Sharing and storing data securely
Advice and options on storing, sharing, managing and requesting data.
Storing data |
Storing data securelyIt's recommended that you always store University data using one of our two assured and supported platforms:
This is because these two solutions have security and resilience in their design and are actively managed and monitored by IT Services. For this reason and due to potential loss or theft, it is not recommended to store any University data locally on your devices, unless absolutely necessary. Alternative online storage solutions such as Dropbox, Microsoft OneDrive, WeShare, etc. are not recommended, supported or endorsed by the University. If you would like to obtain exemption for the use of an unsupported and unapproved tool for University business please contact your IT Services Business Relationship Manager its-brm@sheffield.ac.uk, who will discuss your requirements and ask you to complete a non-standard request form so your exemption request can be assessed accordingly. |
---|---|
Sharing data |
Sharing university data securelySometimes we might need to collaborate with others in the University or with external parties such as suppliers and research partners. To collaborate we often need to share or send data to others, but we can accidentally share too much information. The following section outlines how this can be done securely using the University's approved services. Sharing principles
Sharing data internally (anyone with a University of Sheffield account)Google DriveThe Google Help Centre includes Google's guidance on file sharing. The following security principles should be followed when sharing files internally using Google:
University StorageThe easiest way to share data on University Storage is to save the file or folder in question within your Departmental or your Research storage areas (e.g. X: Drive). This means others in your department or research project should be able to access this file. Care should be taken to ensure that only those necessary have access to files and folders; and that only the necessary permissions are granted. If you need access to a restricted part of your Departmental or Research storage (X: Drive) please put a request in through the shared area owner or administrator. Email attachmentsData in transit is always encrypted (protected) when it’s sent between University email accounts. However, it’s recommended that Restricted & Highly Restricted attachments are encrypted using one of the recommended tools here: Protecting files sent by email Sharing data externally (to non-University accounts)Sharing public dataGoogle 'Get Link' Option (For "Public” data only)The Google Help Centre includes Google's guidance on file sharing. The following security principles should be followed when sharing Public data using Google:
Encrypted email attachmentsPublic data can be share outside the University using email. Sharing Internal, Restricted or Highly Restricted data with external partiesSharing with External University AccountsIf needed you can request to have an “External” University account created for an external research collaborator. This account provides third parties limited access to University services, such as University storage services. This account can then be used to share information “internally”, as they have a valid University account. Request an External University account Secure FTP (File Transfer Protocol)When large amounts of data is intended to be shared regularly with an external party, an IT Services secure FTP service can be set up to manage this. Encrypted email attachmentsWhile data in transit is nearly always encrypted when sending emails externally, Restricted & Highly Restricted attachments should always be encrypted using one of the recommended tools here: |
Controlling access |
Controlling data accessWhen you’ve already shared some data, you might want to confirm who has access and who can see it. It's recommended that you routinely check the sharing settings of your data to confirm only those who need access have it. Manager responsibilitiesAs outlined in the Access Control Policy, managers should routinely review the access settings of files and folders in their team’s shared drives, to confirm only those who need access have it. Confirming who has accessUniversity Storage Access Settings
Google Access Settings
|
Requesting access |
Requesting access to someone else’s dataWhere there’s not already an IT Service Desk registration form in place to request access to a particular system, requests for data should follow the steps below: 1. First ask the data owner to share the data with you.
2. If the data owner is not available, then you can ask your Head of Department to complete the Account Access Request Form with the following information:
Exceptional requests, including requests for access to data outside the University’s stated purpose for processing, will be escalated to the IT Services Executive for approval. |