Data Risk Reference Grid

Data Risk Reference Grid

The Data Risk Reference Grid will help you get an overview of where you can properly store and handle data of different security levels.

Legend


: Allowed
: Prohibited
: Allowed with conditions met

Low Medium High
Email
Slack
AFS
NFS
Dropbox, Google Drive, OneDrive cloud storage
Local Storage
Removable Media
Secured Data Environment

Email

Email is inherently an insecure method of communication. Medium and / or High risk data should never be sent via email. Consider using email for sending links to cloud storage with proper access control to higher risk data. The only caveat to that are files that are attached with appropriate file level encryption.

Slack

Slack on it’s own does not provide the required security protocols for Medium or High risk Data. Consider using Slack for sending links to cloud storage with proper access control to higher risk data.

AFS

AFS cannot accommodate Medium Risk data in it’s current configuration. Duo two-factor authentication for interactive user and administrator logins are not provided. If you require Medium Risk data on AFS, please see our Secured Data Environment.

NFS

NFS does not provide any reasonable security whatsoever. Medium and / or High risk data should never be stored on NFS

Cloud Storage

Dropbox, Google Drive, OneDrive

Medium risk data can be stored in Dropbox, Google Drive or OneDrive with the proper access control and responsible steps in place. Such data should be reasonably secured by sharing only with persons who need to access the data for a permissible purpose, and under strict instructions that these persons (a) may not share the data with any third party, absent permission from you, and (b) should delete the data from their local systems when they are finished with it. For more details, please see MIT IS&T’s Knowledgebase Article

Local Storage

Managed CSAIL Ubuntu machines do not provide the required security protocols for Medium or High risk Data. If you must store Medium Risk data, consider a Secured Data Environment

It is possible to setup your own local storage provided you implement appropriate tasks to protect your data

Apple MacBook’s configured and provided by TIG provide the required security protocols for Medium risk data provided the data is deleted from your local systems when they you are finished with it. For more details, please see MIT IS&T’s Knowledgebase Article

Removable Media

Please see MIT IS&T’s Encryption Landing Page

Secured Data Environment

TIG can provide support for creating a Secured Data Environment and compute clusters on user purchased hardware sufficient for Medium Level Confidential Information’ such as deidentified medical or financial datasets.