JUMP DRIVE SECURITY RECOMMENDATION

Overview:

• As part of the Student Services Identity & Security Initiatives, an investigation was requested to determine what steps are required to secure Public, Sensitive or Restricted data on jump drives.
• The target audience for this recommendation is Student Services Technology & Assessment supported customers who utilize a removable jump drive media to store data.

Mission:

• Investigate the University’s security policies and procedures as they relate to data storage on jump drives.
• Investigate and recommend standard jump drive hardware for purchase by Student Services departments.
• Investigate feasibility and need of password protection or encryption software for existing and new purchases of jump drives.

Deliverable:

• Statement of University Security Guidelines as they relate to data storage on jump drives.
• SSTA Software/Hardware Recommendation

Approach:

• Research Purdue University Security Policies on the web.
• Identify available products from web searches.
• Examine current devices in our environment
• Test one or more devices and accompanying software
• Test third party software with existing device

Discoveries:

• Hardware and security software is available from many companies offering many models with varying features.
• Recommendation is needed to narrow the scope of support.

Jump Drive Security
DELIVERABLE
Statement of University Security Guidelines as they relate to data storage on jump drives.

• As stated in the University’s Security Guidelines, one of the five aspects of effective Data Security involves data confidentiality. Data Confidentiality is the concept of protecting the secrecy of information in storage, transit, or use.
• The University recognizes data to be classified in one of three categories: Public, Sensitive or Restricted.
• The University’s data handling guidelines as they relate to “Storage on removable media” are described in Electronically Stored (Computer-based) Information data handling procedures.  This document is only updated once per year. Student Services data handling guidelines and Business Services data handling guidelines are more restrictive than the currently published University data handling guidelines.
• Student Services customers who utilize Jump drives to store Sensitive or Restricted data will follow the Student Services data handling guidelines and are required to have the ability to encrypt and password protect the data and must be stored in a secured location when not in use.

SSTA Hardware/Software Recommendation

• New Purchases

• Student Services customers who store sensitive or restricted data on a jump drive must use a device which can encrypt and password protect the data.
• Lexar Jumpdrive Secure II USB Flash Drive
• Available from CDW-G in several sizes
• Security software is included on device
• Administrative rights not needed for password or encryption
• Can be used on multiple workstations
• Some features are not available without administrative rights.
• As models and pricing changes other manufacturers will be considered if they meet the criteria:
• Software included on device
• Administrative rights not needed for setting password or encryption
• Can be used on multiple workstations

• Existing Devices
• SSTA-WT supported departments may utilize existing devices without encryption or password protection capability as long as sensitive or restricted data is not stored on the device.
• Typically, third party software for password protection or encryption requires administrative privileges on the workstation and cannot be used on multiple workstations and therefore will not be installed on existing devices.