Technology News

Information Technology Services

Faculty and staff at UNCG have a diverse array of computing needs and a wide variety of computing device preferences. Many need to collaborate with colleagues both internal and external to UNCG. One size does not fit all with respect to our computing environment needs. Some routinely process “High Risk” data.[1] Many others do not, working primarily with “Moderate Risk”, “Low Risk” or “Minimal Risk” data. High risk users need a secure computing environment to work within in order to protect critical University data assets. Others will benefit more from an open, less restricted General Computing Network that can accommodate a wide variety of devices, applications, and collaboration. To that end, ITS has begun developing a strategy for augmenting existing services by building a new Secure Computing Environment and enhancing the existing GCN to offer a less restrictive more open computing environment that meets the needs of most faculty and staff at UNCG.

During calendar year 2015, ITS will offer both a Secure Computing Environment and a General Computing Network[2]. Faculty and staff who routinely process high risk data as part of their daily job function will do so from within the Secure Computing Environment. The Secure Computing Environment will offer a fully managed and hardened Windows desktop (physical and virtual) with direct access to 3-lock data storage and secure data center resources. This environment will have stringent security requirements. No unauthorized data ingress or egress will be allowed to or from the Secure Computing Environment to prevent leakage of high risk data. The only way for a user to natively access high risk data stores will be from within the fully managed Secure Computing Environment.

Once high risk users and data have been fully transitioned into the new Secure Computing Environment, the current GCN will be relaxed into a more open General Computing Network that is suitable for most faculty and staff at UNCG. The new GCN will remain a private network with basic perimeter security and intrusion prevention protection, but will be enhanced to allow less stringent computing device requirements (unmanaged devices allowed), optional local administrator privileges for end users on their devices, base images and software distribution for both Windows and Mac, and basic security scanning and device remediation (no forensic analysis).

Benefits of having both secure and general computing environments include:

  • minimizing the risk of data leakage that would violate Federal or State laws and potentially result in criminal penalties for UNCG by segregating high risk data into an encapsulated secure computing environment
  • increasing productivity for users who don’t routinely process high risk data by providing a general computing network with basic protections that is open and flexible enough to effectively accommodate a wide variety of devices, applications, and collaboration
  • maximizing the effectiveness of ITS resources by focusing security management on protection of high risk data assets, as well as providing tools and education to enable all UNCG clients to better understand safe technology practices and use technology more securely

[1] Data Classification policy

[2] The ISP computing environment will continue to be provided, though we anticipate the demand for this service will dramatically decline because modifications to the GCN will enable this service to meet most faculty and staff computing needs.