Dropbox Protocol

As cloud computing becomes easier to understand and use, many employees across campus, and in the Division of Academic & Student Affairs, are investigating the use of Dropbox and other cloud-based storage services such as Box.net and SkyDrive. Technology units across campus are being asked to support these services, including the DASA Tech team.

There are many concerns about the security of Dropbox and similar services. Those are outlined below. In particular, OIT, DASA Tech and other college/division tech units have discussed the potential for significant harm resulting from the use of these services for storing and sharing data that is protected by university policy, state law (such as personnel records) and/or federal law (such as FERPA or HIPAA protected student data).

OIT Security & Compliance is actively researching this issue; techies from across campus are engaged in those discussions. Pending any limitations on the use of Dropbox or other decisions that may result from that review, DASA Tech has implemented the protocol outlined below. In summary, we are significantly limiting the use of Dropbox and similar services. Alternative methods for file sharing are available and are supported by DASA Tech and OIT. Current users are “grandfathered in” and may continue to use Dropbox but only if sensitive files are removed and users agree to certain limitations.

What we intend to accomplish for now is the removal (and further prevention) of any sensitive data from Dropbox accounts, move current users to alternative methods when possible, and prevent new usage of Dropbox unless truly compelling reasons exist.

Please contact your local tech support if you have any questions, or would like assistance in using any of the alternative methods described below.

DASA Tech Protocol for Dropbox and Other File Sharing Services

  1. DASA Tech will not install Dropbox or similar software on any computer, laptop or mobile device from this point forward.
  2. Exceptions include only those situations where a staff member must share documents with individuals outside of NC State University for work purposes, such as work associated with a professional organization.
  3. DASA employees can use NCSU Drive and Google Drive as alternatives for storing and/or sharing files, as well as Remote Desktop for accessing files; DASA Tech and OIT already provide support for these alternative resources.
  4. Anyone currently using Dropbox may continue to do so but must comply with Dropbox protocols and security restrictions.
    1. Any protected data must be immediately removed.
    2. The user must agree not to store any confidential or protected data on their account in the future.
    3. Users are strongly encouraged to use dual authentication measures where those are available.
    4. Users are strongly encouraged to follow OIT’s recommended practices for Dropbox.
    5. Violation of that agreement will result in the removal of Dropbox.
  5. Anyone storing FERPA, HIPAA , personnel, budget or other confidential information must discontinue their use of Dropbox for this data. DASA Tech will assist in moving this data to Google Drive or other shared drive options.

Security Concerns

  1. The possibility for data leakage is magnified. It is easy to inadvertently publish information publicly through Dropbox. Some Dropbox data is stored outside of the US.
  2. Communication with Dropbox through mobile devices is not secure.
  3. Installing Dropbox creates an additional opportunity for hackers to access your computer during the installation process.
  4. It is very easy to copy configuration files from one PC to another, enabling unauthorized access to your Dropbox account.
  5. Access to Dropbox via third-party APIs does not protect users from unwanted access to your account.
  6. Dropbox has had a series of high-profile security breaches.
  7. Dropbox does not require strong passwords. If you re-use password across multiple accounts, your Dropbox files could be easily compromised.
  8. N.C. State has no contractual agreement with Dropbox and therefore cannot retrieve files or transfer ownership, nor guarantee the stability or reliability of services.

Further Reading

Changes to Zoom Defaults

Originally posted at Sysnews. See also: Protecting Zoom Meetings From Unwanted Disruptions and FBI guidance. To increase the security and privacy of Zoom meetings, webinars, and recordings, several adjustments to the default settings for the

How to Upgrade to Windows 10 1909

Click on the Start Menu in the lower left-hand corner of your screen: Type “Software Center” to find the Software Center: Within Software Center, click on Operating Systems. There you will see “DASA-OS-Windows 10 1909

Print Server Migration

A significant print server migration will occur in the early morning hours on Wednesday, December 4th. All users will need to reboot their computers and reconnect to their printers and WolfCopy machines. (Student computing labs

File Share Migration – Fall Break 2019

A significant file share migration will occur over Fall Break in October, and it will disrupt your access to the file share, and you may experience periodic disruptions on your desktop and laptop. We will