Remote Access

PURPOSE
In an effort to keep confidential data secure, while also understanding that employees and individuals conducting business on behalf of the university require work to be performed remotely, the university provides remote access to faculty and staff with appropriate approval. This document outlines the guidelines for providing remote access to faculty, staff and third-party contractors.

SCOPE
The guidelines apply to university employees, faculty, staff, contractors, vendors, and other personnel who are granted remote access privileges to the university network and its internal resources.

GUIDELINES AND RECOMMENDATIONS

1.0 Requirements
Remote access is provided for university related activity only. All devices that are used to connect to the university network through an approved remote access technology are considered to be extensions of the university network and are subject to all applicable university policies and standards.

  • The university’s Acceptable Use of Information Technology Resources applies to all authorized users of university remote access technologies.
  • Confidential data cannot be stored (saved) on any devices used for remote access with the exception of university owned devices with the appropriate approval and data protection. (Refer to university Data Classification Guidelines for full details on data types and appropriate usage.)
  • Remote access to internal university applications and networks is currently limited to authorized VPN technologies and users. Remote access users must not share their login credentials and should take all reasonable efforts to avert accidental disclosure.
2.0 Authorization
  • All current employees, faculty and staff that require remote access as a function of their job must have their supervisor’s approval. Employees may request to be set up for remote access by sending an email to the university Helpdesk (helpdesk@bryant.edu).
  • All contractors and vendors that require remote access must have a temporary account set up for non-Bryant employees who are working with Bryant faculty and staff.  Refer to the university’s Temporary Account Generation process.
  • Any exceptions to the authorization process or access model must be reviewed by the Manager of Infrastructure Services and the Director of Information Security.

3.0 Technology Configuration and Management

  • All university remote access technologies will be configured and managed by the university Information Technology groups.
  • All university remote access technologies must be configured to automatically disconnect after a preset amount of inactivity and/or after a predetermined length of time.
  • All university remote access technologies must employ a secure authentication mechanism.
  • Remote access client installation and configuration is currently only supported for university owned and managed devices with a standard configuration.
  • The following configuration requirements must be enabled on all devices that support them:
    • Antivirus software must be installed and configured to scan on a recurring schedule.
    • The latest antivirus definitions must be updated and installed on a recurring schedule.
    • The latest available patches for the remote access device’s operating system and applications must be configured to automatically download and install on a recurring schedule.
  • The deployment of new remote access technologies must be approved by Manager of Infrastructure Services and the Director of Information Security.

4.0 Faculty & Staff Traveling Abroad
A Virtual Desktop environment via a loaner device will be provided to Faculty and Staff traveling abroad on university business. Faculty and Staff may request the loaner device by contacting the Helpdesk. The virtual desktop will have the following restrictions and limitations:

  • Access to university resources shall only be allowed through a web browser gateway.
  • Multi-factor authentication will be required.
  • No access to external devices - local devices such as VMware View Client and USB device redirection will be prohibited.
  • The virtual environment will be refreshed upon logoff/disconnect.  All changes made to the virtual desktop and/or files stored will be lost upon logoff/disconnect.

Faculty and Staff traveling abroad should adhere to the following safe practices:

  • Only loaner devices should be taken abroad on university business.
  • Refrain from using any devices configured with email such as tablets or iPads.
  • If using a smartphone be sure it is secured and in your presence at all times.
  • Do not use any external storage devices abroad. Any USB drives or USB sticks used abroad and brought back to campus should be checked first for malware by the Helpdesk before coming in contact with any on campus technology.

Faculty and Staff traveling abroad should review the University’s Travel Guidelines.

4.0 Enforcement
The University considers any violation of the directives outlined within this document to be an objectionable offense. Failure to comply may subject the violator to disciplinary action by the University.

5.0 Exceptions
Any exceptions to directives outlined within this document are to be reviewed and approved by the Information Security Program Committee as needed.

6.0 Enacted and Revisions
Date Enacted: 6/17/2010
Revision: 1.3
Last Reviewed: 4/26/2016
Next Review: April 2017

7.0 Standards and Reference Categories
ISO 27002:2013: 6.2 Mobile Devices and Teleworking