November 28, 2011

From: Robert Olin, Dean, College of Arts and Sciences

It has recently come to the College’s attention that some departments have set up their own servers to store student and department information. We understand that several of these servers were set up in the departments years ago when the Office of Information Technology (OIT) did not have the means to store or secure such information for the College. However, over the past year, OIT has made changes to its storage system that allows large quantities of information to be stored, secured, and backed-up, while still remaining accessible to the owners. Additionally, department share drives and a new email system have been created to allow faculty secure and efficient means to communicate and to store data both on an individual and shared basis.

Most of the servers currently being used by individual faculty and departments have not been properly protected behind firewalls and are not having their security software updated on a regular basis, which makes them susceptible to hacking. OIT has staff who are dedicated to monitoring the security and counteracting malicious attempts to access data stored behind the University firewall.

In order to ensure that our department, faculty, and student information are sufficiently protected, the College would like the departments to keep the following in mind:

  • No department or faculty member should purchase a server for group or individual use without prior notification to and approval from the College.
  • No server, new or existing, should be used for department email or share drive. All departments that have such servers should notify the College immediately. In these cases, the department, the College, and OIT will meet to discuss a plan for moving email and share drive to the University system.
  • Approved department/individual servers must have the proper firewalls and security measures in place to make sure they are protected from malicious software and hackers. Alternately, these departments are welcome to contact OIT and discuss options for these dedicated servers to be protected and stored behind the University firewall.
  • No department server, new or existing, should contain personal information for faculty and/or students. This includes CWIDs, social security numbers, addresses, phone numbers, etc. Any such information currently  on department or individual servers should be removed immediately.