IT Colleagues,<\/p>\n
Protecting the huge variety of information the University collects and manages is everyone’s responsibility. \u00a0For those of us with IT roles, people whose IT needs we support look to us to provide safe and secure ways to manage information. \u00a0The need is particularly critical when it comes to protecting personal and private information on students, employees, research subjects, and other affiliates. \u00a0No one wants to be responsible, even by accident, for exposing personal information that could cause harm to individuals, impact UVM’s reputation, and incur significant costs.<\/p>\n
As IT people, it’s our responsibility to help others work securely, including implementing critical laptop and “desktop” protections such as encryption and domain joining. \u00a0Some protections are mandated by policy, and others are best practices. \u00a0ETS can help.<\/p>\n
How We Need to Help<\/b><\/p>\n
One of the most important ways we can help our clientele work securely is to help them secure their computers and other devices. \u00a0The\u00a0Information Security Procedures<\/span><\/a>\u00a0mandate several precautions that IT personnel generally need to set up for their clients:<\/p>\n In addition, best practices include:<\/p>\n Encryption Works Now<\/b><\/p>\n Any University-owned laptop computer used to access UVM non-public data or file services\u00a0must have its storage\u00a0system encrypted using a University-approved encryption system, with\u00a0UVM retaining the encryption key. \u00a0That’s a very good idea for “desktop” computers, too, since they also are subject to theft. \u00a0When devices are stolen, encryption gives UVM a safe harbor under privacy protection laws such as Vermont Act 162; without encryption, legally mandated investigation and notification steps are time-consuming and can be expensive.<\/p>\n PGP Whole Disk Encryption was far from easy and problem-free, and consequently, the number of laptops protected by encryption has been low. \u00a0But with BitLocker for Windows and Casper\/FileValult for OS X, we really must finish the job and get all laptops encrypted. \u00a0Encryption is mandatory<\/i>\u00a0for all laptops and portable devices — and it’s a feasible, reasonable precaution for desktops, as well. \u00a0The best way to ensure compliance is to use centrally provided deployment services for each platform\u00a0and ensure encryption is enabled at deployment. \u00a0All new laptops configured by the ETS Client Services Computer Depot will have BitLocker or Casper\/FileVault encryption, and ETS is discussing configuring new desktops for encryption. \u00a0For computers that are already in service, ETS can help, and\u00a0instructions<\/span><\/a>\u00a0are available.<\/p>\n Encryption works now; let’s take advantage and use it.<\/p>\n One-Step Security: Join the Domain\u00a0<\/b><\/p>\n Managing UVM-owned computers through Active Directory (Windows) and Casper (OS X) is the best way to take care of key usability, support, policy compliance, and security needs — while preserving user flexibility and local control. \u00a0It works well. \u00a0It encourages consistency. \u00a0It enhances security. \u00a0It ensures legal safe harbor for stolen devices by proving encryption status. \u00a0It keeps an inventory. \u00a0And it’s free. \u00a0Contact saa-ad@uvm.edu<\/span><\/a> for more information.<\/p>\n Providing and enforcing a secure computing environment involves a mix of best practices and actions that are mandated by policy or by law. \u00a0 I recognize that the urgency of putting out today’s fires can push security to the back burner, but in the long term, letting security slip will have a greater and more painful cost. \u00a0I hope that each of us will do everything we can to give it priority.<\/p>\n Are there ways that ETS or the Information Security Operations Team could help you provide and promote good security? \u00a0Please let us know.<\/p>\n Best regards,<\/p>\n Dean Williams<\/p>\n Information Security Officer<\/p>\n Enterprise Technology Services<\/p>\n Dean.Williams@uvm.edu<\/a><\/span>\u00a0| 802-656-1174\u00a0\u00a0<\/span><\/p>\n Find information security news, best practices,\u00a0and how to report\u00a0concerns on the UVM Computing Web site:<\/p>\n\n
\n