• Skip to Content
  • Skip to Main Navigation
  • Skip to Search

Indiana University Indiana University IU

Open Search
  • Personal Preparedness
    • Email & phishing scams
    • Identity verification
    • IU passphrases
    • Hardware & software security
      • Laptop & mobile device security
      • Malware, scareware, & ransomware
      • Wearable technologies
      • Use of survey software
    • File sharing & copyright
      • Contesting copyright infringement notices
      • Disabling peer-to-peer file sharing
      • Copyright tutorial
      • Copyright infringement incident resolution
    • Vulnerability Disclosure Guidance
    • Keeping data safe
    • Web privacy
    • Account privileges
    • Remote Desktop
  • Information & IT Policies
    • Policy Hierarchy
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Review
    • IT-12 Security Standards
  • Information Security & Privacy Program
    • Scope
    • Goals & Objectives
    • Governance
    • Principles
    • Safeguards
      • Risk assessment and treatment
      • Policy administration
      • Organization
      • Asset management
      • Human resources
      • Physical & environmental security
      • Communications & operations management
      • Identity & access control
      • Information systems acquisition, development, and maintenance
      • Incident management
      • Business continuity management
      • Compliance
    • Charter
  • Privacy Portal
    • Privacy matters
    • Sensitive data
      • Guidelines
    • Sharing institutional data with third parties
  • Resources for IT Staff
    • Information Risk Assessments
    • SecureMyResearch
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • Information security best practices
    • CIS Secure Suite
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
      • Privacy Notice Generator
      • Incident Response Webservice
      • SSL/TLS certificates
  • About
    • Glossary of Terms
    • Trustees Resolution
  • Contact
  • Report an Incident
    • Report Privacy Incident or Request Assistance
    • Emergency IT Incidents
    • Managing Incidents
    • Identity Theft
    • Reporting Suspected Sensitive Data Exposures
    • Reporting Suspected HIPAA Data Exposures

Information Security & Policy

  • Home
  • Personal Preparedness
    • Email & phishing scams
    • Identity verification
    • IU passphrases
    • Hardware & software security
    • File sharing & copyright
    • Vulnerability Disclosure Guidance
    • Keeping data safe
    • Web privacy
    • Account privileges
    • Remote Desktop
  • Information & IT Policies
    • Policy Hierarchy
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Review
    • IT-12 Security Standards
  • Information Security & Privacy Program
    • Scope
    • Goals & Objectives
    • Governance
    • Principles
    • Safeguards
    • Charter
  • Privacy Portal
    • Privacy matters
    • Sensitive data
    • Sharing institutional data with third parties
  • Resources for IT Staff
    • Information Risk Assessments
    • SecureMyResearch
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • Information security best practices
    • CIS Secure Suite
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
  • Search
  • About
  • Contact
  • Report an Incident
  • Home
  • Security Bulletins
  • Securing Remote Machines of Staff

Securing Remote Machines of Staff

Monday, August 23, 2021

Now that flexible work arrangements are being made for the fall of 2021, Indiana University is continuing to take advantage of a hybrid system of on-campus and remote work.  One of the most voiced concerns raised by units participating in continuous engagement consultations is securing machines for staff members working remotely.  To address those concerns, the University Information Policy and Security Offices (UIPO and UISO) have a few recommendations for how staff can manage and secure their devices for remote work.

Accessing Institutional Data Remotely

IUanyWare and Remote Desktop Protocol (Windows RDP) each allow you to access another computer from a different location, as if you were sitting in front of it.  At Indiana University, many security measures are in place, such as requiring a VPN connection to connect to these tools.  For additional security, it is also recommended you set up Duo integration for use with RDP.  Even when accessing institutional data from university owned machines, storing critical or restricted data on them is prohibited according to University Policy DM-01-S(9)(e).

Note: IU discourages the use of personally-owned machines to access IU systems and institutional data.  On the rare occasion that using a personally-owned device is necessary, all efforts should be taken to avoid storing any institutional data on it.  If you are accessing IU systems or institutional data on a personally-owned device, you should only do so while connected via Windows RDP or IUanyWare.

Device Endpoint Management

Endpoint management is an IT and cybersecurity process that consists of devices connected to the network being managed by someone other than the device user to ensure security policies and tools are in place to reduce the risk of an attack or other such events.  Computers, mobile devices, and other machines owned by Indiana University should be visible to an endpoint management system according to University Policy HR-06-80(2)(c).  Tier 2 Support (sct2@iu.edu) offers endpoint management for both Apple/JAMF and Microsoft/SCCM devices.  Please see below for training links on how to get started with these device management programs.

Qualys Vulnerability Scanning

Although QualysGuard vulnerability scanner is mostly used to maintain servers and websites at IU, it can also be used for laptops or mobile devices.  While a vulnerability scan does not eliminate any risks, it does make you aware of any system flaws so you have an opportunity to mitigate them.  Enroll your machines, review your scan results, and mitigate the findings.

If you have any other questions about this notice, please reach out to your unit’s UISO Security Analyst or Engineer at uiso@iu.edu.

Thank you for your ongoing partnership to protect IU.

Knowledge Base Links for End Users:

  • Keep working from remote locations
  • Connect to a Windows computer or server via RDP
  • How to make off-campus remote desktop connections at IU
  • About IUanyWare
  • Set up a Microsoft RDP Duo integration
  • Get started with Apple device management via Jamf Pro
  • Get started with Windows device management
  • Secure your iPhone, iPad, or iPod touch
  • About vulnerability scanners

Policy References:

  • HR-06-80(2)(c): Remote Work for Staff and Temporary Employees
  • DM-01-S(9)(e): Management of Institutional Data
  • IT-12: Security of Information Technology Resources
  • IT-12.1: Mobile Device Security Standard
  • Acceptable Use Agreement

Information Security & Policy resources

  • Leading in Cybersecurity
  • IU Data Management

Indiana University

Accessibility | College Scorecard | Open to All | Privacy Notice | Copyright © 2025 The Trustees of Indiana University