Keep Working - Remote Resource and Service Access

Question

  • How can I access OSU services remotely?

Audience

  • Employee, Student or Associate
  • Remote Access

Explanation

University Information and Technology (UIT) facilitates remote access to Oregon State University (OSU) resources and services in a variety of ways. Determining which access method is best for your particular use case can be challenging, especially when data sensitivity is a factor. We have created the following guide to help you navigate the best access method for each use case.

Access Methods

Not sure which method is for you? Reference the table below for a use-case to access method comparison.

Direct

Direct web access continues as usual, with standard web-based encryption. Many OSU services can be directly accessed from remote work locations. This does not send your internet traffic through the OSU network and is as only as secure as your home network.

Typical use cases include: Canvas, myOSU, Zoom, E-mail, and G-Suite Apps

Virtual Private Network (VPN)

The VPN is an encrypted connection between a Remote Computer and the OSU network. It may be used with both an OSU-Issued or Personally-Owned devices. Installing the VPN application is required, and your IT support group can assist with this process. This access method can be used for accessing confidential data only when using an OSU-Issued device that adheres to the Baseline Standards of Care.

Typical use cases include: accessing confidential data, accessing a shared drive, protecting network traffic on unsecured networks, access to a scientific device, etc.

KB article

 

Remote Desktop Gateway (RDGW)

RDGW is an encrypted connection between your Remote Computer and your On-Site Computer running the Windows operating system. To use this access method, your IT support team will need to apply configuration changes to your On-Site Computer. Reference the KB article below for more details. This access method can be used to access confidential data, provided that the following pre-requisites are met:

A VPN connection and OSU-Issued device are not required to use RDGW unless accessing confidential information.

Typical use cases include: connecting to your On-Site Computer.

KB article

 

Virtual Desktop Infrastructure (VDI)

For users who need to access Banner or other confidential data sources while working remotely, VDI is available via Citrix. The Citrix Receiver software can be downloaded from apps.oregonstate.edu. While VDI is certified for accessing confidential information, it still requires an OSU-Issued or Personally-Owned device that follows the Baseline Standards of Care. VDI is the only access method that allows you to access confidential data from a Personally-Owned device.

Typical use cases include: Banner, Hyland OnBase, and Sunapsis.

KB article

 

Definitions

Remote Work Location

Where you are physically located when working from a location other than your office. This would typically be your home.

Remote Computer

The physical device you are using at your remote work location. This may be OSU-issued equipment or a Personally-Owned Device.

On-Site Computer

The primary device you use while working at your office site, that is still physically located there. Any On-Site Computer is likely an OSU-Issued Device.

OSU-Issued Device

A computer issued to you by OSU, or purchased through the University using grant or other University-managed funds, and configured and supported by your IT department.

Personally-Owned Device

Any computer or other device that you own, that you use to do University work. These devices are not issued or managed by OSU.

A Quick Note on Security

When the number of remote workers increases, so do the chances of a Cybersecurity attack. Continue to follow proper cybersecurity awareness practices and keep your devices up to date to protect against vulnerabilities. See the below resources for more information.

Knowledge Base – Security Risks While Working Remotely
Office of Information Security - Secure Remote Work – Securing your PC or Mac
Service Desk - Performing System Updates
Service Desk - Security, Tuning, and OS Tips

Data Classification

Baseline Standards of Care

The Baseline Standards of Care are sets of system configuration settings, combined with operational practices and procedures, that protect the devices that access OSU’s protected data. Before accessing sensitive or confidential data, please contact your IT support group to confirm that your device meets the appropriate requirements.

Unrestricted

Unrestricted data is intended for general use and can be found on websites, news releases, and in various publications.

Sensitive

Some data must not be openly disclosed. OSU’s less restrictive category for protective data is “Sensitive”. There are typically four types of data that fall into this category:

  • Student data;
  • Employee data;
  • Privileged donor information; and
  • Privileged attorney-client communications, or minutes from privileged meetings.

Confidential

“Confidential” is OSU’s most restrictive category for protected information. Four types of data fall into this category:

  • Personal information that could be used in identity theft or exposure of personal health information;
  • Research data that a funding agency or other research partner has identified as highly private;
  • Financial, legal, and other data of a highly confidential nature; and
  • Specific technical information detailing how we restrict access or otherwise secure data.

For an overview of OSU’s data classification program, click here.

 

Note: Full-tunnel VPN is now available, learn how to set it up with the VPN setup guide: https://oregonstate.teamdynamix.com/TDClient/1935/Portal/KB/ArticleDet?ID=76790

 

I am a...

I have a(n)…

Data Classification

Access

Notes

OSU employee working or collaborating with others, on documents, course work, etc.

OSU-Issued Device or Personally-Owned Device

Unrestricted

Direct

Most of our applications such as Canvas, Zoom, Office 365, etc. do not require any special connection to campus and can be done from an OSU-Issued device or Personally-Owned device in any location.

Researcher, Student, or OSU Employee accessing an office desktop to conduct research or work

OSU-Issued Device meeting Baseline Standards of Care

Confidential

VPN+RDGW

I can use or access all data classifications. RDGW can only connect to my Windows desktop on-site and I must use VPN to access confidential data with it.

Sensitive, Unrestricted

RDGW

Personally-Owned Device

Confidential

Not Allowed

I can use or access Unrestricted data, and Sensitive data is allowed if my device meets the Baseline Standards of Care and with my supervisor’s approval.

Sensitive, Unrestricted

RDGW

OSU Employee accessing the OSU network to conduct research or work

OSU-Issued Device meeting Baseline Standards of Care

Confidential, Sensitive, Unrestricted

VPN

I can use or access all data classifications. Using the full-tunnel VPN will ensure all my network activity takes place through the OSU network and not through a potentially unsafe connection.

Personally-Owned Device

Confidential

Not Allowed

I can use or access Unrestricted data and Sensitive data if my device meets the Baseline Standards of Care and with my supervisor’s approval. Using the full-tunnel VPN will ensure all my network activity takes place through the OSU network and not through a potentially unsafe connection.

Sensitive, Unrestricted

VPN

OSU Employee working on/with a system that contains Confidential data

OSU-Issued Device meeting Baseline Standards of Care

Confidential, Sensitive, Unrestricted

VPN, VDI

I can use or access all data classifications using VPN or VDI

Personally-Owned Device meeting Baseline Standards of Care

Confidential, Sensitive, Unrestricted

VDI

I can use or access all data classifications if my device meets the Baseline Standards of Care. This is the only way I can work with Confidential data from my personal device.

 

For assistance, contact the Service Desk.

 

Details

Article ID: 103030
Created
Wed 3/25/20 12:17 PM
Modified
Mon 8/17/20 11:04 AM