This page describes the requirements and best practices in place within SOM to protect data. While most security policies and standards are applied to systems, the ultimate goal of these is to protect data within the environment. This may be student data, research data, demographic and administrative data, and so much more. There are certain legal requirements and ethical concerns that must be considered when looking at options for protecting this data. In general, SOMTech leads toward protecting managed devices and data as if it is category 1 data. The goal of this page is to describe how SOMTech protects the data and to help SOM faculty, staff, and students protect data they are using while still being productive.
If you are interested in meeting with SOMTech to discuss ways that you can effectively work while still following VCU, VCU Health, and SOMTech security and privacy standards (among others), please submit a ticket requesting a meeting.
One of the easiest ways to verifiably protect data is for it to be encrypted. VCU has an encryption standard which outlines when and how data should be encrypted. While this is not exhaustive (please read the standard), the primary times that data must be encrypted is as follows:
|Over the years, SOMTech has enforced encryption on flash drives primarily using 2 different solutions (IronKey drives and DDPE). In 2021, these solutions are being phased out in favor of VCU Health's OneDrive cloud storage and BitLocker EME. More details are below, but if you have any questions or concerns, please submit a ticket to SOMTech.|
BitLocker To Go external media encryption is the new standard for encrypting external storage devices within the School of Medicine. Any external storage drives that you will need to transfer data to from a SOM Windows computer will be required to be encrypted. If you do not encrypt the drive, you will still be able to copy data off. You can read more info on this process at the link here. If you have further questions or you have an external drive that will need to remain unencrypted feel free to submit a ticket for assistance.
SOMTech started deploying BitLocker To Go on some new SOMTech-managed Windows computer in the spring of 2021 and will expand the deployment On August 3rd, 2021. SOMTech has created an FAQ to answer common questions and provide a little more details about BitLocker To Go.
|Be advised that BitLocker Encryption is not Mac compatible so there will be no way of using these encrypted drives on a Mac device at this time. If you plan on working on Windows & Mac devices it is recommended you use your Home Drive, VCU Health OneDrive, or VCU Google Drive accounts to transfer data.|
SOMTech is phasing out the use of Dell Data Protection in 2021. With that being said it is recommended that you start making preparations for this change while we look to move to a new form of data protection. VCU Health's implementation of OneDrive is a cloud based file storage alternative to encrypted physical drives however if you do need to use a physical drive for data storage and we have you on record of having a encrypted drive in your possession then you can expect communication from us soon on how to proceed.
SOMTech and VCU Health provided hardware-encrypted IronKey devices for many years. These devices required a password every time they were used, but worked on both VCU and VCU Health computers. They were also able to be used on any computer without administrative rights. If the password was forgotten, SOMTech could reset the password administratively (on SOMTech-managed drives). VCU Health used unmanaged IronKey drives which meant that they weren't able to help with forgotten passwords. They stopped providing IronKey drives in 2019.
IronKey Drives Phase-out Plan
In order to protect any data on IronKey drives, we are strongly encouraging that everyone who has an IronKey drive to please follow these steps: