Categorization of storage ****************************************************************************************** * Portable media ****************************************************************************************** Flash disks, memory cards, external HDD/SSD, CD, DVD, etc., external memory media that are component of any device and that are used to transfer information between various devices data storage. What to watch out for... Portable media are typically transferred from place to place. They can easily be left with where they can be stolen, and then the stored data could be misused or disclosed. For this type of media, it is also difficult to determine whether unauthorized access to d not only a conference presentation from the flash disk, but also other files stored on the This method of storage has practically no protective mechanisms against the loss of data ( stored data, etc.), so if a drive fails, the data on it could be easily lost without warni the only primary data storage method but for storing a second or additional copy. ****************************************************************************************** * Local disks ****************************************************************************************** *========================================================================================= * a) in computers and laptops *========================================================================================= Disks permanently installed in desktops or laptops owned by the University (typically inte etc.). These are devices accessiblein university spaces, in employee offices, in study roo device must have a defined administrator (administrative account), and is properly secured antivirus protection, …). The devices are typically managed by IT professionals from IT de faculties and units who ensure and monitor their secure operation.   This form of storage is suitable for data that require fast local access directly on the c not need to be shared with other people or processed on multiple devices. It can also be u limited or no Internet connection (off-line work).   What to watch out for... In order to prevent unauthorized access to data, special care must be taken to restrict ac (login passwords, etc.), to correctly set access rights, and to observe physical security acomputer unattended without a “screen lock”(where possible, lock the office in the absenc This method of storage providespractically no protective mechanisms against the loss of da of stored data, etc.), so if the device fails, the data on it could be easily lost without we need to keep for a longer period of time should be protected against loss using backup cloud storage, etc.).  Special warning for laptops  Special care must be taken with laptops. They may be easily left without supervision or fo the risk of being stolen and then the loss/misuse of stored data.  With respect to the loss of data, this risk is even higher for portable computers because dust, shocks, extreme changes in temperature, etc. which increases the chances of malfunct *========================================================================================= * b) in other mobile devices *========================================================================================= Data storage permanently installed in mobile devices, i.e., mobile phones, tablets, etc. ( internal non-removable memory in devices, an installed memory card, etc.) used by employee Because these devices are often used simultaneously for work and personal purposes, and ar managed by the relevant IT departments of the faculty or unit, they cannot be recommended or research data for security reasons.  What to watch out for... Mobile devices are often used both for work and private matters. Hence, one must be especi accidentally stored in private cloud storage. Depending on the nature of the stored data, a screen lock must be used on the device, i.e. fingerprint, which prevents unauthorized access to the device. Special attention should also be paid to installing fraudulent or “infected” applications. such as a computer game installed for personal entertainment, could gain access to work da request for access rights can point to a potentially harmful application. Therefore, it is from official sources (Google Play, Apple App Store, etc.). A considerable problem in the safety of mobile devices is the care relating to their secur manufacturer does not provide timely software fixes for operating system security issues, sufficiently secure the device despite all efforts on their part. In order to prevent data loss in the event of loss/theft/failure of the device, it is advi of data from the device to a cloud or network storage, which is a typical situation with m ****************************************************************************************** * Network and cloud storage operated on the CU infrastructure ****************************************************************************************** Data storage owned by CU accessible to end users via a computer network. These data storag especially appropriate for data that must be shared with other persons or processed on var Note The security and accessibility of data in network and cloud storage is not only a question especially the professional management and the settings for data storage and backup proces *========================================================================================= * a) NAS (Network Attached Storage) *========================================================================================= If properly managed, stored data on repositories connected to LAN must meet the requiremen security and accessibility of scientific data. However, it is recommended to use mechanism against physical failure of one or more disks (RAID, etc.). Although NAS can be recommende data storage method when data management is handled properly, backup must also be taken in What to watch out for... This type of less expensive and intuitively manageable storage often leads to semi-profess owners. However, in the case of inappropriate configuration without backup mechanisms, thi risky (e.g. when several disks fail without continuous backup, the data is compromised sim professional solutions managed by IT experts. *========================================================================================= * b) Professional data storage for faculties and units (disk arrays, SAN,…) *========================================================================================= Storing data in the server rooms of faculties and units using professional storage solutio redundant disk arrays, SAN) provides increased protection of data against damage or loss. up automatically by the storage administrator, and the specific backup policy is usually a description of storage parameters. Central server data storage enables better monitoring o thus improving the ability to detect unauthorized access. What to watch out for... In order to prevent unauthorized access to data, close attention must be paid to the corre capacity of these storage spaces is often a problem, as they are not designed at the time for extensive scientific data, but only for the normal operations of the faculty/unit. ****************************************************************************************** * Network and cloud storage operated by external entities outside the CU infrastructure ****************************************************************************************** Technically, these are advanced data centres with multiple data storage and special storag providing superior data protection against damage or loss. Cloud storage also enables bett data access, thus improving the ability to detect unauthorized access. Given that these re often designed for the frequent commercial provision of services to a wide group of users, not a problem to agree on above-standard capacities for individual scientific projects. *========================================================================================= * a) CESNET storage *========================================================================================= The academic staff, students, and employees of research institutions in the Czech Republic repository [ URL "https://du.cesnet.cz/cs/navody/jsme_tady_poprve"] operated by the CESNET of Data Storage for educational and research activities either without the sharing of data Storage) or as a virtual organization allowing the sharing of data between users as a part federation of identities eduID.cz [ URL "https://www.eduid.cz/"] . This category also incl such as CESNET OwnCloud [ URL "https://owncloud.cesnet.cz/"] and CESNET FileSender [ URL " filesender.cesnet.cz/"] . Use of these repositories are regulated by the Rules for the Use Repositories [ URL "https://du.cesnet.cz/cs/provozni_pravidla/start"] . The repositories a Czech organization that is co-owned by academic institutions in the Czech Republic, and CU its executive board. The data repositories are certified according to the standard for inf management systems ČSN EN ISO/IEC 27001:2014. The operator of the repository makes every e the data against loss or unauthorized access. The services may also be recommended for sto information (e.g. when required to guarantee the security and accessibility of data, e.g. data). We also recommend arranging an individual Service Level Agreement.   *========================================================================================= * b) Storage provided based on centrally concluded contracts with CU *========================================================================================= Currently, University students and staff can useMicrosoft 365 [ URL "https://ukpoint.cuni. IPSCEN-72.html"] cloud services. In particular, these services include personal storage On document library service SharePoint, as well as e-mail service Outlook and a number of oth offered as part of the Microsoft 365 package.The management of data as a part of this clou secured through an agreement concluded between CU and Microsoft. The agreement also includ contractual clauses” issued by the European Commission and guaranteeing that the processin accordance with EU law. The data of users from the EU are stored in data centres in the EU the Netherlands and Ireland). The security policy of Microsoft is in accordance with ISO 2 27018. These Microsoft cloud services also meet the GDPR requirements.In terms of security relatively high capacity of the services provided (for example, the OneDrive for Business as part of the A1 license package is limited to 1TB per user, and in the case of the A3 li of data per user), as well as the ease of sharing data, this method of storage can be reco data and documents created within research projects.  Note Personal storage is primarily used for storing personal data. Only you have access to your determine whether and to whom to grant access to a document or folder if needed. Here, you do not need to share with colleagues. If you need a one-time addition or consultation, it is advisable to end the sharing once the activity is complete.    On the other hand, SharePoint is a shared team storage (department, project, process, etc. documents for individual users, as access is controlled by membership in the team. Shared throughout the collaboration.  *========================================================================================= * c) Storage provided based on individual contracts with CU *========================================================================================= A recommended option is the use of standard commercial services. Attention must always be proper contractual assurance of the quality of services (definition of SLA parameters) and data processing is fully in accordance with EU law (full compliance with GDPR requirements What to watch out for... The use of professional commercial services is often associated with the relatively high p contracts, think about the sustainability of the chosen solution in the long term (e.g. af you really verified the possibility of using CESNET z.s.p.o. services? Security notice... This category also includes, for example, cloud data storage provided as a part of the Goo the basis of individual agreements with selected faculties/units of CU. In particular, thi Drive, but it also includes other data stored in the G Suite for Education cloud, such as Keep, calendar data in Google Calendar, etc. Despite all efforts, contractual relations ha that the storage and processing of the data complies with EU law. For this reason, the ser confidential and sensitive data without further measures. *========================================================================================= * d) Storage without contracts with CU – network and cloud storage for the public *========================================================================================= This category includes, in particular, public cloud services (typically arranged free of c user after online registration) such as Microsoft OneDrive, Google Drive, Dropbox, Úschovn storage, repositories on GitHub, etc. The main difference and attribute of this category of cloud storage compared to the cloud mentioned above is that CU has no (legal) relationship with the operators of these externa therefore unable to guarantee the security/confidentiality of stored data or data manageme What to watch out for... Keep in mind that none of these services are really free – in fact, you “pay” by entrustin provider, often for unlimited use. Therefore, you should be aware of the potentially high