Main Nav

Greetings!

We're curious as to what other schools are doing with regards to Google Drive privacy settings.  Do you have them restricted - in terms of not allowing sharing of documents outside the organization? Or do you allow them to share publicly with a link?  Thanks in advance!

--
Marie L. Scott
Director, Collaboration Services
Virginia Commonwealth University
804.828.4055



********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Hi, Marie.

We've allowed everyone--students, faculty, staff--to share publicly since Wellesley College started with GAE 3 years ago. We periodically remind our community of concerns and our policies about privacy, warn them about accidental sharing, and urge them to consider other more secure options we have for particularly sensitive material, but otherwise encourage them to make full use of the tools.

Regards,

David


Hi Maria,

For our school, the general default for Google Docs is private.  But they can share in the following ways:

Public on the Web
Anyone with the link
People at our College
People at our College with the Link
Specific People



+1 from Bristol.

15000 staff, 25000 students.

On 7 Mar 2014 14:00, "David N. O'Steen" <dosteen@wellesley.edu> wrote:
Hi, Marie.

We've allowed everyone--students, faculty, staff--to share publicly since Wellesley College started with GAE 3 years ago. We periodically remind our community of concerns and our policies about privacy, warn them about accidental sharing, and urge them to consider other more secure options we have for particularly sensitive material, but otherwise encourage them to make full use of the tools.

Regards,

David


We also allow everyone to share publicly here at Michigan. Like Wellesley, we emphasize appropriately using the services available to campus, publishing and promoting a Sensitive Data Guide (http://safecomputing.umich.edu/dataguide/).

ryan


The default visibility for newly created documents is "private" (only people explicitly granted permission can access).

However, users can share documents outside the domain, with the following options:
  • Warn users when sharing outside this organization.
  • Allow users to share outside the domain to people who are not using a Google account.
  • Allow users to publish documents on the web or make them visible to the world as public or unlisted documents.
The general philosophy in the School of Engineering is to encourage collaboration, and many colleagues of our faculty, researchers, students, etc. are outside of Engineering, or UC San Diego. Google Apps is a primary enabling technology for this goal.

Thanks,
--david

David J. Hutches, Ph.D.
Director, Engineering Computing
Jacobs School of Engineering
University of California, San Diego
9500 Gilman Drive, Dept 0437
La Jolla, CA  92093-0437
+1 858-534-2202

At the University of San Francisco, we also have the same settings as Lance has described.  We have made it a point when doing any introduction to Google drive to faculty, staff and students to not use Drive to store confidential documents.  We also are trying out Cloudlock to detect sensitive information on Drive and to notify people of such documents so they can move them off of Drive.
Ken
Ken Yoshioka Graphic Media and Training Specialist SOE 005 Center for Instruction and Technology Information Technology Services University of San Francisco 415-422-5670 yoshioka@usfca.edu On 3/7/14 6:01 AM, Lance Eaton wrote:
Hi Maria,

For our school, the general default for Google Docs is private.  But they can share in the following ways:

Public on the Web
Anyone with the link
People at our College
People at our College with the Link
Specific People



Add another voice to the chorus.

We default to private and allow Public on the Web (which means all the sharing levels).

We’ve launched education and awareness campaigns, particularly since for several years we had things locked down to be only shared within the domain.  We opened it up this last fall.






Nathan Phillips, Ph.D.
Center for Learning and Technology
MARYLHURST UNIVERSITY
You. Unlimited.
17600 PACIFIC HIGHWAY
MARYLHURST, OR 97036-0261

For those who are telling staff not to store confidential documents on Drive, can I ask why? Do you have standards on what qualifies as a confidential document, and do those standards apply elsewhere, e.g. email, desktops, etc.? What other tools are you providing to store confidential data, and how are you protecting those?

I'm curious because we're considering using Drive to phase out network shares for individuals. We would still retain network file shares for departments, but encourage people to use their personal Drive where they might have used an individual network share before.

I'm wondering if anyone has done that and what issues you ran into.  

-Matthew


-- 


Matthew S. Burfeind
Interim Chief Information Officer
Massachusetts College of Art and Design
621 Huntington Avenue
Boston, MA 02115
617.879.7872 (p)
617.879.7979 (f)
burfeind@massart.edu




Hi Matthew,

At NC State University we have just finalized our data sensitivity framework. This framework will hopefully help our users understand better the data they are working with and their options for storage and other things relating to sensitive data. It's rather overwhelming and we are planning an education campaign to reach out to our campus community and educate them on this framework, their responsibilities and how to get help when they have questions. We want to make sure we give some use cases and help individual units apply this framework to the types of data they handle. 

We do say that Google drive can be used to stored certain types of data.

Please see: http://oit.ncsu.edu/data-framework for more information.

Hope this helps,

 - sarah

Matthew,
We do have a security policy that defines what comprises a secure document (which is actually is in the process of restructure but you can view the current policy here) and after speaking to our security administrators, they are working on data encryption services which can encrypt a file for storage on cloud storage like Google Drive and Dropbox.  I believe, as others have stated that it takes education to ensure that the university community is in the mindset of keeping information safe.  i encourage the use of storage like Drive, Box and Dropbox for files intended for sharing and collaboration but to continue to use internal secure servers for confidential documents.  To allow flexibility for storage solutions but to maintain security we are implementing Cloudlock for Google Drive for visibility and Sophos for file and folder encryption so documents can be stored on the cloud.  I believe that the ultimate aim is to inform that you can store a confidential document on the cloud but it must be encrypted.  Even going back a step, our security admins would no confidential information like SSNs stored outside of Banner.  It's been a work in progress to balance flexibility and security...
Ken
Ken Yoshioka Graphic Media and Training Specialist SOE 005 Center for Instruction and Technology Information Technology Services University of San Francisco 415-422-5670 yoshioka@usfca.edu On 3/7/14 9:37 AM, Matthew Burfeind wrote:
For those who are telling staff not to store confidential documents on Drive, can I ask why? Do you have standards on what qualifies as a confidential document, and do those standards apply elsewhere, e.g. email, desktops, etc.? What other tools are you providing to store confidential data, and how are you protecting those?

I'm curious because we're considering using Drive to phase out network shares for individuals. We would still retain network file shares for departments, but encourage people to use their personal Drive where they might have used an individual network share before.

I'm wondering if anyone has done that and what issues you ran into.  

-Matthew


-- 


Matthew S. Burfeind
Interim Chief Information Officer
Massachusetts College of Art and Design
621 Huntington Avenue
Boston, MA 02115
617.879.7872 (p)
617.879.7979 (f)
burfeind@massart.edu




Marie,

At UNCG, we have all of these options checked:

Users can share documents outside this organization
Warn users when sharing outside this organization
Allow users to share outside the domain to people who are not using a Google account.
Allow users to publish documents on the web or make them visible to the world as public or unlisted documents.

Document visibility is set as:
Private - Only people explicitly granted permission can access.

We also have CloudLock Collaboration Security implemented, which gives us insight into how things are being shared, and if there is potentially sensitive data exposed publicly. We have policy around Google Drive not being used to store sensitive data, and are working on a framework for data storage so that users are better informed about what their choices (and responsibilities) are. We also have Box (www.box.net) deployed in a small capacity right now, but may have it widespread by the fall semester. To support the multiple storage offerings, that framework will describe the types of data in terms of "locks" so that people can see what 1 Lock, 2 Lock, and 3 Lock data would be. 3 Lock data would (for example) only be able to be stored in certain services (maybe not anywhere except on campus), whereas 1 lock data could be stored anywhere and shared with anyone (potentially).

We have a distance to go before any of that work is published or finalized, but that's the direction we're heading.

Cloudlock also just announced their selective encryption service, which could very nicely supplement our existing service offerings, by allowing us to secure/encrypt things in place, rather than move data to another storage service. We haven't looked deeply at it yet, but it does represent a nice option if it performs as advertised.

--Nick

..................................................................
Nick Young
IT Manager, Application Administration, ITS
The University of North Carolina at Greensboro
n_young@
uncg
.edu | http://its.uncg.edu
..................................................................


Nick - and everyone - thanks for responding about my question about Google Drive/Doc sharing.

We've been working on stepping up our training efforts for our users so that they understand the nuances of the Google Drive settings, as well as understanding that Google Drive, is not the same as a network drive, or a local drive.  We've had some users who thought they should use Google Drive as their primary means of backing up their local data - which is not how we'd prefer them use Drive.  Training, training, training, seems to be key!

We have also started deploying Cloudlock - and it is a great tool! 

Best regards,

Marie Scott


We allow sharing, warn users,  allow sharing outside the domain, allow them to publish to web.

Default visibility is Private.

 

Our rationale to share outside the domain is – adjuncts are in a separate domain, full time faculty do not have institutional Google accounts and we wanted to encourage document sharing to be used in the classroom

 

Richie Bianco

Mercer County Community College

1200 Old Trenton Road

West Windsor, NJ, 08550

609-570-3443

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.