The use of local hard drive storage is highly discouraged on physical and virtual machines! Information stored on local hard drives is not backed up by automated backup systems. Local hard drive storage is subject to failure and corruption and should not be used to store any information that is essential to business operations. This drive is considered a temporary storage location. By default, many applications and browsers download directly to the C:\Downloads folder. The desktop and any documents and data on the desktop are saved under the user profile, which is on the C drive. Deletion of the user profile, which often is done to remove malware will remove data stored on the Desktop and in the Downloads folder. Virtual machines have a limited amount of C drive space which can impact performance. Windows Explorer can be used to assess the amount of available space on the C drive and also to move files that are important to other more suitable storage locations.
Sensitive data should not be stored on local storage unless there is a documented business need to do so and approval has been granted by the college Chief Information Security Officer or designee. Encryption should be used to protect the data from disclosure. Any backup media and encryption techniques used to make backups of local data must meet standards and be approved by IET before use.
Portable storage, while very convenient, provides a particularly easy opportunity to transport malicious software, including programs capable of logging keystrokes, installing hidden Trojan programs and other software that can introduce problems for the college. Non Commonwealth of Virginia storage of this type is expressly prohibited from being used on computers in the college system unless these systems are part of a segregated guest network. Administrative computer systems may only use storage devices that were purchased by the college and are used in systems owned by the college. One particularly simple method of breaking in to computer systems is to leave portable storage devices around a work area or congregating place, knowing that many users will take them back to their systems to see what is stored there. The user of the computer system bears responsible for violation of this guideline in the event of an incident, so please do not use non-COV devices in your computers!
CDs, DVDs or other media are never to be used to store and transport sensitive information in an unencrypted form!
Cloud Based Storage
Many cloud storage options are available. Google Drive, Microsoft One Drive, Sky Drive, Drop Box are all examples of this type of storage. Each of these presents advantages and offers challenges that are dependent on specific configuration choices. Providers offer attractive cloud storage entry points. Cloud storage is ideal for storing and sharing cross platform data that is of a non-sensitive nature. Care must be exercised when utilizing cloud storage options. Many cloud storage solutions can be configured to synchronize back to college local storage space and may create issues with storage quotas or fill up drives. The college is tasked with maintaining an efficient and secure storage infrastructure, which creates the need to ensure compliance to a level of standards that allows flexibility while effectively managing resources. Cloud storage options are never to be used to store and transport sensitive information in an unencrypted form!