Data Security and Encryption

Security

Data Security is the protection of data from unauthorized access, use, change, disclosure and destruction.  UVa classifies data as either highly sensitive, moderately sensitive, or non-sensitive (public), and the requirements for data security are different for each one. The University Data Protection Standards provides guidance on the requirements for each type.

Make sure your data is safe in regards to:

  • Network security
    • Keep confidential data off the internet
    • Put highly sensitive materials on computers not connected to the internet
  • Physical Security
    • Restrict access to buildings and rooms where computers or media are kept
    • Only let trusted individuals troubleshoot computer problems
  • Computer Systems & Files
    • Keep virus protection up to date
    • Don’t sent confidential data via e-mail or FTP (use encryption, if you must)
    • Use strong passwords on files and computers

Encryption

Encryption offers protection by scrambling data, so only the owner of the key or password can read the data.  This protects the confidentiality of the data so that if an unauthorized person gained access to the storage device or service, they would be unable to see the data.  It also protects the integrity of the data so that it cannot be tampered with without the owner knowing it.

VPN: A VPN scrambles data as it is transmitted between your mobile device and a server. This allows you to access sensitive data securely stored on a remote server. UVa offers three types of VPNs for accessing UVa resources: the UVaAnywhere VPN, the UVaAnywhere-Lite WebVPN and the UVa More Secure Network (MSN).

  • UVaAnywhere VPN: Provides an off-Grounds connection to resources that normally require you to be on Grounds to use them such as Library resources, the UVA Home Directory Service, the Exchange Server, servers restricted by departments, etc. It provides an on-Grounds IP address for all applications on your computer, thereby protecting all network traffic, whether or not it is Web-based, between your machine and the UVa network.
  • UVaAnywhere-Lite WebVPN: Enables UVa students and employees to access restricted Web-based UVa resources, such as some library databases, online journals, and software downloads from off-Grounds using just a Web browser.  These resources would normally be accessible only if your computer is physically located on Grounds and connected to the University network.
  • UVa More Secure Network (MSN): The MSN uses a firewall, a network security device designed to help protect your computer from hackers and other malicious people on the Internet. Your computer can make outbound connections to access resources on the internet, but the firewall blocks inbound connections from remote computers.

Hard Drive: When you have no option other than to store sensitive data on your hard drive, and such storage has been approved, you must encrypt your hard drive or the relevant files on your hard drive. If you lose your computer or electronic media, the encryption will protect the data, and render it invisible to anyone but you, since you alone know the password.

Windows computers should use the Bitlocker utility which can encrypt both full drives and folders.  Mac computers should use the Disk Utility which can create encrypted folders, or FileVault which can encrypt full disks.

Additional information about protecting sensitive data and the options that are approved by UVa.

Information Security Office (ISPRO)

UVa policy IRM-015: Electronic Storage of Highly Sensitive Data.