Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SaaS responsibilities

From: Joanna Grama <jgrama () EDUCAUSE EDU>
Date: Fri, 28 Aug 2015 20:00:42 +0000
Hi Thomas,

The paper that Steve mentioned was just published by ECAR today (talk about timing).  You can find it at: 
http://www.educause.edu/library/resources/preparing-it-organization-cloud

ECAR has also published recent research on the state of IT service delivery in higher education.  It is probably off 
the beaten track from the original request in this thread, but an interesting read nonetheless:  
http://www.educause.edu/library/resources/it-service-delivery-research

Kind regards,
Joanna


Joanna Grama, JD, CISSP, CRISC, CIPT
Director of DRA Operations, IT GRC and Cybersecurity Programs
Data, Research, and Analytics

EDUCAUSE
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000, Louisville, CO 80027
direct: 720.406.6769 | main: 303.449.4430 | fax: 303.440.0461 | educause.edu<http://www.educause.edu/>





From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve 
Terry
Sent: Friday, August 28, 2015 2:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SaaS responsibilities

Thomas:

Might I recommend looking at ECAR's Cloud Working Group: http://www.educause.edu/ecar/ecar-working-groups/cloud

The Cloud Working Group is actively engaged in publishing a seven part series called "PREPARING YOUR IT ORGANIZATION 
FOR THE CLOUD". (part 3 of the series is due to be published within days)  This paper is attempting to address some of 
the problems and questions you have raised.

For your consideration.

Steve

Steve Terry
Director of Enterprise Applications
ITS
Denison University
Fellows Hall - 102B
Granville, OH 43023
740-587-8685 | www.denison.edu<http://www.denison.edu/>

On Fri, Aug 28, 2015 at 1:32 PM, Thomas Carter <tcarter () austincollege edu<mailto:tcarter () austincollege edu>> 
wrote:
Here, as I’m sure is happening everywhere, SaaS usage is exploding across campus. We in IT are struggling with forming 
policies around such usage and our responsibilities around those services. I would appreciate input in how others are 
handling this SaaS hydra. Does IT track all external services used? Does IT have the rights and/or information and/or 
responsibility for administration of these services? Does IT have any right of refusal for possibly insecure or 
unvetted services? Does IT have any other applicable policies such as SSO requirements, etc?

We’re struggling with issues like when an employee leaves, how can we make sure they no longer have access to any 
school resources when some of those only reside in the cloud? Or when we don’t even know about the service? How do we 
make sure a chosen solution integrates well into the rest of our environment when we may not be involved in the 
selection process?

I appreciate any answers, advice, or suggestions you can offer.

Thomas Carter
Network & Operations Manager
Austin College
Previous By Date Next
Previous By Thread Next

Current thread: