海角社区

Printable Version in PDF Format ((, 95KB) )

Table of Contents

• History
• Purpose
• Background
• Business Practice
  • Accountability
  • Applicability
  • Definition(s)
  • Text
• Exhibit(s)
  • Assessment History

History [top]

• Business Practice Number: BP.03.011
• Version: 2
• Drafted By: Carlos Miranda
• Approved By: James August
• Approval Date: 03/17/2017
• Latest Revision Date: 10/24/2024

Purpose [top]

Describe the usage of 海角社区CI-provided public cloud storage and enterprise file synchronization and sharing utilities (i.e. OneDrive, Dropbox, Google Drive, etc.) for university business.

Background [top]

In support of collaborative data sharing practices ITS supports the use of public cloud storage and enterprise file synchronization and sharing (EFSS) practices at Cal State University Channel Islands (CI), provided that the university manages the risk of any loss or misuse of the data being shared.

Business Practice [top]

Accountability [top]

Associate Vice President for Information Technology Services

Applicability [top]

Definition(s) [top]

1. Public Cloud Storage - a model of data storage where the digital data is stored in logical pools,
   the physical storage spans multiple servers (and often locations), and the physical environment
   is typically owned and managed by a hosting company. 
2. Enterprise File Synchronization and Sharing (EFSS) 鈥� EFSS refers to a range of on-premises or
   cloud-based capabilities that enable individuals to synchronize, store, and share documents,
   photos, videos, and files across multiple devices, such as smartphones, tablets, and PCs. File
   sharing can be within the organization, as well as externally (e.g., with partners and customers)
   or on a mobile device as data sharing among apps. Security and collaboration support are
   critical capabilities of EFSS to address enterprise priorities.
3. OneDrive - EFSS application offered by Microsoft (Official university cloud storage solution).
4. Dropbox for Business - EFSS utility offered by Dropbox.com.
5. CI Docs/Google Drive - EFSS utility offered by Google.
6. Box - EFSS utility offered by Box.net.
7. Network File Share 鈥� Enterprise network local storage for files administered by CI (H:\ Drive)
8. Personal Cloud Storage 鈥� File storage via a cloud service (such as Dropbox, Box, Microsoft,
   Google or Apple) using an account provided as a personal/individual account and not a
   university-issued account.
9. University Cloud Storage 鈥� File storage used in the context to conduct or transact academic or
   administrative business on behalf of CI or for purposes of academic knowledge, administration,
   University projects, or other academic activity to support the education of CI鈥檚 students,
   support the professional and academic growth of CI鈥檚 faculty, and the general advancement of
   CI as an institution. Data for university use must not be stored in Personal Cloud Storage.
   Please refer to the storage matrix for further instructions on storage /its/security/data-storage-matrix.htm
10. Storage Quota 鈥� The maximum amount of file storage space university users can have.

Text [top]

General information on Microsoft OneDrive and Dropbox

OneDrive and Dropbox are used for Business products at our campus. Proper usage and disposal of CI
data are required to comply with federal and state law and 海角社区 policy. As such, using public cloud
storage and sharing solutions for CI data requires data classification practices to be enforced before
these technologies may be used.

Dropbox@CI shall be used only as a tool of convenience for sharing and storing files that do not
contain high-risk / level 1 data (see chart below). All high-risk/level 1 data shall be maintained on CI鈥檚
secure campus network file share (currently your campus assigned H:\ drive).

Storage quota for cloud storage will vary by solution due to differing cost structures with each provider.

    OneDrive cloud storage:
鈥� Students/Alumni 25GB
鈥� Staff 100GB
鈥� Faculty/Emeritus: 1TB

Google Drive:
鈥� Students/Alumni 5GB
鈥� Staff 0GB
鈥� Faculty/Emeritus: 500GB

The grid below describes allowable levels of usage for CI鈥檚 designated cloud storage and sharing
provider(s) listed in this document. Additional information regarding CI鈥檚 data classification standard
found at /its/security/data-storage-matrix.htm
Personal cloud storage should be used for storing and sharing personal data and not university-related
data.
Google Drive is approved for collaborative purposes only and should not be used for storing and/or
sharing university data, particularly high-risk/Level 1 data.
Business Practice for Public Cloud Storage, Enterprise File Sync, Share and Storage

1. Information at this level requires no specific protective measures but may be subject to appropriate review or disclosure procedures at the discretion of the campus in order to mitigate potential risks.
2. Disclosure of this information does Not expose the 海角社区 to financial loss or jeopardize the security of the 海角社区鈥檚 information assets.

Information may be classified as 鈥渋nternal use鈥� based on criteria including but not limited to:

1.  Sensitivity - Information which must be protected due to proprietary, ethical, contractual or privacy considerations.
2. Moderate risk - Information which may not be specifically protected by statute, regulations, or other legal obligations or mandates but for which unauthorized use, access, disclosure, acquisition, modification, loss, or deletion of could cause financial loss, damage to the 海角社区鈥檚 reputation, violate an individual鈥檚 privacy rights, or make legal action necessary.

Information may be classified as 鈥渃onfidential鈥� based on criteria including but not limited to:

1. Disclosure exemptions - Information maintained by the University that is exempt from disclosure under the provisions of the California Public Records Act or other applicable state or federal laws.
2. Severe risk - Information whose unauthorized use, access, disclosure, acquisition, modification, loss, or deletion could result in severe damage to the 海角社区, its students, employees, or customers. Financial loss, damage to the 海角社区鈥檚 reputation, and legal action could occur. Limited use - Information intended solely for use within the 海角社区 and limited to those with a 鈥渂usiness need-to know.鈥� Legal Obligations -  Information for which disclosure to persons outside of the University is governed by specific standards and controls designed to protect the information.
3. Limited use - Information intended solely for use within the 海角社区 and limited to those with a 鈥渂usiness need-to know.鈥�
4. Legal Obligations - Information for which disclosure to persons outside of the University is governed by specific standards and controls designed to protect the information.

Additional information regarding access, storage and transmission of Level 1 Confidential information
restrictions are described in .

Level 1 鈥� Confidential Data Storage Alternatives
Confidential data shall be stored using the campus secure network file share. This solution allows for a
more secure and controlled environment to protect the data entrusted to CI.

Level 2 鈥� Internal Use Data Storage and Sharing
Special care should always be taken when sharing Level 2 internal use data. In cases where Level 2 data
needs to be shared, utilization of the campus secure network file share may be the correct course of
action to take for storing this data before sharing in an alternative, more secured manner. If you have
any questions regarding storage of Level 2 internal use data, please contact the Information Security
Officer at infosec@csuci.edu before storing your data.

Level 3 鈥� General Information
Level 3 data may always utilize the designated EFSS solutions used at CI.

Any questions regarding this business practice should be directed to the Information Security Officer at infosec@csuci.edu.

NOTE:  Email is not a suitable medium for storing, sharing, or transporting Level 1 Confidential or Level 2 Internal Use data.

Exhibit(s) [top]

Assessment History [top]