Secure Collaboration

The below use-case examples, service descriptions, and comparison charts aim to highlight the features and functionality across the University’s various file storage and collaboration tools to help guide users’ tool selections appropriate to their specific business and security requirements. If there is any doubt about the appropriateness of a solution for your data, please contact HGSE's Director of Security Operations to discuss by emailing IT_OneStop@gse.harvard.edu.
 

Sharing & Collaboration Use-Cases

When Do I Use What?

There’s no one-size-fits-all scenario when collaborating with HGSE or Harvard users and those external to the University. When you’re deciding which tool to use, our advice is to break it down by your data’s sensitivity and audience.

Review HGSE's Secure Sharing & Collaboration Tool Infographic for some common sharing and collaboration use-cases paired with our recommended HGSE or Harvard-provided tools for those activities. Please note that many of the tools require specific security features be enabled (or certain security practices be adhered to) by the end user in order for the recommended tool to be compliant with the data classification level; those special requirements can be found in the Service Descriptions and Tool Classification Matrix sections below.

Secure Sharing & Collaboration Tool Infographic

HGSE Sharing & Collaboration Tools

Service Descriptions

Accellion Kiteworks: Harvard Secure File Transfer, better known as Accellion Kiteworks, is a Harvard University-provided tool to securely transfer Level 3 and Level 4 data to internal or external recipients. Files sent by you to internal Harvard recipients receive the file in their email account and access the file by clicking on the link to authenticate with their HarvardKey credentials. External recipients will also receive the file in their email account and access the file by clicking on the link to create a Guest/temporary Kiteworks account. Users with valid HarvardKey credentials within HGSE, the Central Administration, FAS, Radcliffe, HDS, and GSD communities have access to Kiteworks, and there is no account request process required. Please note that that service accounts and shared (or resource) accounts do not work with the Kiteworks tool, as these accounts are not secured through HarvardKey credentials, and that only the attachments to the message sent via Accellion Kiteworks are encrypted--not the body of the message itself. To start using Kiteworks, review Harvard's Getting Started article and visit the HUIT Service Catalog for additional information about Kiteworks. Should you need any help in setting up or utilizing the service, please contact the HUIT Service Desk via the HUIT Service Portal.

Harvard Dropbox: Provides secure file storage, collaboration, and sharing services for Level 1, Level 2, and Level 3 data. Harvard Dropbox specifically is targeted for faculty and researchers with strong external collaboration requirements, whereby colleagues from different organizations external to Harvard have the need to be part of a collaboration team, and often have international members. At this time and due to limited licensing, only HGSE faculty members may request a Harvard DropBox account.

Harvard Google Drive (g.harvard): Available to HGSE users cross-designated as FAS faculty and staff, or SEAS, GSAS, and Extension School students for the secure storage, collaboration, and sharing of Level 1, Level 2, and Level 3 data.

Harvard OneDrive for BusinessOffers HGSE users secure storage, collaboration, and sharing of Level 1, Level 2, and Level 3 data. External sharing of files to non-Harvard users is also available with OneDrive.

Harvard SharePoint and Teams: A place for HGSE users in teams, departments/units, and workgroups to securely store, collaborate, and share information and projects involving Level 1, Level 2, and Level 3 data; support for Level 4 data is permitted only when using a Level 4 SharePoint Site that has enhanced security restrictions enabled (i.e., elimination of external sharing and local synching of files). External sharing of Level 1, 2, and 3 files to non-Harvard users is available with SharePoint (non-Level 4 sites) and Teams. To get started using the Harvard SharePoint, review Harvard's Getting Started with SharePoint Sites resource; if you have a need to store, transfer, or collaborate on Level 4 data with HGSE/Harvard (internal) users, please submit this form to HUIT to request a new Level 4 SharePoint siteTo get started using the Harvard Teams, review Harvard's Overview of the service and HUIT's Getting Started article. Should you need any help in setting up or utilizing either service, please contact the HUIT Service Desk via the HUIT Service Portal.

HGSE NextCloud: A secure, cloud-based file synchronization, sharing, and collaboration solution that combines the robust features, convenience, and ease of consumer-grade solutions like OneDrive, SharePoint, Google Drive, and Dropbox with the specialized business and security needs of HGSE users. HGSE NextCloud is compliant with Harvard’s Level 3 security requirements, and when users follow a few additional rules, the solution is also Level 4-compliant. While HGSE staff and faculty have an HGSE NextCloud account automatically provisioned for them (and student access is granted on a case-by-case basis when there is a demonstrable academic or research need for access to the platform), please note that HGSE NextCloud is only recommended for those HGSE users who have the specific use-case need to securely collaborate with individuals who are external to Harvard. To begin utilizing the service, review the HGSE NextCloud Getting Start Guide before logging in to the HGSE NextCloud web client. Users looking to utilize HGSE NextCloud for their Level 4 data needs must also review the HGSE NextCloud L4 Data Quick Guide to understand what end-user security features they must enable and adhere to in order for the platform to be Level 4-compliant.

HGSE Secure Network Share: A private, secured file server option available to HGSE units/departments in order to store, share, and collaborate on Level 1, Level 2Level 3, and Level 4 data within and between other HGSE units/departments. The network share can be mapped to any HGSE-owned/managed system—that is, a user’s HGSE-issued computer can be configured to connect automatically to the share when connected to HGSE’s network (onsite or remotely via VPN) as a mapped network drive—displaying and behaving like the Windows or mac OS file directory format users are already familiar with. To request a HGSE secure network share be created for your HGSE unit/department, please contact HGSE’s IT Service Center via IT_OneStop@gse.harvard.edu.

Harvard Zoom: Zoom is rapidly becoming a critical technology for the HGSE community. It’s a great solution for web conferencing and virtual meetings with rich feature sets and advanced capabilities. As our comfort levels increase and Zoom becomes more integrated with our virtual learning activities and remote work, it’s important to consider security and confidentiality of our Zoom meetings and webinars. As such, HGSE has compiled a list of essential Zoom 101 facts you may find valuable, as well as an overview of simple features to ensure your audience and content is protected. Please also review HUIT's Zoom Security Guide for more specific security options you should take advantage of to keep your Zoom sessions secure and productive. See more information on Harvard-facing Zoom resources.

FAS’s Research Computing Environment (RCE): This is environment was established to facilitate the advancement of complex research by providing leading edge computing services, including limited resources and support for Level 4 data billed/charged to the individual user, research lab/PI, or HGSE departmentregrettably, HGSE IT is unable to cover costs for access to the RCE. If you are unsure whether you qualify for an RCE account, please see Account Qualifications and Affiliations. To request an account to access resources operated by RCE, please use the RCE’s Account Request Tool.

Office 365 Message Encryption (OME)​​​​​​​: OME is a secure and easy-to-use email feature built into Harvard’s existing Microsoft O365 email, enabling Level 4 data and below to be sent to internal and external recipients through an email message. Unlike Accellion Kiteworks, OME encrypts both the body of the email as well as any attachments (Accellion Kiteworks only encrypts the latter), and departmental email accounts may be configured to support OME. OME is available to all users of Harvard's O365 email as an existing secure transfer feature, and encrypted message recipients do not need a Harvard or Microsoft account to access the message--they can instead authenticate with a Gmail Account, Microsoft account, or with a one-time passcode. Similarly, while Microsoft O365 recipients can read and respond to protected messages from Outlook for Windows and Mac, Outlook on the web, and Outlook Mobile (Android and iOS), if the recipient is not an Microsoft O365 user, they can simply read and reply to the encrypted messages via a web browser. To get started using OME, review Harvard's and Microsoft's guidance on Sending an Encrypted Email in Outlook, Opening Encrypted EmailsLimitations and Restrictions for OME UseImportant Notes for Mobile Devices, and End User Troubleshooting.

Service Comparison Chart

HGSE Tool Classification Matrix

Tool Classification Matrix

HGSE business and research activities conducted using an appropriate University-provided tool is in compliance with University policy and is protected by contractual and other security measures not available to consumer tools. As such, consumer versions of tools (e.g., DropBox, Google Drive, Gmail, etc.) are only permitted for use with data classified at Level 1.

Please note that HGSE policy requires due diligence security assessments for third-party service providers (i.e., vendors) that we intend to entrust with HGSE’s confidential data (Level 3/+). The most regularly-requested vendors contained in the matrix were reviewed and determined compliant for use by HGSE users.

However, prior to utilizing a vendor on the matrix, a written contract or statement of work including the proposed vendor services and appropriate Harvard contractual riders (to include the Personal Data Protection Rider and the GDPR Data Protector Rider) must be in place. If research data will be entrusted to the vendor, please contact HGSE's Office of Sponsored Projects (OSP) prior to utilizing a vendor on the matrix to ensure that any proposed contractual or purchasing arrangements for the vendor’s services proceeds in manner which is compliant with University research and contractual requirements.

Tool Classification Matrix

HGSE Tool Classification Matrix