Educause Security Discussion mailing list archives
Re: Impersonation/Shadowing and Data Security
From: Louis APONTE <LouisAponte () WEBER EDU>
Date: Mon, 13 Feb 2012 16:24:45 -0700
Impersonation and shadowing request are vocalizations of the ability to view what the user is viewing. I would recommend using a remote assistance program which fulfills the request, adds a provision for permission to be granted and mitigates access risk. Windows 7 has an excellent remote assistance feature, however our service desk currently uses a third party utility by NTR support. Basically, it is platform independent so more suited for our environment. I would remind you that the privileged user can be more damaging to the enterprise, by virtue of those privileges. We also use the student limited user accounts, but to do otherwise is too risky Louis Aponte Weber State University Enterprise Business Computing Desktop Security þ Please consider the environment before printing this e-mail!
On 2/13/2012 at 11:06 AM, in message
<6EE90EA87D4BAB47AAE40DAA1C4F03888F5F6C573B () V-EXCH01 gold ad bentley edu>, "Norman, David" <DNORMAN () BENTLEY EDU> wrote: All, We have a request to provide a student impersonation/shadowing capability for university staff in several offices as a means of “seeing what they see” when a student or applicant calls with a question about our student portal. This capability would allow staff to log in as the student and troubleshoot, with access to all personal student data on the system. I was curious if other schools have implemented anything like this in their student portals, and what additional data security/auditing measures might have been taken. Thanks David David Norman Director of Administrative Computing, Bentley University
Current thread:
- Impersonation/Shadowing and Data Security Norman, David (Feb 13)
- Re: Impersonation/Shadowing and Data Security Tim Doty (Feb 13)
- Re: Impersonation/Shadowing and Data Security Louis APONTE (Feb 13)