Educause Security Discussion mailing list archives
Encryption of university data
From: Stephen C Gay <sgay () KENNESAW EDU>
Date: Wed, 19 Jul 2006 16:25:00 -0400
I am a security engineer at a medium sized university and we have begun discussing the possibility of encrypting data at the workstation & network share level. It is our goal to offer a technical solution for the secure movement & storage of sensitive data to campus users. I recognize that encryption is a proverbial "double edged sword" and that unlawful data may be stored on University resources. One possible way to get around this would be a key escrow which, with proper authorization, would allow specified administrators to reset the encryption hash & decrypt the data. This would resolve any legal investigation issues. Encryption policy and procedures seem to be scarce, but Cornell has adopted a draft in which authorized university officials can demand (or reset?) the encryption key. On the other hand another university actually lets you download PGPdisk from their Information Security site, but I can find no reference of policy or procedures outlining its use. Other examples which I found seem to reenforce this very diverse approach to a singular technology. I'm interested in learning what the group thinks about the use of encryption in an educational environment and how it may (or may not) have been implemented in your respective organizations. Warm regards, -stephen ----------------------------------------------------------- Stephen C. Gay CNE, MCSE, Security+ Information Security Engineer Kennesaw State University sgay () kennesaw edu -----------------------------------------------------------
Current thread:
- Encryption of university data Stephen C Gay (Jul 19)
- <Possible follow-ups>
- Re: Encryption of university data Steve Werby (Jul 21)
- Re: Encryption of university data Harold Winshel (Jul 21)
- Re: Encryption of university data Chris Green (Jul 21)