Scenario: common file storage/file sharing

General information

Common file storage provides a way to share documents and edit them on a collaborative basis.

All members of the university have access to the following services:

The central online storage service offers shared file storage for a defined group of TUM members. There are two ways to allocate access rights. Each organization unit (OU) has a shared directory to which each member of the OU has access. The administrator allocates different rights to these members. Project directories can also be requested for individually-administered user groups (from different OUs, as well).
To protect against data loss, Snapshots [1] can be automatically generated. In addition, long-term data archiving is available through the TSM archive and backup system offered by LRZ.

 As a supplement to the TUM/LRZ NAS central storage service already mentioned, users can also create folders on this space via the so-called Webdisk (access to the LRZ NAS via a web interface), which does not require a login. This service is designed especially for people who want to send large files to external partners or those who prefer to avoid large e-mail attachments. It only requires providing the link, which allows anyone with an Internet-capable computer to access the data without a login. Keep in mind that the content can actually be read by anyone who has the link. One way to protect files from unauthorized access is to encrypt them - such as with a password-protected ZIP file - and make them available in a public directory. Once the files have been retrieved, they should be deleted from the public directory. See http://www.datenschutz-individuell.de/anleitung/7-zip/  for instructions on how to encrypt files with the 7-zip freeware program.

Additional information about the online storage service is available on the LRZ website: http://www.lrz.de/services/datenhaltung/online-speicher/

Sync & Share allows you to share files with your colleagues or external partners. You can

  • save data and documents safely and reliably
  • keep multiple devices (PC, notebook, tablet, smartphone) up to date with synchronisation
  • exchange data and documents internally or with external persons (outside of TUM)

This service is especially useful in the case that some colleagues cannot access the central online storage. More information is avialable under http://www.lrz.de/services/datenhaltung/syncandshare/

Gigamove is designed for the following scenarios:

  • for sharing large files
  • for sharing files with external partners
  • for spontaneously sharing files without administrative effort

If multiple files need to be shared, they can be compressed into an archive file (i.e. Zip file) beforehand. Depending on the application, encryption of the archive file is also recommended here.

Gigamove also allows you to assign a password, without which the file(s) cannot be downloaded.

Files stored on Gigamove are deleted 14 days after upload at the latest.

Information about Gigamove is available at: https://gigamove.rz.rwth-aachen.de/

Other options

Some TUM schools and departments also offer common file storage. Since these services cannot be described here, you should inquire directly at the school or department in question.

Both TUMonline and Moodle offer ways to make files available for teaching activities.

While commercial services such as Dropbox are also popular, these and other cloud storage providers are usually not suitable for sharing confidential data. [2]

 

Trustworthy providers currently include LRZ, DFN and, where applicable, an external partner within a research project.

Measures

Common file storage

The centralized NAS storage is considered a secure file storage method for any confidential data. The following issues should be kept in mind:

  • If a long-term archive is deemed necessary, you can utilize the TSM service offered by LRZ.
  • If confidential data is to be stored in a shared area, make sure all people with access actually need it. Here you should take a conservative approach and revoke access rights where necessary.
  • If personal data needs to be stored in an automated file, such as a database, permission must be obtained from the data protection official in advance.

File sharing/availability

If material with copyrighted content is to be made available, the use of TUMonline or Moodle is recommended. Access is automatically restricted to registered lecture participants. Encryption measures are normally not required in these instances.

Suitable methods

The following table shows which approach is suitable in accordance with the category:

 

NAS Fi­ler: public folder

NAS Fi­ler: public folder with data encryption

Giga­move

Gigamove with data encryption

Gigamove with password protection

Gigamove with password protection and data encryption

Perso­nal data

No

Not recommended

No

Not recommended

Not recommended

Yes

 

Sensitive personal data

No

Not recommended

No

Not recommended

Not recommended

Yes

 

Intellectual property - unpublished research material

No

Project-dependent

Project-dependent

Project-dependent

Project-dependent

Yes

 

Intellectual property  – copyrighted content that belongs to others

Recommendation: TUMonline or Moodle

 

Business-critical data

No

Not recommended

No

Not recommended

Not recommended

Yes

 

Other internal university data

No

Not recommended

No

Not recommended

Yes

Yes

 

 

[1] Snapshots can be used to reconstruct files and folders that have been mistakenly deleted, modified or damaged, without having to contact an administrator or service desk (user-controlled recovery)

[2] The independent Schleswig-Holstein Center for Data Protection awarded its seal of approval to the TeamDrive cloud service and declares it suitable for handling data subject to §203 of the German Criminal Code covering the violation of personal secrets. This service is therefore considered trustworthy.