Reviewed Tools - Globus

The guide is designed to help you make informed decisions about where to safely store and share university data. This guide is not intended to be a complete or comprehensive catalog of storage services available at UW-Madison.

You are responsible for ensuring that your use of this service complies with laws, policies, and regulations where applicable. See Compliance below for details.

Permitted

  • 2020-12-07_10-24-36.pngProtected Health Information (HIPAA)
  • 2020-12-07_10-24-36.pngSensitive Identifiable Human Subject Research
  • 2020-12-07_10-24-36.pngPersonally Identifiable Information (PII)
  • 2020-12-07_10-24-36.pngStudent Education Records (FERPA)
  • 2020-12-07_10-24-36.pngAttorney - Client Privileged Information
  • 2020-12-07_10-24-36.pngOther Sensitive Institutional Data

Permitted with Cybersecurity Consultation

  • 2020-12-07_10-28-21.pngSocial Security Numbers
  • 2020-12-07_10-28-21.pngStudent Loan Application Information (GLBA)

Not Permitted

  • 2020-12-07_10-28-42.pngControlled Unclassified Information (CUI)
  • 2020-12-07_10-28-42.pngCredit Card or Payment Card Industry (PCI) Information
  • 2020-12-07_10-28-42.pngExport Controlled Research (ITAR, EAR)
  • 2020-12-07_10-28-42.pngFederal Information Security Management Act (FISMA) Data


Service Description 

Globus provides a suite of cloud-based, software-as-a-service services for moving, synchronizing, and sharing big data. It allows researchers to securely transfer files between computing endpoints using existing storage systems and network infrastructure.

Compliance 

Globus does not store any data other than minimal information required to ensure the integrity of files transferred and the security of shared data.

  • Data being transferred does not flow “through” Globus. It flows directly between source and destination systems that are controlled by their respective owners.
  • Shared data does not reside on the Globus infrastructure. It is stored in place on your existing storage system(s) and is subject to the access control policies implemented by the owner/administrator of the storage system.

Globus provides encryption of the  "control channel" that is used to communicate with the source and destination endpoints for a transfer. In addition, when data is transferred over a "data channel," that channel exists only between the source and destination endpoints, and Globus Online does not have access to this channel.

When transferring sensitive institutional data, users should encrypt the data channel by selecting the encrypt transfer option. In addition, users should keep in mind that  compliance is a shared responsibility. You must also take any steps required by your role or unit to comply with relevant regulatory requirements. 

Globus does not comply with some regulatory requirements for specific types of sensitive data. Among the types of information that may not be maintained, shared, or processed when using Globus are these:

  • Export Controlled Research. This is because Globus cannot ensure that only U.S. persons have access to or maintain its systems.
  • Data regulated by the Federal Information Security Management Act (FISMA). This is because Globus does not have documentation or certification that demonstrates FISMA compliance.

Social Security numbers should only be used where required by law or where they are essential for university business processes. The Office of Cybersecurity can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you.





Keywords:cybersecurity, risk, assessment, tools, storage, PHI, Globus   Doc ID:107382
Owner:Peter V.Group:Office of Cybersecurity
Created:2020-11-24 13:41 CDTUpdated:2021-02-16 11:14 CDT
Sites:Office of Cybersecurity
Feedback:  0   0