ITS recommends that high-risk data as listed in 500.03 – Data Classification should be stored in one of our secure solutions:
Microsoft Office 365 (OneDrive and/or SharePoint)
Department file shares
Data Core
Storing information in these systems helps reduce the likelihood of data loss or a data breach.
Storing WCM data securely
Per the ITS 500.06 – Device Encryption policy, all devices tagged by ITS and used for WCM purposes must be encrypted. External storage devices, such as USB flash drives and external hard drives, used for storing high-risk data must also be encrypted. These devices can easily be lost or stolen.
Examples of removable storage devices include, but are not limited to:
Flash drives
External hard drives
Memory cards
Optical discs
Strong hardware- or software-based encryption algorithms such as the Advanced Encryption Standard (AES) with at least 256-bit keys should be used. Examples of compliant encryption software for removable storage devices include Apple FileVault 2, Microsoft BitLocker, LUKS (for Linux systems), and VeraCrypt (open source). When encrypted removable storage devices are used to share high-risk data, the encryption password must be shared separately and in a secure manner, such as encrypted email.
Purchasing a flash drive or hard drive
If you would like to purchase a flash drive or external hard drive through WCM, please reach out to the ITS Procurement team at its-procurement@med.cornell.edu to find a device that meets our security standards. If you lose a flash drive or hard drive, report it immediately to the Service Desk and indicate when and where the device was lost or stolen.
