Webfiles will be phased out beginning Spring 2020
The software product at the heart of OIT’s Webfiles file sharing service, Xythos, will no longer be supported or maintained by the vendor as of December 2019. Without vendor support for bug fixes and security patches, the service presents an increasing cybersecurity risk. As a result, in the coming months, OIT will begin to phase out the Webfiles service.
Recommended Enterprise Contract Solutions
All current Webfiles users are encouraged to migrate to one of the two file-sharing solutions under enterprise contract with UCI. An enterprise contract obligates a service provider to terms and conditions that result in penalties if those terms and conditions are breached. The two services available under enterprise contracts are UCI's Google Drive (G Suite for Education) and Microsoft OneDrive when used in conjunction with your UCI identity (name@uci.edu).
Not Recommended - Non-Contracted Solutions
Storing files on your personal Google Drive or Microsoft OneDrive using your personal identity affords no contractual protection, so if your data is exposed or stolen there is little to no recourse available. Storing your files on other sites that do not have a contract with UCI (Dropbox, Box, etc.) affords no contractual protection either.
Timeline
OIT will be ready to work with you in the early Spring Quarter 2020. We will set a date to sunset the service only after a significant number of current users have migrated. Once a sunset date is determined, OIT will make an announcement 90 days in advance to provide any remaining users an opportunity to migrate to another solution before Webfiles is turned off.
Still using Webfiles?
Read the FAQs and help pages to help you use Webfiles during the transition.
How to Choose the Right Migration Solution
Please view the chart below to determine the best way to migrate your data based on data classifications. The data classifications used (P1, P2, P3, P4) are derived from the UC Electronic Information Security Policy 3 (“IS-3”).
Low-to-moderate Risk Data (P1, P2)
For low-to-moderate risk data, Google Drive or Microsoft OneDrive are good alternatives to replace Webfiles. Directions on migrating to Microsoft OneDrive or Google Drive and how features in Webfiles map to these solutions will be published by the end of March 2020.
High-risk Data (P3, P4)
For people using Webfiles for the secure sharing of high-risk data as part of your operational processes in support of your department or other client departments (referred to as “campus administrative departments”), only Microsoft OneDrive enables the security controls required and only with A5 licensing.
For individuals (e.g., faculty or researchers) storing P3 / P4 data in OneDrive, an A3 license may be sufficient. Please consult with the OIT Windows Services Group (WSG) by opening a ticket with the OIT Help Desk and asking for a OneDrive consultation with WSG. Our forthcoming published guidance will include how to avoid making mistakes with P3/P4 data.
Data Classification Table
| What Can I Use to Share P1 – P4 Data? | Data Risk Level | Can I use Google Drive? | Can I use Microsoft OneDrive? (A3 License) |
Can I Use Microsoft OneDrive? (A5 License) |
|---|---|---|---|---|
| P1 – Public | Low | Yes | Yes | Yes |
| P2 – Internal | Medium | Yes | Yes | Yes |
| P3 – Proprietary | High | No | Yes, individuals only | Yes |
| P4 – Statutory | High | No | Yes, individuals only | Yes |
Webfiles Alternatives
Google Drive
- Google Drive offers unlimited* P1 & P2 storage space for Google Drive.
- Google Shared Drive (for teams) is available to all UCI students, staff, faculty, and researchers at no cost.
Microsoft OneDrive
- Microsoft licensing requires the person doing the sharing to be licensed. The person(s) receiving access to the shared document does not need to be licensed.
- To find your current level of licensing, please do the following five steps:
- Log in to https://outlook.com/uci.edu
- Click on the circle with your initials (top right)
- Select "My account"
- Click "Subscriptions"
- Look for a license with "A3" or "A5" in the name
- For campus administrative departments
- Departments using P3 and P4 data in their business processes have a higher level of risk than individuals.
- These departments will be upgraded by OIT to a Microsoft A5 license from their current A3 license at no additional charge.
- OIT will fund the cost of the step-up from A3 to A5 licenses in order to promote a higher level of cybersecurity.
- For individuals
- Since the original announcement in December, Microsoft has added new features to OneDrive and now enables sufficient protection for all levels of data (P1 – P4) with only an A3 license. Individuals no longer need to purchase an A5 license.
- If you are staff or faculty and use Office 365 for email, you may already have an A3 license.
- Licensing
- All groups or departments that subscribe to the Microsoft Consolidated Campus Agreement (MCCA) have access to Microsoft A3 licensing.
- Microsoft A3 licenses cost $46.20 per person per year. Order part AAA-73004. This is different than prior years.
- Please submit your request through the OIT help desk and ask for an assignment to the Windows Services Group (WSG).
We are committed to ensuring a smooth transition for our Webfiles users. Please contact the Senior Director of Enterprise Infrastructure, Henry Jenkins, at henry.jenkins@uci.edu with any questions.
Notes
*Some campus units have their own Google G Suite tenant. Those tenants are outside of the campus agreement with Google and are unable to take advantage of the unlimited space offer.
**OneDrive is not appropriate for Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). OneDrive requires a process in addition to licensing to ensure proper protection of high-risk data. We are developing that guidance.