File Storage Security: Scanning, Tightening Access, and Archiving Files to Protect Sensitive Data
If you store sensitive data at Stanford that is broadly exposed, you may receive an email asking you to tighten access or informing you that access has been restricted.
These email notifications are part of the CIO Council sponsored File Storage Security Program, established to better protect sensitive data stored on the university’s major file storage systems.
The program enhances file security by:
- Restricting access to files that appear to contain sensitive data
- Continuously scanning files for sensitive data when they are created or modified
- Archiving files that are no longer needed
On Feb. 28 the File Storage Security service will begin restricting access to pre-existing broadly exposed files that appear to contain sensitive data. The service will initially apply to Google Drive, Box, and OneDrive, and will be expanded to include additional file storage systems over time.
If you are the owner of an affected file, you will retain access to the file but other permissions will be removed. You will be notified via email and can quickly restore access if needed.
Starting March 7, files that appear to contain sensitive data and are broadly exposed (including sharing via link) will trigger automated email notifications prompting the owner to review the file content and modify access as appropriate. Scanning coverage initially includes Google Drive, Box, and OneDrive with plans to expand further.
These automated notifications will be sent from Proofpoint, our data loss prevention security service provider. The From address will be “Proofpoint Alerts <firstname.lastname@example.org>”.
A large portion of files stored in Stanford systems have not been accessed in many years and are no longer needed. Archiving this unneeded data is the most effective approach to preventing privacy incidents. Archiving (vs. deleting) files ensures that the data can be retrieved if needed, while ensuring that they are not unduly exposed.
If you administer a file storage space, you may receive an email message providing advance notice that the space will be archived. If the space is still in active use, respond to the email to temporarily exempt it from being archived.
Archival efforts are well underway. The File Storage Security Working Group has been actively archiving unneeded AFS spaces since June 2018. To date, more than 1,100 of these spaces have been archived with only 5 needing to be restored.
The File Storage Security Program is a high-profile, university-wide initiative sponsored by the CIO Council. The program was established in late 2017 in response to a series of privacy incidents that surfaced the problem of misconfigured file permissions.
If you have questions about the program, please email the File Storage Security Working Group.