Chapter 3485
Table of Contents
.010 Introduction
.020 Scope
.030 Policy
.040 Questions
K-State's Security Incident Response Team SIRT - http://www.k-state.edu/InfoTech/security/SIRT concluded that some features of desktop search products, such as Google Desktop, pose an unacceptable risk to the university's ability to maintain the privacy and confidentiality of its data.
Google Desktop, for example, works by indexing files stored on the local desktop computer to help you find information quickly. It can also index files stored on a local network server. Normally, these indices are stored only on the local desktop, but new versions of Google Desktop offer the option of storing copies of these indices and the content of your files on Google's servers off campus in order to make the files and search results available to other computers instead of just your local one. Google calls this option "Search Across Computers", which is the feature that poses a major security risk since it has the potential to transfer copies of sensitive university data off campus to servers outside the control of Kansas State University.
Other examples of desktop search products that may similarly pose a security risk are Yahoo! Desktop Search, MSN Toolbar Suite, Ask Jeeves, AOL Desktop Search, and many more commercial and free products.
This policy applies to all computers connected to the K-State data network and all computers owned by the university.
Google Desktop and other desktop search programs may be installed only if the scope of the files indexed and searched is limited to files stored on the local desktop, and that no files or search indexes are copied to any other computer.
Google Desktop and other desktop search programs may NOT be installed on any university computer with access to confidential personnel or student information, individual social security numbers, or similar information where confidentiality and privacy must be guaranteed. If a new computer that will be used for accessing or storing sensitive information comes with desktop search tools like Google Desktop or Yahoo! Desktop Search already installed, these tools must be removed before the computer is put into production and connected to the campus network.
Questions regarding this policy should be sent to the Vice Provost for IT Services at lcarlin@k-state.edu.
