• University of California, San Francisco
• About UCSF
• Search UCSF
• UCSF Medical Center
• UCSF Directory

• IT Forum Home
• Steering Committee
• Archives
• Presentation Guidelines
• Presenter Logistics
• IT Resources

2009/07/09 IT Services Meeting Minutes

Location:  Room HSW301, Parnassus campus
Date/time:  2-3:30 PM, Thursday, July 9, 2009
Host:  Erik Wieland, Dept. of Medicine IT Services

• 1-Question Survey
• SOM Encryption Project
• New Cell Phone Policy
• Campus Participation in Systemwide Hardware and Software Agreements
• Vendor Presentation:  Apple on new iPhone Security Features

A big thank you to Mark Spitzer and Dell for this month's refreshments!

New! Meeting audio/video capture:  http://169.230.117.9/qtmedia/CSC_Meeting_20090707_1.mp4 (requires QuickTime software)

1-Question Survey

What percentage of your departmental laptops have some type of encryption?

1. 1%
2. very few
3. 8
4. none
5. 95%
6. 99.999%
7. 25%

SOM Encryption Project

presented by Opinder Bawa, Director, ISU

Presentation:  SOM Encryption Project presentation to Chairs, May 2009 (application/pdf, 351.3 kB, info)

Encryption project is one part of a comprehensive security strategy.  The phases involved in implementing the strategy are devices, servers, applications, databases, and the network.

ISU estimates there are approximately 3000 laptops and 8000 desktops in the School of Medicine.  The project has enough funding to encrypt approximately 2500 laptops with PointSec software.  If the project is successful, it is likely the dean may approve for funding to encrypt more laptops.  Departments have two options: they may perform the installation labor themselves and pay SOM ISU to perform audit/QA, or they may pay ISU to perform the labor.

A project manager is coming on board soon (7/09).  Next step may include encrypting personal laptops used for SOM business.  Rhona Snyman (current project manager) will present on the specifics of the 9-12 month project during August’s or September’s IT Services meeting.

Q&A

• What about laptop users who backup to external devices? – The project team is creating a comprehensive FAQ that will address questions like this one.  SOM doesn’t have an answer to this one yet, but the solution may be for these users to install PGP (PGP allows full disk encryption of removable storage as well as internal drives; PointSec encrypts internal drives only.  PGP is more expensive than PointSec per seat).  SOM also plans to expand their secure, online storage and make it available to departments that need backup space.
• Was product ___ considered; what about hardware encryption? – PointSec and PGP were chosen several years ago.  It was not the aim of this project to reevaluate what software solutions are currently out there.  The main consideration was to use one of the preeminent products in the market category.  In some cases, exceptions may be granted to departments using other software.
• Is there a plan to stand up a PGP key server? – Yes, but departments will have to pay a ~$200 license fee the first year, and $100 in subsequent years.  Also, OAAIS and MedCtr IT have agreed to have one PointSec key server.  It’s not clear which group will host it, but is currently under discussion.
• What if someone refuses to encrypt their laptop? – there will be a cumbersome exception project that will involve getting the approval of several members of senior leadership.  It is unlikely that many exceptions will be granted.
• Is there a backup policy?  After a laptop is encrypted, in the event that the hard drive is corrupt, partial recovery will not be possible. – As a part of the standard operating procedures, an image will be taken of a machine prior to it being encrypted.  No plans for ongoing backup are in place at this time.

New Cell Phone Policy

presented by Steven Engen, UCSF Controller’s Office

Presentation:  Cell Phone Policy Update: July 2009 (application/pdf, 14.7 MB, info)

Business and finance bulletin G-46 addresses cell phone policies.

Cell phones are a taxable fringe benefit of employment.

PDA’s which are used only for data are exempt from the policy, if and only if PDA is restricted to data only and is not enabled for making or receiving voice calls.

BlackBerry devices are not exempt from this policy.

Q&A

• Does this include devices purchased under the Verizon/State of California contract? – the principles of the policy apply to all cell phones, regardless of any prior agreement.
• Can people be reimbursed for personal cell phones used for business purposes? – no, this is no longer allowed.
• Can people be reimbursed for a data-plan only? – don’t know, contact Steven.

Campus Participation in Systemwide Hardware and Software Agreements

presented by Judith Evind, OAAIS

Would like to get an idea of how many departments are interested in campus-side software agreements arranged by UCOP, and in which products they are most interested.

Vendor Presentation:  Apple on new iPhone Security Features

presented by Wyn Davies, Apple

Presentation:  New iPhone 3GS, 3.0 Security Features (application/pdf, 2.3 MB, info)

There are two whitepapers detailing relevant whitepapers available at these two locations:

• http://images.apple.com/iphone/business/docs/iPhone_Security_Overview.pdf
• http://www.apple.com/iphone/business/integration/

All data is encrypted on iPhone 3GS.  Settings are not user-configurable.  Backups to iTunes can be encrypted as well.

UCSF ActiveSync users’ devices are already configured to perform a local wipe after 10 failed logon attempts.

The 3GS is the only device that features complete encryption; it’s not available on a 3G with OS 3.0.

Wiping a 16GB iPhone 3G takes approximately 6 hours.

return to home page

Home | Contact Us | Accessibility Help

The University of California, San Francisco, CA 94143, 415/476-9000
© 2010 The Regents of the University of California. All rights reserved.