Data & Cloud Storage and Sharing

The only TWU approved Cloud Storage & Sharing services are Microsoft OneDrive, Microsoft SharePoint and OwnCloud. Cloud storage software provides web access to your online file storage, file sharing, and file synchronization.

  • The responsibility for storing TWU documents and files lies with the person who stores the data. Judgment is required about how and where TWU data will be stored.
  • TWU has a formal Information Security Policy and related Information Security Guidelines. This article provides some additional direction based on this set of policy and guidelines.
  • Different data is governed by different regulations, laws, agreements, and rules; each requires different means of protection and reporting.

 

What about other 3rd party cloud storage solutions (Dropbox, Google Drive, Box, WeChat etc...)?

In general, the use of unauthorized 3rd party cloud storage is not a good idea. TWU provides faculty and staff with the tools needed to collaborate internally and externally. The reasons below elaborate on the reasoning behind this position.

  • Lack of Visibility - Since these software are not integrated into our network, there is no way we can retrieve data stored in these systems if an employee or faculty member leaves the institution and fails to disclose the usage of that account, or has it attached to a personal email account. If TWU data are present in those accounts, then it can be easily lost or compromised, which can lead to institutional and legal consequences.
  • Lack of Accountability - There is no way to effectively manage information security if a faculty or staff member is using unauthorized cloud storage. Additionally, there is no way to know if those data have been compromised and no ability for our forensics team to conduct analyses on these data in the event of a security incident.
  • Lack of Support - We don't offer technical support to these services. So, if something goes wrong, is lost or compromised, IT will have no way to help users who have lost data or been locked out of accounts.
  • Collaboration - We each have our own preferences when it comes to the various technologies we like to work with. There is not always a best tool for everyone. However, collaboration becomes more difficult when each individual or department selects there own collaboration platforms, prioritizing individual needs above the whole.
  • Student Centred - We will put students first. These guidelines ensure we are protecting information and ultimately protecting our students. We have been entrusted with a great deal of personal and private information and must ensure the decisions we make are protecting that information. 

 

How to Share Data

With Microsoft OneDrive and SharePoint, you can securely share files internally and externally. However, it is important to understand the different Data Classification levels and acceptable ways to share your files (Data Protection Guidelines).

Guidance Table for Sharing Data

Link Type Confidential Sensitive Public
Specific People
Internal User
Acceptable Acceptable Acceptable
Specific People
External User
Acceptable
Use good judgment
Acceptable
Use good judgment
Acceptable
People in TWU
(Internal Link)
Never Acceptable
Not Advisable
Acceptable
Anyone with the link
(Open Link)
Never Never Acceptable
Use expiration date when possible

 

How to Create Links and Share Files from Personal OneDrive

When sharing a file or folder you are presented with the following options:

  • Specific people  (default link type) gives access only to the people you specify (internal or external users), although other people may already have access. If people forward the sharing invitation, only people who already have access to the item will be able to use the link.
  • People in TWU gives anyone in your organization who has the link access to the file, whether they receive it directly from you or forwarded from someone else.
  • People with existing access  can be used by people who already have access to the document or folder. It does not change the permissions on the item. Use this if you just want to send a link to somebody who already has access.
  • Anyone with the link  gives access to anyone who receives this link, whether they receive it directly from you or forwarded from someone else. This may include people outside of your organization. This is considered an “Open Link” and should only be used for appropriate information
     

 

Examples of Different Link Types:

Specified People - Internal

You can send a direct link to one or more users.

 

 

Specific People - External.

You can send a direct link to one or more external users. Use care and good judgment when sending sensitive data to external users. This looks the same as sending to an internal user, however, you are notified that the recipient is outside of your organization.

 

People at TWU

You can create and send an Internal Link and send it to an internal user. This link can be used by anyone with a TWU Office 365 account (and @twu.ca or @mytwu.ca email address), with a copy of the link.

 

Anyone with the Link

You can create and send an Open Link to internal or external users. This link can be used by anyone with a copy of the link and should only be used for non-sensitive data.

  • When sharing with an open link, consider setting an expiration date or using a password to protect the link.
  • Delete the link when it is no longer needed.

Example of open link with expiration date and password:

Details

Article ID: 128533
Created
Tue 2/23/21 9:31 AM
Modified
Tue 4/20/21 3:08 PM