Safely using the cloud to manage University information

11:18 a.m., Oct. 31, 2012--Since 2004, EDUCAUSE, the National Cyber Security Alliance (NCSA) and other national organizations have declared October to be National Cyber Security Awareness Month (NSCAM), and the University of Delaware has joined in this annual effort to promote cyber security.

Many people at UD have started using cloud computing, non-University computing storage and other resources delivered as a service over the Internet.

FYI Stories

June 6: UDid It! Picnic

All UD faculty and staff members are invited to attend the annual UDid It! employee appreciation picnic, set from 11 a.m.-1:30 p.m., Monday, June 6, on The Green.

2FA protects you

If you are using two-factor authentication (2FA), even if a hacker has your password, your information is probably safe.

• 2FA protects you
• Police training
• Traffic alert
• Library photo ID

“The cloud can make usability, administrative processes, research and scholarly collaboration more efficient and effective,” Karl Hassler, associate director of IT Network and System Services, said. “That’s the good news. On the downside, the lure of a free cloud application may obscure the risks to University information. The one-size-fits-all terms and conditions might not be appropriate for all University information.”

Before storing or processing University information in the cloud, it is important for UD employees to consider the potential impact that putting that information in the cloud could have on the University’s operations, ability to comply with legal regulations, and protection of privacy. The information’s classification determines its protection requirements. Not all cloud services can meet minimum protection requirements.

While UD utilizes cloud services such as Google Drive and Canvas to store and manage information, they are not appropriate for hosting all types of University information. “You wouldn’t store medical records in Google Drive — the risks of violating personal privacy are too great,” Hassler explained. “Google Drive is not a good choice for storing sensitive, confidential or personally identifiable information (PII).”

Before putting University information in the cloud, it is essential to determine whether the information will be adequately protected. For confidential and official use only (OUO) information the click-through terms and conditions will not suffice. Contractual assurances and documentation of the cloud vendor’s security protocols may be necessary to meet sensitive or critical information’s protection requirements.

If your unit or department is interested in taking advantage of the cloud, look at the Process overview detailed in Information Technologies’ (IT) new Cloud vendor management program website. The site will walk you through the information classification stage and help you determine if a contract is needed. 

For more information on cloud vendor management, contact the IT Support Center. And don’t forget to keep up with IT on Facebook and Twitter for the latest information and NCSAM tips.

Article by Sarah E. Meadows