NCSAM: Cloud computing

Safely using the cloud to manage University information

TEXT SIZE

11:18 a.m., Oct. 31, 2012--Since 2004, EDUCAUSE, the National Cyber Security Alliance (NCSA) and other national organizations have declared October to be National Cyber Security Awareness Month (NSCAM), and the University of Delaware has joined in this annual effort to promote cyber security.

Many people at UD have started using cloud computing, non-University computing storage and other resources delivered as a service over the Internet.

FYI Stories

First Friday Roundtable

The First Friday Roundtable on Teaching, a collaborative UD program aimed at highlighting varied approaches of teaching, learning and assessment practices, will hold its first event on Friday, Sept. 5.

Turn it off

Members of the UD community are reminded to conserve energy by turning off equipment and lights when they are not in use.

“The cloud can make usability, administrative processes, research and scholarly collaboration more efficient and effective,” Karl Hassler, associate director of IT Network and System Services, said. “That’s the good news. On the downside, the lure of a free cloud application may obscure the risks to University information. The one-size-fits-all terms and conditions might not be appropriate for all University information.”

Before storing or processing University information in the cloud, it is important for UD employees to consider the potential impact that putting that information in the cloud could have on the University’s operations, ability to comply with legal regulations, and protection of privacy. The information’s classification determines its protection requirements. Not all cloud services can meet minimum protection requirements.

While UD utilizes cloud services such as Google Drive and Canvas to store and manage information, they are not appropriate for hosting all types of University information. “You wouldn’t store medical records in Google Drive — the risks of violating personal privacy are too great,” Hassler explained. “Google Drive is not a good choice for storing sensitive, confidential or personally identifiable information (PII).”

Before putting University information in the cloud, it is essential to determine whether the information will be adequately protected. For confidential and official use only (OUO) information the click-through terms and conditions will not suffice. Contractual assurances and documentation of the cloud vendor’s security protocols may be necessary to meet sensitive or critical information’s protection requirements.

If your unit or department is interested in taking advantage of the cloud, look at the Process overview detailed in Information Technologies’ (IT) new Cloud vendor management program website. The site will walk you through the information classification stage and help you determine if a contract is needed. 

For more information on cloud vendor management, contact the IT Support Center. And don’t forget to keep up with IT on Facebook and Twitter for the latest information and NCSAM tips.

Article by Sarah E. Meadows

icon-fb icon-tw icon-yt icon-fs
ADVERTISEMENT

News Media Contact

University of Delaware
Office of Communications & Marketing
302-831-NEWS
ud-ocm@udel.edu

UDaily is produced by the
Office of Communications & Marketing

The Academy Building
105 East Main Street
University of Delaware
Newark, DE 19716 | USA
Phone: (302) 831-2792
email: ud-ocm@udel.edu
www.udel.edu/ocm
University of Delaware • Newark, DE 19716
ud-ocm@udel.edu • (302) 831-2792 • ©2012
University of Delaware • Newark, DE 19716 • USA • Phone: (302) 831-2792 • © 2013
Comments|Contact Us|Legal Notices