Storage Guidelines
-
+
AAU ITS Managed Local Storage
AAU ITS Managed Local Storage DATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
- Yes
DATA CLASS: CONFIDENTIAL
- Yes
DATA CLASS: SENSITIVE
- If protocol is followed:
Sensitive data is allowed if it is labeled properly (see CLASSIFICATION OF DATA) and you have verified with AAU ITS that access logging is enabled for your machine.
Typical size limitation
- 4 TB
AUTHENTICATION
- AAU Credentials
SUPPORT
- AAU ITS
PROS
- Fast, simple, direct and offline
CONS
- Requires VPN for backup and sync
Backup
- 60 days, by default
Storage encryption (data at rest)
- Yes
Traffic encryption (data in transit)
- Cleartext sync on internal network by default
Access logging
- Optional
-
+
Unmanaged local storage
Unmanaged Local StorageDATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
DATA CLASS: CONFIDENTIAL
DATA CLASS: SENSITIVE
Typical size limititation
- 4 TB
AUTHENTICATION- N/A
SUPPORT- AAU ITS
PROS- Fast, simple, direct and offline
CONS
- Limited accessibility
Backup
- No
Storage encryption (data at rest)
Traffic encryption (data in transit)
Access logging- No
Internal
Internal data is allowed if the device is stored in a locked office, -cabinet, or similar such unauthorized access is not immediately possible. Also make sure to label the data correctly (see KLASSIFIKATION AF DATA). If the storage device is not locked away, the data has to be encrypted, please see VEJLEDNING TIL KRYPTERET LAGRING AF DATA for how to do this.
Confidential
Confidential data is allowed if the data is encrypted and is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA.
Sensitive
Sensitive data is allowed if the data is strongly encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA, VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA. Make sure to use a very strong password and please note that the password is only as strong as the channel used to send it, so either let the recipient know physically or follow this guide: VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA. - Yes
-
+
AAU ITS Managed Shared Storage / Fileshares
AAU ITS Managed Shared storage / filesharesDATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
- Yes
DATA CLASS: CONFIDENTIAL
DATA CLASS: SENSITIVE
Typical size limitation
- 5 TB
AUTHENTICATION
- AAU Credentials
SUPPORT
- AAU ITS
PROS
- Fast, internal sharing possible
CONS
- Requires AAU credentials.
- Requires internet access.
Backup
- 60 days.
Storage encryption (data at rest)
Traffic encryption (data in transit)
Access logging
- Optional
Confidential
Sensitive data is allowed if it is labeled properly (see KLASSIFIKATION AF DATA) and you have verified with AAU ITS that access logging is enabled for your fileshares.
Sensitive
Sensitive data is allowed if it is labeled properly (see KLASSIFIKATION AF DATA) and you have verified with AAU ITS that access logging is enabled for your fileshares.
-
+
Email
EmailDATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
- Yes
DATA CLASS: CONFIDENTIAL
DATA CLASS: SENSITIVE
Typical size limitation
- 50 MB
AUTHENTICATION
- AAU Credentials
SUPPORT
- AAU ITS
Backup
- 60 days
Storage encryption (data at rest)
Traffic encryption (data in transit)
Access logging
- ?
Protocol
Confidential
Confidential data is allowed if it is labeled properly (see KLASSIFIKATION AF DATA) and by following this guide;
VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.
Sensitive
Sensitive data is allowed if it is labeled properly (see KLASSIFIKATION AF DATA) and by following this guide;
VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.
-
+
OneDrive cloud
Onedrive cloudDATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
- Yes
DATA CLASS: CONFIDENTIAL
- No*
DATA CLASS: SENSITIVE
- No
Typical size limitation
- 5 TB
AUTHENTICATION
- AAU Credentials
SUPPORT
- AAU ITS
PROS
- Internal and external sharing possible.
Backup
- Only recycle bin
Storage encryption (data at rest)
- ?
Traffic encryption (data in transit)
- Yes, TLS
Access logging
- ?
-
+
Office365 SharePoint Cloud
Office 365 SharePoint Cloud
DATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
- Yes
DATA CLASS: CONFIDENTIAL
- No
DATA CLASS: SENSITIVE
- No
Typical size limitation
- ?
AUTHENTICATION
- AAU Credentials
SUPPORT
- AAU ITS
PROS
- Internal and external sharing possibe
Backup
- 14 days
Storage encryption (data at rest)
- Yes
Traffic encryption (data in transit)
- Yes
Access logging
- Yes
-
+
AAU ITS managed REDcap
AAU ITS managed REDcap
DATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
- Yes
DATA CLASS: CONFIDENTIAL
- Yes
DATA CLASS: SENSITIVE
- Yes
Typical size limitation
- Unlimited
AUTHENTICATION
- AAU Credentials
SUPPORT
- AAU ITS
Backup
- 14 days
Storage encryption (data at rest)
- Yes
Traffic encryption (data in transit)
- Yes
Access logging
- Yes
-
+
Sciencedata.dk
Sciencedata.dkDATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
DATA CLASS: CONFIDENTIAL
DATA CLASS: SENSITIVE
Typical size limitation
- 170 GB
AUTHENTICATION
- AAU Credentials
SUPPORT
- DeIC
PROS
- Suitable for huge amounts of data. Internal and external sharing possible
Backup
- No
Storage encryption (data at rest)
Traffic encryption (data in transit)
- Yes, TLS
Access logging
- No
Internal
Internal data is allowed if it is labeled correctly (see DATAKLASSIFIKATION).
Confidential
Confidential data is allowed if the data is encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA.
Sensitive
Sensitive data is allowed if the data is strongly encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA, VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.
. Make sure to use a very strong password and please note that the password is only as strong as the channel used to send it, so either let the recipient know physically or follow this guide: VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA. -
+
Filesender.deic.dk
Filesender.deic.dkDATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
DATA CLASS: CONFIDENTIAL
DATA CLASS: SENSITIVE
Typical size limitation
- 5 TB
AUTHENTICATION
- AAU Credentials
SUPPORT
- AAU ITS
PROS
- Suitable for lange amounts of data.
- Internal and external sharing possible.
CONS
- Encryption is not enforced when sharing links
Backup
- No
Storage encryption (data at rest)
Traffic encryption (data in transit)
- Yes, TLS
Access logging
- No
Internal
Internal data is allowed if the data is exclusively shared with AAU email adresses and if it is labeled properly (see KLASSIFIKATION AF DATA). It is recommended to encrypt the data which can be done using Filesender's in-browser encryption or by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA, VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA. Make sure to use a strong password and please note that the password is only as strong as the channel used to send it, so either let the recby following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA, VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.
Confidential
Confidential data is allowed if the data is encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done using Filesender's in-browser encryption or VEJLEDNING TIL KRYPTERET LAGRING AF DATA.
Sensitive
Sensitive data is allowed if the data is strongly encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNINGER TIL KRYPTERING. Make sure to use a very strong password and please note that the password is only as strong as the channel used to send it, so either let the recipient know physically or follow this guide: VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA. -
+
AAU ITS Managed workzone
AAU ITS managed workzoneDATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
- Yes
DATA CLASS: CONFIDENTIAL
DATA CLASS: SENSITIVE
Typical size limitation
- Unlimited
AUTHENTICATION
- AAU Credentials
SUPPORT
- AAU ITS
Backup
- 60 days
Storage encryption (data at rest)
- No
Traffic encryption (data in transit)
- Yes
Access logging
- Yes
Evaluate whether access should be restricted with ´Insight´. Contact ESDH-secretary for more info.
-
+
AAU ITS managed GIT or SVN
AAU ITS managed git or svn
DATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
- Yes
DATA CLASS: CONFIDENTIAL
- No
DATA CLASS: SENSITIVE
- No
Typical size limitation
- 10 GB
AUTHENTICATION
- AAU Credentials
SUPPORT
- AAU ITS
PROS
- Great version control
CONS
- Not suited for all types of data
Backup
- No
Storage encryption (data at rest)
- No
Traffic encryption (data in transit)
- Yes, TLS or SSH
Access logging
- No
-
+
AAU ITS managed virtual environments
AAU ITS Managed virtual environments
DATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
DATA CLASS: CONFIDENTIAL
DATA CLASS: SENSITIVE
Typical size limitation
- 10 GB
AUTHENTICATION
- AAU Credentials
SUPPORT
- AAU ITS
PROS
- User has control
CONS
- User has control
Backup
- 60 days
Storage encryption (data at rest)
Traffic encryption (data in transit)
- Independent
Access logging
- Optional
Internal
Internal data is allowed if the data is labeled correctly (see KLASSIFIKATION AF DATA). Please ensure that the data is not exposed to the internet.
Confidential
Confidential data is allowed if the data is encrypted and is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA, VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.
Please ensure that the data is not exposed to the internet.
Access logs also have to be set up, such that they get sent to a remote server (e.g. syslog)
Sensitive
Sensitive data is allowed if the data is strongly encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA, VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA. Make sure to use a very strong password and please note that the password is only as strong as the channel used to send it, so either let the recipient know physically or follow this guide: VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.
Please ensure that the data is not exposed to the internet.
Access logs also have to be set up, such that they get sent to a remote server (e.g. syslog)
-
+
Third Party Web Services
Third Party Web ServicesDATA CLASS: PUBLIC
- Yes
DATA CLASS: INTERNAL
- No
DATA CLASS: CONFIDENTIAL
- No
DATA CLASS: SENSITIVE
- No
Typical size limitation
- Independent
AUTHENTICATION
- Independent
SUPPORT
- Independent
Backup
- Independent
Storage encryption (data at rest)
- Independent
Traffic encryption (data in transit)
- Independent
Access logging
- Independent