Information Security Guideline
Server in UBC Hybrid Cloud (AWS) or OpenStack (UDC) with High Risk Information
A UBC department has a Server in the UBC Hybrid Cloud (AWS) OR in OpenStack located in the University Data Centre (UDC). The Server contains some files that contain High Risk Information.
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | ||
| Tier 1 | ||
| Tier 2 | Yes | The VM’s volume files must be encrypted with Tier 2 Encryption. |
| Tier 3 | Yes | IT Infrastructure storing High and Very High Risk Information must be encrypted with Tier 3 or Tier 3+ where technically possible. |
| Tier 3+ | Yes | |
| ISS Reference: Std U5, Encryption Requirements (IT Infrastructure Encryption Requirements section) | ||
Server in UBC Hybrid Cloud (AWS) or OpenStack (UDC) with Low and Medium Risk Information
A UBC department has a Server in the UBC Hybrid Cloud (AWS) OR in OpenStack located in the University Data Centre (UDC). The Server contains only Low Risk and some Medium Risk Information (its logs and configuration).
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | ||
| Tier 1 | ||
| Tier 2 | Yes | The VM’s volume files must be encrypted with Tier 2 Encryption. |
| Tier 3 | In all cases, the best practice is to encrypt with Tier 3 Encryption or Tier 3+ Encryption. | |
| Tier 3+ | ||
| ISS Reference: Std U5, Encryption Requirements (IT Infrastructure Encryption Requirements section) | ||
VM in UDC
A UBC department has a Virtual Machine that is hosted on Server hardware located in the University Data Centre (UDC). The Server contains only Low Risk and possibly Medium Risk Information (its logs and configuration).
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | ||
| Tier 1 | The Server hardware does not require Tier 1 Encryption because of its location in the UDC. | |
| Tier 2 | Yes | The VM’s volume files must be encrypted with Tier 2 Encryption. |
| Tier 3 | In all cases, the best practice is to encrypt with Tier 3 Encryption or Tier 3+ Encryption. | |
| Tier 3+ | ||
| ISS Reference: Std U5, Encryption Requirements (IT Infrastructure Encryption Requirements section) | ||
Application Server in UDC
An Application Server running on physical hardware in the University Data Centre (UDC) has no information storage or database. It boots over the network.
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | Yes | Because of its location and the lack of any storage, no Encryption is required for this Application Server. |
| Tier 1 | ||
| Tier 2 | ||
| Tier 3 | In all cases, the best practice is to encrypt with Tier 3 Encryption or Tier 3+ Encryption. | |
| Tier 3+ | ||
| ISS Reference: Std U5, Encryption Requirements (IT Infrastructure Encryption Requirements section) | ||
Database Server in UDC
An application’s Database Server located in the University Data Centre (UDC) contains Very High Risk Information in the database. There is no other data stored on the Server.
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | ||
| Tier 1 | ||
| Tier 2 | ||
| Tier 3 | Yes | IT Infrastructure storing High and Very High Risk Information must be encrypted with Tier 3 or Tier 3+ where technically possible. |
| Tier 3+ | Yes | |
| ISS Reference: Std U5, Encryption Requirements (IT Infrastructure Encryption Requirements section) | ||
Server that stores High Risk Information for a short period
A research lab has several Linux VMs hosted on a Server in their lab that collect High and Very High Risk Information from instruments, that is stored as files for a short period.
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | ||
| Tier 1 | Yes | Required for all volumes due to the location, unless Tier 2 Encryption is used. |
| Tier 2 | Yes | Required for all volumes due to the location, unless Tier 1 Encryption is used. |
| Tier 3 | Yes | High and Very High Risk Information must be encrypted with Tier 3 where technically possible. |
| Tier 3+ | Tier 3+ Encryption does not apply in this case. | |
| ISS Reference: Std U5, Encryption Requirements (IT Infrastructure Encryption Requirements section) | ||
Database on Workstation with Low Risk Information
A researcher has a “database” (a series of text files) stored on the local hard drive of a Workstation running Windows. This "database” contains only Low and Medium Risk Information.
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | ||
| Tier 1 | Yes | Tier 1 Encryption is required for this Workstation. Since the files only contain Low and Medium Risk Information no other Encryption is required. |
| Tier 2 | ||
| Tier 3 | In all cases, the best practice is to encrypt with Tier 3 Encryption. | |
| Tier 3+ | Tier 3+ Encryption does not apply in this case as it is not a true Database Server. | |
| ISS Reference: Std U5, Encryption Requirements (Device Encryption Requirements section) | ||
Linux Workstation
A research lab has a Workstation running Ubuntu and it has three volumes; one volume contains the home directory with Very High Risk Information, the other two volumes contain Low Risk Information.
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | ||
| Tier 1 | ||
| Tier 2 | Yes | Tier 2 Encryption is required for all volumes on this Workstation. |
| Tier 3 | Tier 3 Encryption is not required as this is not a Server. In all cases, the best practice is to encrypt with Tier 3 Encryption. | |
| Tier 3+ | ||
| ISS Reference: Std U5, Encryption Requirements (Encryption of Workstations using Operating Systems other than Microsoft Windows and Apple macOS (e.g. Linux) section) | ||
SaaS Solution
A principle investigator is purchasing a Software as a Service (SaaS) solution from a 3rd party vendor for use in their research. The SaaS solution will handle High Risk Information only.
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | ||
| Tier 1 | ||
| Tier 2 | ||
| Tier 3 | Yes | IT Infrastructure storing High and Very High Risk Information must be encrypted with Tier 3 or Tier 3+ where technically possible. |
| Tier 3+ | Yes | |
| ISS Reference: Std U5, Encryption Requirements (IT Infrastructure Encryption Requirements section) | ||
PaaS Solution
An IT staff member is purchasing a Platform as a Service (PaaS) solution from a 3rd party vendor to host Web Applications for their department. The PaaS solution will handle all types of information up to and including Very High Risk Information.
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | ||
| Tier 1 | ||
| Tier 2 | Yes | Volume files must be encrypted with Tier 2 Encryption where technically possible. |
| Tier 3 | Yes | High and Very High Risk Information must be encrypted with Tier 3 Encryption where technically possible. |
| Tier 3+ | Yes | If databases are in use then Tier 3+ Encryption must be used where technically possible. |
| ISS Reference: Std U5, Encryption Requirements (IT Infrastructure Encryption Requirements section) | ||
AWS S3 Bucket with High Risk Information
AWS S3 Object-based Storage is being used by a Software Application to store objects that contain High Risk Information.
| Encryption Tier | Required? | Clarifying Notes |
|---|---|---|
| Tier 0 | ||
| Tier 1 | ||
| Tier 2 | ||
| Tier 3 | Yes | IT Infrastructure storing High and Very High Risk Information must be encrypted with Tier 3 or Tier 3+ where technically possible. |
| Tier 3+ | Yes | |
| ISS Reference: Std U5, Encryption Requirements (IT Infrastructure Encryption Requirements section) | ||
Related Documents and Resources
- Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems
- Encryption Requirements standard
Guideline Last Revised: 2025-03