UC Denver Remote Computing Audit

advertisement
Impact of the Recent UC Denver
Remote Computing Audit
May, 2010
Summary of Changes to Campus IT
Services (2-Year Phase-In)
•
•
•
•
•
Consolidate and simplify IT policies as part of current campus initiatives
Develop new policy language that explicitly covers the definition of remote computing
and how devices are secured
Require that all devices connecting to campus (via a non-campus remote network) have
passwords, security patches and are encrypted.
Four methods available to securely access campus computing/data:
• Web-based remote desktop (mydesktop.ucdenver.edu) will replace majority of
virtual private network (VPN) services
• Security monitoring software (fee-based) for users who have a business need to
continue using VPN technology
• Webmail
• Smartphones that are Blackberry or ActiveSync compliant
Faculty, staff and students should select a smart phone that can be encrypted at their
next contract renewal. A list of example devices will be published on the IT Services
website soon.
Before/After Implementation
If you currently access campus
information remotely via…
The impact after implementation is…
Webmail (webmail.ucdenver.edu) using a desktop, smartphone,
or any other type of computer
No change.
Blackberry smartphone (requires license fee and setup by ITS)
No change. This is the recommended solution for safe, secure email
usage via smartphone at UC Denver.
iPhone 3Gs or 4 smartphone configured to use campus email
system (Microsoft Exchange)
Beginning January, 2011 these phones will have settings automatically
downloaded requiring a password, encryption and “auto lock” of the
screen after a time delay.
iPhone 3G or older smartphone configured to use campus email
system (Microsoft Exchange)
Discontinuing support in May, 2012. Individuals must upgrade to a
newer model iPhone (3Gs or 4).
Droid or other Android-based smartphone configured to use
campus email system (Microsoft Exchange)
Beginning January, 2011 these phones will have settings automatically
downloaded requiring a password and “auto lock” of the screen after a
time delay. We will have to discontinue support after May, 2012 if
manufacturer does not offer the ability to encrypt the phone.
Virtual Private Network (VPN)
Beginning June, 2011 must install security monitoring software and
encrypt the computer (requires license fees and setup by ITS) OR use
web-based remote desktop solution (mydesktop.ucdenver.edu) OR
webmail.
Secure shell (SSH), telnet, file transfer
protocol
Individuals and/or units will need to work with ITS on how to comply
with audit findings.
Direct Simple Mail Transport Protocol (SMTP) or Internet
Message Access Protocol (IMAP) download (similar to how
personal email is downloaded from Comcast or Qwest)
Discontinuing support in January, 2011. Use webmail or web-based
remote desktop solution (mydesktop.ucdenver.edu).
Launch Awareness
& Communication
Campaign
Consolidate and
simplify IT policies
Require passwords
for all smart
phones
Discontinue nonsecure email
transmissions
(POP/SMTP/IMAP)
Transition campus
from VPN to webbased remote
desktop
Remote Computing Audit Remediation Timeline
Require encryption
for all smart
phones
Download