Skip to Main Content

Information Security Information Resources & Technology

Support Page Content

Secure File Storage & Sharing

Where should I store this file?
How do I know if my file contains protected data?
What happens if this information gets into the wrong hands?

There's a lot to consider about proper file storage and sharing when sensitive Level 1 or Level 2 data is involved. Campus relies more than ever on a hybrid model of on-site resources and cloud-based services to store and share information, which can leave us open to information security breaches.

First, let's cover what is considered Level 1 and Level 2 data, and then which solutions you need to use to securely store and share your files, whether on or off-campus.

Data Classifications

Part of secure file storage and sharing is knowing what the data you're working with is, and then where it should be stored. But what qualifies as confidential Level 1 data, and why do they require different sharing and storage solutions? The simple answer is compliance and information security.

For most of us, this helpful at-a-glance chart covers the most common protected data types and distinguishes between Level 1 versus Level 2 data. If you often work with sensitive Level 1 data, be sure to review all data classification and protection policies and standards.

Level 1 & 2 Data Infographic

File Storage/Sharing Solutions

From campus-managed solutions to cloud-based storage and sharing tools, file types - and the data those files contain - matters. For instance, if you're working with Level 1 data, privacy and compliance requires that you only use a secure storage and sharing solution. Here are some other questions to consider:

  • What kind of security does my file need? Does it contain Level 1 or Level 2 data?
  • How large are the files I'm sharing?
  • Does it need long-term backup?
  • Will I need to share a document with someone outside of the University?

The following chart provides an overview, but if you're unsure where to start, we're here to help!

Solution  Faculty Staff Student Level 1 Data Level 2 Data On Campus Sharing Off-Campus Sharing
Cloud-Based Storage & Sharing
Microsoft OneDrive & SharePoint
Individuals and syncing between devices
Learn about OneDrive
 ✔  ✔  ✔    ✔   ✔
Microsoft Teams
Group communication, storage, and collaboration
Learn about Teams
 ✔  ✔  ✔   ✔   ✔  ✔
Campus-Managed Storage & Sharing
N: Drive (Shared)
Departments/divisions
Request a Shared Folder
 ✔  ✔      ✔  ✔  
P: Drive (Project)
Cross-functional teams
Request a Project Folder
 ✔  ✔      ✔  ✔  
SacFiles Secure
Storing/sharing confidential data
Request a SacFiles Folder
 ✔   ✔     ✔     ✔  
Share Level 1 Data off-campus? 
Contact the IRT Service Desk for secure options 
 ✔   ✔     ✔       ✔ 

Data Security Tools

Beyond the due-diligence of every campus member, a significant part of our cloud storage security processes are tools and internal audits that support compliance, help identify and mitigate potential risks, and reduce or eliminate information security breaches.

Prisma

Prisma by Palo Alto Networks is an automatic data protection tool that helps ensure that files containing Level 1 data housed within Microsoft 365 tools are stored properly and securely. Prisma is like a "Roomba for cloud file storage," and automatically notifies you if a file needs to be moved to a secure storage location.

How Prisma Works

How do I locate/move a file Prisma has flagged?
Simply login to Microsoft 365 with your Sac State credentials, and type in the name of the file into the search box. Once you've located it, please move the file to a secure storage destination as recommended above.

Note: On occasion, Prisma's scans may return a "false positive" - meaning that a flagged file may not actually contain Level 1 data. If you think your file has been flagged in error, you can request that the alert be removed.


Identity Finder/Spirion

Every University-managed workstation/device includes Identity Finder (also known as Spirion), a scanning software you manually run to locate any sensitive data saved locally on your device.

Learn More About Identity Finder

Sensitive Data Inventory Survey

An important part of supporting CSU and industry data privacy policies and standards is educating and regularly evaluating campus-wide data security hygiene involving protected Level 1 and Level 2 data.

On a biennial basis, select administrators and/or staff from each campus department completes the Sensitive Data Inventory Survey to help document how their area manages and stores records containing sensitive data elements, with the goal of providing an important baseline for managing sensitive data moving forward.

How to Prepare

  1. Review the Data Classification and Protection Standard.
  2. Take Inventory/Document
    Whether paper or electronic, sensitive Level 1 and Level 2 data may exist in many forms and locations. It's helpful to create lists of these assets before taking the survey, answering these questions: "what data do we have, where it is located, and who has access to the data?" At the end of the survey, there is a prompt to upload your list.
  3. Review Data Categories Covered in the Survey:
    Personally Identifiable Information (PII) including SSN numbers, DOB, or Drivers' License
    Private Key (digital certificate)

    Psychological counsel records
    Electronic signatures (not including Acrobat Sign)
    Forms of national and/or international ID
    Passwords or credentials
    Credit or debit cardholder data
    Healthcare information
    Law enforcement information
    Employee/Student/Alumni/Job Applicant/University Donor information
    University research
  4. Preview the Survey Questions.
    We've provided the survey questions in advance to help you prepare. For efficiency, please consider organizing/consolidating a single survey response for each logical business unit with your division. Note: This survey can be delegated to another manager or support staff to be completed for your area.

View 2023 Survey Questions

Take 2023 Sensitive Data Inventory Survey

Get Support

Need help on where to start or what's needed to complete the survey? From August 1-31, 2023, we'll offer Zoom drop-in support each Tuesday and Thursday from 2-3pm:

Join Zoom Drop-in Support

Or contact Brad Grebitus our Desktop and Client Security Lead.

Get Support

Unsure what storage or sharing option is best for the type of information you're working with?

Contact the IRT Service Desk Team at servicedesk@csus.edu or 916-278-7337 during open hours.