AAU logo

Storage Guidelines

  • +

    AAU ITS Managed Local Storage

    AAU ITS Managed Local Storage


    AAU ITS Managed Local Storage  

     

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

    • Yes

     

    DATA CLASS: CONFIDENTIAL

    • Yes

     

    DATA CLASS: SENSITIVE

    • If protocol is followed:
      Sensitive data is allowed if it is labeled properly (see CLASSIFICATION OF DATA) and you have verified with AAU ITS that access logging is enabled for your machine.

     

    Typical size limitation

    • 4 TB

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • AAU ITS

     

    PROS

    • Fast, simple, direct and offline

     

    CONS

    • Requires VPN for backup and sync

     

    Backup

    • 60 days, by default

     

    Storage encryption (data at rest) 

    • Yes

     

    Traffic encryption (data in transit)

    • Cleartext sync on internal network by default

     

    Access logging

    • Optional
  • +

    Unmanaged local storage


    Unmanaged Local Storage   

     

     

    DATA CLASS: PUBLIC

    • Yes
       


    DATA CLASS: INTERNAL



    DATA CLASS: CONFIDENTIAL


     

    DATA CLASS: SENSITIVE


     

    Typical size limititation

    • 4 TB

     


    AUTHENTICATION

    • N/A

     


    SUPPORT

    • AAU ITS



    PROS

    • Fast, simple, direct and offline

     

    CONS

    • Limited accessibility

     

    Backup

    • No

     

    Storage encryption (data at rest) 

     


    Traffic encryption (data in transit)

     


    Access logging

    • No

     

     


     

    PROTOCOL

    Internal
    Internal data is allowed if the device is stored in a locked office, -cabinet, or similar such unauthorized access is not immediately possible. Also make sure to label the data correctly (see KLASSIFIKATION AF DATA). If the storage device is not locked away, the data has to be encrypted, please see VEJLEDNING TIL KRYPTERET LAGRING AF DATA for how to do this.

    Confidential
    Confidential data is allowed if the data is encrypted and is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA.

    Sensitive
    Sensitive data is allowed if the data is strongly encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides;  VEJLEDNING TIL KRYPTERET LAGRING AF DATA, VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA. Make sure to use a very strong password and please note that the password is only as strong as the channel used to send it, so either let the recipient know physically or follow this guide: VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.

     

     

  • +

    AAU ITS Managed Shared Storage / Fileshares


    AAU ITS Managed Shared storage / fileshares   

     

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

    • Yes

     

    DATA CLASS: CONFIDENTIAL

     

    DATA CLASS: SENSITIVE

     

    Typical size limitation

    • 5 TB

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • AAU ITS

     

    PROS

    • Fast, internal sharing possible

     

    CONS

    • Requires AAU credentials.
    • Requires internet access.

     

    Backup

    • 60 days.

     

    Storage encryption (data at rest) 

     

    Traffic encryption (data in transit)

     

    Access logging

    • Optional

     

     


     

    PROTOCOL:


    Confidential
    Sensitive data is allowed if it is labeled properly (see KLASSIFIKATION AF DATA) and you have verified with AAU ITS that access logging is enabled for your fileshares.


    Sensitive
    Sensitive data is allowed if it is labeled properly (see KLASSIFIKATION AF DATA) and you have verified with AAU ITS that access logging is enabled for your fileshares.
     

     

  • +

    Email


    Email   

     

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

    • Yes

     

    DATA CLASS: CONFIDENTIAL

     

    DATA CLASS: SENSITIVE

     

    Typical size limitation

    • 50 MB

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • AAU ITS

     

    Backup

    • 60 days

     

    Storage encryption (data at rest) 

     

    Traffic encryption (data in transit)

     

    Access logging

    • ?

     

     


     

    Protocol


    Confidential
    Confidential data is allowed if it is labeled properly (see KLASSIFIKATION AF DATA) and by following this guide;
    VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.


    Sensitive
    Sensitive data is allowed if it is labeled properly (see KLASSIFIKATION AF DATA) and by following this guide;
    VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.

     


     

  • +

    OneDrive cloud


    Onedrive cloud   

     

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

    • Yes

     

    DATA CLASS: CONFIDENTIAL

    • No*

     

    DATA CLASS: SENSITIVE

    • No

     

    Typical size limitation

    • 5 TB

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • AAU ITS

     

    PROS

    • Internal and external sharing possible.

     

    Backup

    • Only recycle bin

     

    Storage encryption (data at rest) 

    • ?

     

    Traffic encryption (data in transit)

    • Yes, TLS

     

    Access logging

    • ?
  • +

    Office365 SharePoint Cloud

     

    Office 365 SharePoint Cloud   

     

     

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

    • Yes

     

    DATA CLASS: CONFIDENTIAL

    • No

     

    DATA CLASS: SENSITIVE

    • No

     

    Typical size limitation

    • ?

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • AAU ITS

     

    PROS

    • Internal and external sharing possibe

     

    Backup

    • 14 days

     

    Storage encryption (data at rest) 

    • Yes

     

    Traffic encryption (data in transit)

    • Yes

     

    Access logging

    • Yes
  • +

    AAU ITS managed REDcap

     

    AAU ITS managed REDcap  

     

     

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

    • Yes

     

    DATA CLASS: CONFIDENTIAL

    • Yes

     

    DATA CLASS: SENSITIVE

    • Yes

     

    Typical size limitation

    • Unlimited

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • AAU ITS

     

    Backup

    • 14 days

     

    Storage encryption (data at rest) 

    • Yes

     

    Traffic encryption (data in transit)

    • Yes

     

    Access logging

    • Yes
  • +

    Sciencedata.dk


    Sciencedata.dk   

     

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

     

    DATA CLASS: CONFIDENTIAL

     

    DATA CLASS: SENSITIVE

     

    Typical size limitation

    • 170 GB

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • DeIC

     

    PROS

    • Suitable for huge amounts of data. Internal and external sharing possible

     

    Backup

    • No

     

    Storage encryption (data at rest) 

     

    Traffic encryption (data in transit)

    • Yes, TLS

     

    Access logging

    • No

     

     


     

    PROTOCOL


    Internal
    Internal data is allowed if it is labeled correctly (see DATAKLASSIFIKATION).


    Confidential
    Confidential data is allowed if the data is encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA.


    Sensitive
    Sensitive data is allowed if the data is strongly encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA, VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.

    . Make sure to use a very strong password and please note that the password is only as strong as the channel used to send it, so either let the recipient know physically or follow this guide: VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.

     

  • +

    Filesender.deic.dk


    Filesender.deic.dk   

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

     

    DATA CLASS: CONFIDENTIAL

     

    DATA CLASS: SENSITIVE

     

    Typical size limitation

    • 5 TB

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • AAU ITS

     

    PROS

    • Suitable for lange amounts of data.
    • Internal and external sharing possible.

     

    CONS

    • Encryption is not enforced when sharing links

     

    Backup

    • No

     

    Storage encryption (data at rest) 

     

    Traffic encryption (data in transit)

    • Yes, TLS

     

    Access logging

    • No

     

     


     

    PROTOCOL


    Internal
    Internal data is allowed if the data is exclusively shared with AAU email adresses and if it is labeled properly (see KLASSIFIKATION AF DATA). It is recommended to encrypt the data which can be done using Filesender's in-browser encryption or by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA, VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA. Make sure to use a strong password and please note that the password is only as strong as the channel used to send it, so either let the recby following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATAVEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA. 


    Confidential
    Confidential data is allowed if the data is encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done using Filesender's in-browser encryption or VEJLEDNING TIL KRYPTERET LAGRING AF DATA.


    Sensitive
    Sensitive data is allowed if the data is strongly encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNINGER TIL KRYPTERING. Make sure to use a very strong password and please note that the password is only as strong as the channel used to send it, so either let the recipient know physically or follow this guide: VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.

     

  • +

    AAU ITS Managed workzone


    AAU ITS managed workzone   

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

    • Yes

     

    DATA CLASS: CONFIDENTIAL

     

    DATA CLASS: SENSITIVE

     

    Typical size limitation

    • Unlimited

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • AAU ITS

     

    Backup

    • 60 days

     

    Storage encryption (data at rest) 

    • No

     

    Traffic encryption (data in transit)

    • Yes

     

    Access logging

    • Yes

     

     


     

    PROTOKOL

    Evaluate whether access should be restricted with ´Insight´. Contact ESDH-secretary for more info.

     

  • +

    AAU ITS managed GIT or SVN

     

      AAU ITS managed git or svn   

     

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

    • Yes

     

    DATA CLASS: CONFIDENTIAL

    • No

     

    DATA CLASS: SENSITIVE

    • No

     

    Typical size limitation

    • 10 GB

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • AAU ITS

     

    PROS

    • Great version control

     

    CONS

    • Not suited for all types of data

     

    Backup

    • No

     

    Storage encryption (data at rest) 

    • No

     

    Traffic encryption (data in transit)

    • Yes, TLS or SSH

     

    Access logging

    • No
  • +

    AAU ITS managed virtual environments

     

    AAU ITS Managed virtual environments   

     

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

     

    DATA CLASS: CONFIDENTIAL

     

    DATA CLASS: SENSITIVE

     

    Typical size limitation

    • 10 GB

     

    AUTHENTICATION

    • AAU Credentials

     

    SUPPORT

    • AAU ITS

     

    PROS

    • User has control

     

    CONS

    • User has control

     

    Backup

    • 60 days

     

    Storage encryption (data at rest) 

     

    Traffic encryption (data in transit)

    • Independent

     

    Access logging

    • Optional

     

     


     

    PROTOCOL


    Internal
    Internal data is allowed if the data is labeled correctly (see KLASSIFIKATION AF DATA). Please ensure that the data is not exposed to the internet.


    Confidential
    Confidential data is allowed if the data is encrypted and is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATAVEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.
    Please ensure that the data is not exposed to the internet.

    Access logs also have to be set up, such that they get sent to a remote server (e.g. syslog)


    Sensitive
    Sensitive data is allowed if the data is strongly encrypted and if it is labeled properly (see KLASSIFIKATION AF DATA). Encryption can be done by following either of these guides; VEJLEDNING TIL KRYPTERET LAGRING AF DATA, VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA. Make sure to use a very strong password and please note that the password is only as strong as the channel used to send it, so either let the recipient know physically or follow this guide: VEJLEDNING TIL KRYPTERET UDVEKSLING AF DATA.

    Please ensure that the data is not exposed to the internet.

    Access logs also have to be set up, such that they get sent to a remote server (e.g. syslog)

     


     

  • +

    Third Party Web Services


    Third Party Web Services   

     

     

    DATA CLASS: PUBLIC

    • Yes

     

    DATA CLASS: INTERNAL

    • No

     

    DATA CLASS: CONFIDENTIAL

    • No

     

    DATA CLASS: SENSITIVE

    • No

     

    Typical size limitation

    • Independent

     

    AUTHENTICATION

    • Independent

     

    SUPPORT

    • Independent

     

    Backup

    • Independent

     

    Storage encryption (data at rest) 

    • Independent

     

    Traffic encryption (data in transit)

    • Independent

     

    Access logging

    • Independent