Security questions
2 views
Skip to first unread message
Judy Rumph
Aug 10, 2010, 11:57:51 AM8/10/10
to SkylightKB Discussions
This is a question I received via email.
I am using Skylight for research through the University of Nebraska,
Lincoln. I will be distributing a national survey. I have a couple
of questions about Skylight:
Is this a secure server?
Will data be encrypted while in transit?
Are IP addresses collected?
Thanks,
Leigh Bacon
I am using Skylight for research through the University of Nebraska,
Lincoln. I will be distributing a national survey. I have a couple
of questions about Skylight:
Is this a secure server?
Will data be encrypted while in transit?
Are IP addresses collected?
Thanks,
Leigh Bacon
Nils Peterson
Aug 10, 2010, 12:08:25 PM8/10/10
to SkylightKB Discussions
Thinking about Leigh's question it seems that it would be useful to
understand "secure" relative to context. Secure for Dept of Defense
purposes might not be the same as secure for education. It also occurs
to me that there may be some proscriptive elements that define
security in some domains, for example grade security for FERPA.
I hope this helps in framing a reply to this question.
understand "secure" relative to context. Secure for Dept of Defense
purposes might not be the same as secure for education. It also occurs
to me that there may be some proscriptive elements that define
security in some domains, for example grade security for FERPA.
I hope this helps in framing a reply to this question.
Peggy
Aug 10, 2010, 2:06:58 PM8/10/10
to SkylightKB Discussions
Hi Leigh
Please see the answers to your questions below.
Is this a secure server?
The Skylight servers are located in a secure data facility including
protected access by authorized personnel only to the physical
facility. The data center includes standard power and fire protection
systems to protect the physical servers. The Skylight serves are
secured behind an industry standard firewall that provides protected
access to the servers software via the network. Our servers are kept
up to date with the latest in software security patches and are
updated with those patches monthly or on demand for critical security
alerts in compliance with industry standards.
Will data be encrypted while in transit?
The Skylight server uses the SSL (Secure Sockets Layer) security
protocol. SSL is the standard security technology for establishing an
encrypted link between a web server and a browser. This link ensures
that all data is encrypted when passed between the web server and the
browser. SSL is an industry standard and is used by millions of
websites in the protection of their online transactions with their
customers.
Are IP addresses collected?
Yes, IP addresses of clients accessing the server are logged, in
conformance with industry-standard practices.
Skylight gathers this information automatically and stores it in log
files. This information includes internet protocol (IP) addresses,
browser type, referring/exit pages, operating system, and date/time
stamp. This information, which does not identify individual users, is
used to administer the site and diagnose problems. We do not link this
automatically collected log data to personally identifiable
information for account holders or survey respondents. Skylight does
not link a survey response to a specific IP address.
Peg for the Skylight team
Please see the answers to your questions below.
Is this a secure server?
protected access by authorized personnel only to the physical
facility. The data center includes standard power and fire protection
systems to protect the physical servers. The Skylight serves are
secured behind an industry standard firewall that provides protected
access to the servers software via the network. Our servers are kept
up to date with the latest in software security patches and are
updated with those patches monthly or on demand for critical security
alerts in compliance with industry standards.
Will data be encrypted while in transit?
protocol. SSL is the standard security technology for establishing an
encrypted link between a web server and a browser. This link ensures
that all data is encrypted when passed between the web server and the
browser. SSL is an industry standard and is used by millions of
websites in the protection of their online transactions with their
customers.
Are IP addresses collected?
Yes, IP addresses of clients accessing the server are logged, in
conformance with industry-standard practices.
Skylight gathers this information automatically and stores it in log
files. This information includes internet protocol (IP) addresses,
browser type, referring/exit pages, operating system, and date/time
stamp. This information, which does not identify individual users, is
used to administer the site and diagnose problems. We do not link this
automatically collected log data to personally identifiable
information for account holders or survey respondents. Skylight does
not link a survey response to a specific IP address.
Peg for the Skylight team
Peggy
Aug 10, 2010, 2:34:54 PM8/10/10
to SkylightKB Discussions
Hi Nils
While we certainly do not have physical security as high a a
department of defense facility, we do conform to the industry standard
secure data center standards.
The FERPA standards apply to information related to educational
records for students including grades.
Any data collected within a survey that contains personally
identifiable educational information should be treated by the survey
author as FERPA protected information. If data is downloaded from the
server, for example for statistical analysis, it is the author's
responsibility to secure the local storage and protection of such
data.
Peg
While we certainly do not have physical security as high a a
department of defense facility, we do conform to the industry standard
secure data center standards.
The FERPA standards apply to information related to educational
records for students including grades.
Any data collected within a survey that contains personally
identifiable educational information should be treated by the survey
author as FERPA protected information. If data is downloaded from the
server, for example for statistical analysis, it is the author's
responsibility to secure the local storage and protection of such
data.
Peg
Reply all
Reply to author
Forward
0 new messages