons, entities, or devices.
Recommendations
The Acceptable Use Policy, or AUP, contains the official guidelines for the responsible use of information technology resources at the university. When you use your WebSpace account to store Category-I data, it is important to remember that you are ultimately responsible for classifying your data appropriately, and protecting the systems where your data is stored and how you transmit the data.
Both the file upload feature in WebSpace and the WebDAV connection protocol encrypt your data when transferring files from your computer to your WebSpace folders. Either transfer method protects your sensitive digital data.
If you use WebSpace for sharing files with your students, include guidelines on using WebSpace safely and securely as part of your instructions to them at the beginning of each semester.
Remember that the university has many people and tools to assist you in meeting security requirements so you can focus on your responsibilities. Take advantage of the help and support available to you from the ISO and the ITS Help Desk rather than risk compromising your Category-I data.
Best Practices
Apply these best practices when using WebSpace to securely store sensitive data:
- Transfer files using WebDAV – Connect your computer to your WebSpace folders by using WebDAV, a secure connection protocol available through WebSpace. Instructions for doing so are available for Windows and Macintosh. Using WebDAV protects the confidentiality of your data by encrypting it during transmission. WebDAV creates a folder that looks like other folders on your computer, so it is also easy to use.
- Be cautious when granting permissions for sharing files – Share files in WebSpace by granting permission to view, edit, delete, and/or administer files only to people you trust. Be cautious in how these permissions are assigned. Be sure you DO NOT grant Public access to your files if you store Category-I data on WebSpace.
- Use file logging to keep a history of who views your files – Turn on logging to keep a record of who views your important files. Logging allows you to view a history of who accesses your WebSpace files, and when they did so. Be sure to review your logs.
- Track changes made to any file with file versioning – Turn on versioning to keep a copy of each file that is changed. You can access an older copy of the file if files are accidentally overwritten.
- Use tickets to manage who accesses your files – Create a ticket to share your files with users who do not have UT EIDs. Tickets allow specific access only to people you trust, defining both the length of time and type of access for the ticket. If you are storing Category-I data on WebSpace, don't give public access to your files!
- Lock your files and folders to prevent others from changing your data – Lock WebSpace files and folders to prevent others from editing or saving changes to a file. A lock stays on a file until you release it.
Definitions
- Acceptable Use Policy (AUP) – The overriding policy governing individual use of information technology resources at The University of Texas at Austin. All students, faculty, staff, and other users must acknowledge the AUP annually.
- Category-I Data- University data protected specifically by federal or state law or University of Texas rules and regulations, or university data which must be protected due to university contractual agreements requiring confidentiality, integrity, or availability considerations.
- Digital Data – Data transmitted by or maintained in electronic format including storage data and transmission data.
- Encryption – Converts data into a cipher or code in order to prevent unauthorized access
- Sensitive Digital Data – Digital data that is defined by the university as Category-I data
