There are two basic approaches to securing data privacy. The first is deny the ability to access data designated as private to anyone other than the person to whom an account or device has been assigned, e.g., by restricting administrative accounts so that only the account holder or device owner can access the owner’s files. This is analogous to locking your doors to prevent access to your house. The second is to restrictby rule or policyaccess to data stored in an account or on a device to the owner. This is analogous to posting a no trespassing sign at the boundary of your property.
IU has adopted the second approach. There are three primary reasons for this.
- IU is the legal owner of the devices on which university accounts reside and the computing devices assigned to individual faculty and it is legally responsible for how they are used.
- IU is responsible for their maintenance.
- IU is responsible for ensuring that devices which are connected to the IU network do not represent security risks. Each device connected to the network is a potential entry point. When one device is compromised, it comprises others on the network. It is essential for network security that devices on the network are upgraded and patched quickly.
With respect to 3, IT-12 Security of Information Technology Resources states (p. 2):
The use of automated scanners and break-in scripts makes it easy for someone to quickly scan entire networks for vulnerable systems. Systems that are not properly secured are likely to be discovered, and they will then be subject to intrusion. Data on vulnerable/exploited systems WILL be compromised, altered, or destroyed. Such systems may be used to compromise or initiate denial of service attacks against other University systems or systems at external sites.
These responsibilities require that IU IT professionals have administrative access to devices assigned to faculty. The specific responsibilities of IT professionals are spelled out in IT-12
In practice, this requires the use of Enterprise Client Management Software that allows operations on multiple computers with a single command. There are approximately X IT professionals for every Y computers on the IU network in the College of Arts and Sciences. Upgrading computers on the network requires administrative access to those computers. It is not practical to upgrade or patch computers on the network through individual visits by IT professionals or remote updates of each machine on the network individually. Management of a large network of computers requires automation of many tasks, which requires management software such as JAMF for Mac OS and Microsoft’s System Center Configuration Manager (SCCM) for Windows.
The use of client management software may raise concerns about privacy since it allows searching for files on many machines at once. While this possibility raises the risk of a large scale invasion of privacy if someone misuses the software, the possibility of an invasion of privacy exists whenever someone other than a user has an administrative account on a device. There are, however, steps that an end user can take to reduce the risk of someone misusing administrator privileges gaining access to private data. First, one can take steps to ensure that private information on one’s personal devices are not shared with one’s work computer by decoupling them. Second, one can encrypt and thereby password protect files or folders or an entire hard disk, or store sensitive data on an encrypted external drive that can be physically detached from a computer when not in use. This is analogous to locking a filing cabinet in your office so that even those whose role related responsibilities allow them access to your office are not able to access information in your filing cabinet. Information related to these steps can be found through the links in sections 3.4 - 3.6.