Purpose of Secure Computing
Secure Computing is a collaborative effort aimed at creating a safer computing environment for CU Boulder. It aims to:
- Protect University Assets: Secure Computing aims to safeguard university-owned computers, networks, and data from threats such as malware, unauthorized access, and data breaches.
- Provide Risk Mitigation: It helps reduce vulnerabilities and ensures the confidentiality, integrity, and availability of sensitive information.
- Ensure Compliance: Secure Computing was designed with user experience in mind to balance security needs with user convenience. The tools OIT uses were selected because they minimally impact system performance, and most users will not notice any disruption to their daily tasks.
What Secure Computing is not
- Privacy Invasion: Secure Computing supports the privacy of our community and prevents privacy violations. It focuses on protecting systems without compromising individual privacy.
- OIT Computer Management: Local IT can still manage computers on behalf of their departments, but now with more tools at their disposal. Currently, the primary computer user can still have local administrative rights on their computer, just as they may have had before. The ability to maintain local IT management is possible, even with the installation of Secure Computing endpoint management clients. These clients are necessary to enforce security policies and monitor threats.
- Excessive Intrusion: Secure Computing doesn’t intend to disrupt daily tasks or invade personal spaces. It balances security needs with user convenience.
Software Transparency
The software listed below is used by OIT to facilitate Secure Computing at CU Boulder. Below you'll find information about the types of data that is used, collected and accessed by each.
Microsoft Configuration Manager, Microsoft Intune, and Jamf
These three products are software for managing desktops, laptops, tablets and phones that play a crucial role in maintaining and securing computers within a large organization. They allow IT administrators to deploy software, manage updates, enforce security policies, and collect inventory data.
What types of data do these tools collect?
These products collect hardware and software inventories, which includes installed applications, hardware specifications, and system configurations. They monitor the security patches and configuration of the computer to ensure alignment with campus security policies, including the Secure Computing Standard.
What is this data used for?
The data collected by these tools is used to ensure that the most current and secure versions of the operating system and managed software, such as the Microsoft Office products, are installed on the computer. The hardware and software inventories collected ensure that the appropriate security updates are applied to the computer in a timeframe that adheres to the campus vulnerability management standards. It is also used to generate aggregated reports to assess progress toward meeting campus security requirements.
Who has access to this data?
The data collected is limited to access only by OIT’s Endpoint Management Services (EMS) staff, departmental IT staff who have partnered with EMS to leverage these tools to directly manage computers in their department, and IT Security staff. IT administrators with access to the data collected with these tools go through background checks and are required to adhere to CU Boulder’s Acceptable Use Policy.
Microsoft Defender for Endpoint (Mac and Windows), Defender for Server, and CrowdStrike (Linux)
These three products provide Endpoint Detection and Response (EDR) protection for CU Boulder's devices. They provide capabilities that help identify and mitigate vulnerabilities as they are happening that could put the computer, data, or campus network at risk. Using known cyber threats, these products can also identify behaviors occurring on computers that indicate the initiation of a cyber-attack, allowing automatic response or escalation to IT administrators who can react and stop the attack before it succeeds or spreads to other computers.
What types of data do these tools collect?
Because these products look for suspicious applications and programs, they record details about processes and programs that are run on the computer, as well as the names of files being accessed. The tools do analyze connections to and from the internet, including addresses (Internet Protocol addresses and full URLs matching the host name) visited or involved in the connections, but the contents of the connections (web pages, application data, etc.) are not accessed or recorded.
What is this data used for?
The data collected by these tools is used to monitor for suspicious system events or activities that indicate a potential compromise, infection or cyber-attack. These tools automatically block known malware and viruses based on the data collected and identify and prevent known cyber threats from occurring or spreading based on the correlation of activities or events with known attack mechanisms.
Who has access to this data?
Detection and incident data is sent through an encrypted connection to secure storage locations on cloud servers associated with the respective product. CU Boulder retains ownership of the data and does not share this data with third parties. These service providers have been assessed against University Data Classification and Impact requirements and have appropriate contractual protections in place, with thorough vetting for security through the ICT process. In some cases, IT Security analysts may store machine or account data for the purpose of investigating IT security incidents. All CU Boulder Staff (Security Analysts and IT administrators) with access to the data collected with these tools are required to adhere to CU Boulder’s Acceptable Use Policy.
