May, 2017 CIO Update
As we successfully close another academic year and begin to close another fiscal year, the Technology Services team is now beginning to perform various maintenance and upgrade tasks to multiple systems and infrastructures as well as plan for the fall. Over the summer months I will highlight some of those efforts. For this month’s entry, I will cover a couple of current security initiatives as well as an administrative item that has come our way.
Cloudlock Security Monitoring
Collaboration Services and the Information Security Office are using policies in a tool called Cisco Cloudlock to detect if files stored in Google Drive contain sensitive data, such as social security numbers and credit card numbers, and whether the files are being shared publicly or domain wide. Starting on May 22nd, we began using Cloudlock to immediately revoke public sharing from documents meeting this criteria in Google Drive. The document owner receives an email notification from Cloudlock. The owner and all other collaborators that were added maintain the assigned access (view,edit,comment) to the document. This allows us to narrow the time gap between when a file violating the policy has been detected and the public/domain wide sharing is revoked.
Collaboration Services also uses Cloudlock to monitor third-party applications that have access to VCU Google accounts. We can use this tool to revoke access to applications that pose a security risk to VCU data. Currently, third-party application access is manually revoked if a threat is detected. We are working toward more automation of this process using Cloudlock and will begin implementation of this feature in June, 2017.
Desktop and Laptop Security
With the continued emergence of cyber threats and the recent high profile cyber attacks, VCU Technology Services is continuing the enhancement to security defenses to ensure a safe computing environment. By adhering to several best practices listed below, we can effectively mitigate a large percentage of cybersecurity risks.
- Timely patching of computers; including the patching of both the Operating System (such as Windows) and applications (such as Adobe Acrobat), can help to reduce the risk related to cyber threats exploiting these vulnerable operating systems and applications.
- Removal of administrative privileges for an individual’s primary account on computers can prevent many cyber threat from successfully executing malicious programs on a victim’s computer.
- Use of up-to-date antivirus and firewall programs can help to detect and prevent some of the threats from infecting a computer or stealing data.
Currently, VCU Technology Services is working to enhance the aforementioned controls with its internal teams and supported customers. In the upcoming months, processes and procedures will be provided to departmental IT units that need further implementation or enhancement to these controls.
Elimination of ‘P.O.’ in Campus and Work Addressing
This spring, the United States Postal Service instructed VCU to discontinue the use of “P.O.” preceding university mailbox numbers. This change pertains to VCU and VCU Health addresses using the zip codes 23284 and 23298. Please begin to use up existing stationery inventory and place new stationery orders through the VCU contracted stationery partner, B&B Printing: identity.vcu.edu/stationery. The online stationery templates have been modified to encompass this change.
Within Technology Services, we are working to remove the “P.O.” from eServices and from the on-line directories. It will take a few weeks for the changes to percolate down into various subsystems. In addition, we have identified over 8,000 web sites that require remediation (note that the TS has been updated). We are working with webmasters throughout the university to update their footer addresses. Those webmasters who use T4 are finding this to be a very simple process.
Finally, we are working closely with Business Services and other university departments, providing project updates as task are completed. Look for further information in the weeks ahead.
Thanks to all of the individuals supporting these and other technology initiatives at VCU. Have a great summer!