Network Storage | Storage Security

Practice Responsible Data Management
Using ECU’s Approved Online Storage

  1. Piratedrive is approved for sensitive data storage
  2. OneDrive for Business (ECU) is approved to store non-sensitive ECU information*
  3. ECU information should never be stored with any outside storage service (for example, Dropbox or Google Docs) without proper authorization. See the cloud computing page for more information.

ECU’s Piratedrive provides compliance with state, federal and university regulations and policies and is the ECU solution for storage of sensitive information using daily backups, encryption and password protection.

Microsoft OneDrive for Business is a feature of ECU’s Office 365 subscription for enrolled students, full-time faculty and staff and alumni and is approved storage for NON-SENSITIVE: academic and non-critical work files or student project collaboration. OneDrive for Business is also approved for FERPA storage.

Not sure where your information should be stored?

The IT governance page on cloud storage of ECU data is a good place to start. Next, visit the sensitive data guidelines page and information storage grid for many common data types and approved storage.

Other Cloud Storage Solutions

Other external storage of university data using services like DropBox, Google Apps and iCloud must be reviewed by ITCS and approved by the data owner.

However, these services may not meet these university standards:

  • user privacy
  • security
  • intellectual property protection
  • records retention

With no contract or agreement between these outside service providers and ECU, information is now in someone else’s hands. Contact the IT Help Desk to request a consult before contracting with an outside cloud storage service.
Consider These Vulnerabilities:

  • Click-to-agree terms and conditions enter you into a contractual agreement with that service provider. Per ECU regulation, Delegation of Authority to Sign Contracts , only those individuals with delegated authority can enter into a contractual agreement on behalf of the university.
  • Once you agree to the terms and conditions of the agreement, you may no longer “own” your information.
  • There could be security risks that compromise the confidentially, integrity and availability of your information or make it publicly available while placing the university at risk.
  • Sensitive or confidential information (patient, student, credit card, Personally Identifiable Confidential Information) must NEVER be stored external to ECU without appropriate university approval and information security assessment. See the sensitive information storage page for approved storage options.
  • The university has no control over what occurs with outside service providers; therefore the university cannot protect the privacy and security of your information.
  • ECU information could be exported and housed outside the U.S. under foreign jurisdiction.
  • You may not be informed if a subpoena or search warrant is served on the service provider to obtain additional information about you.
  • There may be no legal recourse against the service provider in the event of security breach, loss of information or other problems.
  • Companies change hands, go out of business and change privacy policies which may not be in your best interest.