Impact of the Recent UC Denver Remote Computing Audit May, 2010 Summary of Changes to Campus IT Services (2-Year Phase-In) • • • • • Consolidate and simplify IT policies as part of current campus initiatives Develop new policy language that explicitly covers the definition of remote computing and how devices are secured Require that all devices connecting to campus (via a non-campus remote network) have passwords, security patches and are encrypted. Four methods available to securely access campus computing/data: • Web-based remote desktop (mydesktop.ucdenver.edu) will replace majority of virtual private network (VPN) services • Security monitoring software (fee-based) for users who have a business need to continue using VPN technology • Webmail • Smartphones that are Blackberry or ActiveSync compliant Faculty, staff and students should select a smart phone that can be encrypted at their next contract renewal. A list of example devices will be published on the IT Services website soon. Before/After Implementation If you currently access campus information remotely via… The impact after implementation is… Webmail (webmail.ucdenver.edu) using a desktop, smartphone, or any other type of computer No change. Blackberry smartphone (requires license fee and setup by ITS) No change. This is the recommended solution for safe, secure email usage via smartphone at UC Denver. iPhone 3Gs or 4 smartphone configured to use campus email system (Microsoft Exchange) Beginning January, 2011 these phones will have settings automatically downloaded requiring a password, encryption and “auto lock” of the screen after a time delay. iPhone 3G or older smartphone configured to use campus email system (Microsoft Exchange) Discontinuing support in May, 2012. Individuals must upgrade to a newer model iPhone (3Gs or 4). Droid or other Android-based smartphone configured to use campus email system (Microsoft Exchange) Beginning January, 2011 these phones will have settings automatically downloaded requiring a password and “auto lock” of the screen after a time delay. We will have to discontinue support after May, 2012 if manufacturer does not offer the ability to encrypt the phone. Virtual Private Network (VPN) Beginning June, 2011 must install security monitoring software and encrypt the computer (requires license fees and setup by ITS) OR use web-based remote desktop solution (mydesktop.ucdenver.edu) OR webmail. Secure shell (SSH), telnet, file transfer protocol Individuals and/or units will need to work with ITS on how to comply with audit findings. Direct Simple Mail Transport Protocol (SMTP) or Internet Message Access Protocol (IMAP) download (similar to how personal email is downloaded from Comcast or Qwest) Discontinuing support in January, 2011. Use webmail or web-based remote desktop solution (mydesktop.ucdenver.edu). Launch Awareness & Communication Campaign Consolidate and simplify IT policies Require passwords for all smart phones Discontinue nonsecure email transmissions (POP/SMTP/IMAP) Transition campus from VPN to webbased remote desktop Remote Computing Audit Remediation Timeline Require encryption for all smart phones