University of Delaware

NCSAM: Cloud computing

Safely using the cloud to manage University information


11:18 a.m., Oct. 31, 2012--Since 2004, EDUCAUSE, the National Cyber Security Alliance (NCSA) and other national organizations have declared October to be National Cyber Security Awareness Month (NSCAM), and the University of Delaware has joined in this annual effort to promote cyber security.

Many people at UD have started using cloud computing, non-University computing storage and other resources delivered as a service over the Internet.

FYI Stories

2FA protects you

If you are using two-factor authentication (2FA), even if a hacker has your password, your information is probably safe.

Library photo ID

Starting July 1, University of Delaware Library visitors without ONEcards must provide school-issued identification or state or government-issued photo identification when signing in at the Welcome Desk.

“The cloud can make usability, administrative processes, research and scholarly collaboration more efficient and effective,” Karl Hassler, associate director of IT Network and System Services, said. “That’s the good news. On the downside, the lure of a free cloud application may obscure the risks to University information. The one-size-fits-all terms and conditions might not be appropriate for all University information.”

Before storing or processing University information in the cloud, it is important for UD employees to consider the potential impact that putting that information in the cloud could have on the University’s operations, ability to comply with legal regulations, and protection of privacy. The information’s classification determines its protection requirements. Not all cloud services can meet minimum protection requirements.

While UD utilizes cloud services such as Google Drive and Canvas to store and manage information, they are not appropriate for hosting all types of University information. “You wouldn’t store medical records in Google Drive — the risks of violating personal privacy are too great,” Hassler explained. “Google Drive is not a good choice for storing sensitive, confidential or personally identifiable information (PII).”

Before putting University information in the cloud, it is essential to determine whether the information will be adequately protected. For confidential and official use only (OUO) information the click-through terms and conditions will not suffice. Contractual assurances and documentation of the cloud vendor’s security protocols may be necessary to meet sensitive or critical information’s protection requirements.

If your unit or department is interested in taking advantage of the cloud, look at the Process overview detailed in Information Technologies’ (IT) new Cloud vendor management program website. The site will walk you through the information classification stage and help you determine if a contract is needed. 

For more information on cloud vendor management, contact the IT Support Center. And don’t forget to keep up with IT on Facebook and Twitter for the latest information and NCSAM tips.

Article by Sarah E. Meadows

icon-fb icon-tw icon-yt icon-fs

News Media Contact

University of Delaware
Communications and Public Affairs

UDaily is produced by
Communications and Public Affairs

The Academy Building
105 East Main Street
University of Delaware
Newark, DE 19716 | USA
Phone: (302) 831-2792
University of Delaware • Newark, DE 19716 • (302) 831-2792 • ©2012
University of Delaware • Newark, DE 19716 • USA • Phone: (302) 831-2792 • © 2013
Comments|Contact Us|Legal Notices