IT Security Consultant
Security in the Cloud: The Technical University of Dresden Starts with 45,000 Boxcryptor Licenses
The TU Dresden initiated a major IT security project in summer 2019: The entire university – all employees and students – received Boxcryptor licenses to protect personal data, research results, and sensitive data in the cloud. The educational institution sets a good example and takes the data security of its employees and students seriously. Together with RWTH Aachen University, 95,000 licenses were purchased to increase the data security of these two universities and to facilitate collaboration and research.
Cloud Encryption to Protect Sensitive Data
Especially at universities, the use of the cloud brings great added value, as research teams can collaborate more easily and access data from anywhere. With an easy-to-use and privacy-compliant encryption solution, teams do not have to worry about data protection, administration can securely store sensitive data, faculty can also store personal data in the cloud, and patent precursors are protected to the highest possible degree.
Interview with Nick Dannenberg from the TUD-CERT
We talked to Nick Dannenberg from the TUD-CERT (Computer Emergency Response Team) about why the Technical University of Dresden chose Boxcryptor to improve data security, what problems the TU Dresden solves with the software, and how they manage the deployment of Boxcryptor for 45,000 users.
Can you describe how it came about, that the TU Dresden makes Boxcryptor available to all its employees and students?
Boxcryptor Classic was introduced at the TU Dresden several years ago. The initiative came from the Data Protection and Information Security Officer. The aim was to store sensitive data, for example in the HR departments and in medical research, in encrypted form. In particular, the ever-increasing use of cloud services and the growing awareness of the importance of data protection and data security among our users prompted us to offer a solution that allows everyone at TU Dresden to store their data securely.
Why did you choose Boxcryptor?
Boxcryptor makes the encryption of data very easy. Therefore, it can also be used by technically inexperienced users, for example in administration. Additionally, the support effort is low, and economic aspects also played a role.
You are part of TUD-CERT. What does the team do in general at the TU Dresden and with regard to Boxcryptor?
In general, we take care of IT security at the TU Dresden. We deal with security incidents, advise users on security issues when new services are put into operation. We also implement preventive measures, such as information events and training, to increase IT security at TU Dresden.
For Boxcryptor we take care of the 2nd level support at the TU Dresden. That means that problems are initially handled by the central service desk or the admins at the users’ site. If they cannot solve an issue, we will be consulted. Password resets and the use of the Master Key for decrypting data is also handled by CERT, or the data protection officer.
Which problem do you solve with Boxcryptor?
Boxcryptor allows us to securely store sensitive data on the internet. This can be on classic network drives or in cloud storage services. Cloud storage services are mainly used for collaboration between researchers from different institutions. Because Boxcryptor is so easy to use, encrypted data storage can be made standard and no one has to think about whether they have stored data “properly”.
How did the TU Dresden proceed with the testing of Boxcryptor and what was the focus?
During evaluation, the usability of the solution was examined with different groups of pilot users. A second focus was the evaluation regarding the administration and operation of Boxcryptor in a heterogeneous IT landscape, which is the norm at universities due to the diversity of research projects.
Do all employees have to use Boxcryptor or is it optional?
The use of Boxcryptor at TU Dresden is basically voluntary. Projects in which sensitive or personal data is processed will be informed about the possibilities of Boxcryptor when reviewing their TOMs (technical and organisational measures for the protection of data according to the GDPR) or process descriptions, if applicable. Some projects and teams, which process personal data with external colleagues, have already integrated Boxcryptor into their workflow and have made it binding within the project.
Did the users get along well with Boxcryptor or were there any stumbling blocks?
We initially tested the software with some pilot users and prepared recommendations for the general rollout. The Boxcryptor team conducted on-site training for key users and our First Level Support staff, and took away any uncertainties that colleagues might have had, when using Boxcryptor. As a result, the introduction of the software ran quite smoothly. For a few of them, we provided assistance in setting up the software and of course there were also users who forgot their password after a few days.
Currently, there are still two problems that delay the use of Boxcryptor in some areas. Firstly, we are missing Linux support. In some areas (especially computer science, physics, mathematics) many Linux systems are in use. For them, only Boxcryptor Portable is available. This client lags behind the other platforms and is not suitable for daily work. Secondly, there is no automatic migration from Boxcryptor Classic to the current version. Areas that have already used Boxcryptor Classic must migrate their data manually (or with their own scripts). This makes the migration more complex for the admins and causes downtime for the users.
In which way does Boxcryptor help the TU Dresden?
Boxcryptor offers a simple solution for the exchange of sensitive data. In combination with Whisply, it is also possible to exchange data with external colleagues who do not use Boxcryptor themselves. Therefore, Boxcryptor is an important component for secure collaboration across organizational boundaries.
How important is the topic of data protection for the TU Dresden?
Compliance with data protection laws is of highest importance at the TU Dresden. Especially with the GDPR, the subject of data protection has been given an additional boost. Due to the ongoing digitalization in research, there is an increased demand among scientists for technical solutions to implement the provisions of the GDPR, such as using Boxcryptor for encryption, as a technical and organisational measure in accordance with Art. 32 of the GDPR.
To whom would you recommend the use of Boxcryptor?
Boxcryptor can be used in all areas where sensitive data is processed, because of its ease of use. Especially organizations that collaborate via the internet and use cloud services for data storage should consider using Boxcryptor for their sensitive data, no matter if it is data from human resources, health data, research data, or patent precursors.