NCSAM: Cloud computing

Safely using the cloud to manage University information


11:18 a.m., Oct. 31, 2012--Since 2004, EDUCAUSE, the National Cyber Security Alliance (NCSA) and other national organizations have declared October to be National Cyber Security Awareness Month (NSCAM), and the University of Delaware has joined in this annual effort to promote cyber security.

Many people at UD have started using cloud computing, non-University computing storage and other resources delivered as a service over the Internet.

FYI Stories

Tea with the provost

University of Delaware students, faculty and staff are invited to one in a series of informal, meet-and-greet gatherings over tea with Provost Domenico Grasso.

ARTstor workshop

The University of Delaware Library will present a workshop titled "Teaching and Learning with Images: Introduction to ARTstor" on Tuesday, April 14.

“The cloud can make usability, administrative processes, research and scholarly collaboration more efficient and effective,” Karl Hassler, associate director of IT Network and System Services, said. “That’s the good news. On the downside, the lure of a free cloud application may obscure the risks to University information. The one-size-fits-all terms and conditions might not be appropriate for all University information.”

Before storing or processing University information in the cloud, it is important for UD employees to consider the potential impact that putting that information in the cloud could have on the University’s operations, ability to comply with legal regulations, and protection of privacy. The information’s classification determines its protection requirements. Not all cloud services can meet minimum protection requirements.

While UD utilizes cloud services such as Google Drive and Canvas to store and manage information, they are not appropriate for hosting all types of University information. “You wouldn’t store medical records in Google Drive — the risks of violating personal privacy are too great,” Hassler explained. “Google Drive is not a good choice for storing sensitive, confidential or personally identifiable information (PII).”

Before putting University information in the cloud, it is essential to determine whether the information will be adequately protected. For confidential and official use only (OUO) information the click-through terms and conditions will not suffice. Contractual assurances and documentation of the cloud vendor’s security protocols may be necessary to meet sensitive or critical information’s protection requirements.

If your unit or department is interested in taking advantage of the cloud, look at the Process overview detailed in Information Technologies’ (IT) new Cloud vendor management program website. The site will walk you through the information classification stage and help you determine if a contract is needed. 

For more information on cloud vendor management, contact the IT Support Center. And don’t forget to keep up with IT on Facebook and Twitter for the latest information and NCSAM tips.

Article by Sarah E. Meadows

icon-fb icon-tw icon-yt icon-fs

News Media Contact

University of Delaware
Communications and Public Affairs

UDaily is produced by
Communications and Public Affairs

The Academy Building
105 East Main Street
University of Delaware
Newark, DE 19716 | USA
Phone: (302) 831-2792
University of Delaware • Newark, DE 19716 • (302) 831-2792 • ©2012
University of Delaware • Newark, DE 19716 • USA • Phone: (302) 831-2792 • © 2013
Comments|Contact Us|Legal Notices