Trusted Resources
Find out more about trusted resources at UC San Diego and how to access them.
Cyber threats are evolving, and so are we. As part of the Secure Connect program, UC San Diego will now enforce a set of cybersecurity software requirements for all endpoints accessing our trusted resources.
What are Trusted Resources?
Within the university network, there are collections of sensitive and valuable information, assets, and services which should not be made available to the general public. These include but are not limited to lab systems and restricted access systems. These are considered “Trusted Resources." These resources are protected by additional security controls and are only accessible when endpoints (any device connecting to the network) meet those additional security requirements or have an approved exception.
What’s a trusted resource and do I need it to do my job?
- Any IT resource (systems, database, equipment, etc.) that is not accessible from off-campus, without connecting first to VPN, is considered a trusted resource.
- Access to most business applications, instructional systems, productivity software and collaboration tools do not require access to trusted resources. E.g. Zoom, Microsoft Teams, Google Workspace, UCPath, Canvas, Kuali Research, OneDrive, etc.
- Library resources are now available via Single Sign-On (SSO) login and will no longer require VPN
How do I know if I need access to Trusted Resources?
Examples of resources that are typically found on trusted networks include:
- Lab systems
- Restricted access systems
What do I need to do to access the Trusted Resources?
Your device needs to meet (be compliant with) the following requirements, or have an approved exception:
- Managed Devices - devices that are maintained by department IT
- If you are staff or faculty, your department IT is or will be working with you to make sure these devices have everything they need to access the trusted resources.
- Unmanaged / Personal Devices
- If you are a student, staff or faculty with a personal device, you can enroll in Intune mobile device management (MDM). Intune will make sure the device automatically receives the appropriate security software (Qualys Vulnerability Management (VM) and Trellix Endpoint Detection & Response (EDR)), and make sure it receives the certificates it will need to access trusted resources. This certificate will be your new and automated way of authenticating to the network and will work with UCSD-PROTECTED and VPN.
- Exceptions
If you believe your device cannot meet one of these requirements, please contact your Unit Information Security Lead (UISL) for guidance and to prepare for the exception request process.
A self-service request form will be available soon in ServiceNow to streamline this process.
Important Note
For UC San Diego Health requirements, visit the Secure Connect for Health Pulse page (login).Once my device is compliant, I can reach trusted resources through:
- UCSD-PROTECTED (wireless)
- VPN
- A wired ethernet connection
You cannot access trusted resources through the following networks:
- Any of the RESNET networks
- Eduroam
- UCSD-GUEST
Other than being able to access the trusted resources, are there advantages to having the additional security software on my device?
Yes! When you are enrolled in Intune MDM, your device will receive automated updates to the security software, Trellix EDR and Qualys VM. Trellix and Qualys will reduce the risk of being impacted by malware and provide an added layer of both security and remediation if your device is compromised.
What is Internet-Only Access?
Endpoints that are not compliant and do not have an approved exception will not be able to access trusted resources via VPN and will only be granted Internet-Only access when connected to the UCSD-PROTECTED wireless network and most wired networks.
Similar to internet service at home or at your local coffee shop, Internet-Only access is adequate for most administrative tasks and functions, such as:
- Cloud Services: Zoom, Microsoft Office 365 (Outlook, OneDrive, Teams, etc.), Google Workspace (Drive, Sheets, GMail, etc.)
- Business and administrative systems: Oracle Financial, SAP Concur, Kuali Research, UC Path, EcoTime and more
- Reports and analytics: Cognos, Tableau