Sharing files is foundational to collaboration, and the university’s many file storage systems are heavily used, including Google Drive, Box, Medicine Box, OneDrive, AFS, and departmental file servers. We learned from recent incidents that some files are shared more broadly than they should be, leading to potential breaches of sensitive information.
In consultation with the Board of Trustees, Provost Drell, the Faculty Committee on IT Privacy, and the CIO Council, University IT (UIT) has developed a plan to address this complex and widespread problem. The effort will span several years and involve campus-wide participation. The overarching program is sponsored by the CIO Council, a governance board comprised of our senior-most IT leaders at the schools and major units. The high level plan is to:
Given the vast scale of the university’s file storage systems, automation is key to achieving the necessary scalability and sustainability. To that end, UIT recently evaluated and deployed a new file scanning tool that automatically discovers, monitors, and protects sensitive data.
“The tool will generate greater awareness of exposed file shares which we can then not only remediate, but also use to inform future training and automated security controls,” said Mike Takahashi, the program manager for UIT’s File Storage Security program.
Sensitive information exposed by misconfigured file permissions is a preventable problem. Below are a few ways you can help keep sensitive data private:
DISCLAIMER: UIT News is accurate on the publication date. We do not update information in past news items. We do make every effort to keep our service information pages up-to-date. Please search our service pages at uit.stanford.edu/search.