Educause Security Discussion mailing list archives
Re: Cloud Security Policy
From: Shaun Gray <SGray () MEDFORD K12 NJ US>
Date: Wed, 8 Mar 2017 10:06:17 -0500
Thanks for the response Jim. We have evaluated the hosting services and determined that from a security standpoint they pass the test. We don't have a clearly defined policy for sharing information with other organizations outside of the regulatory policies that apply to all institutions. I certainly don't want to take the same approach we use for local storage policies and apply that to publicly accessible locations such as Google Drive. Right now any and everything is allowed to be stored on Google Drive and we are looking to address storing sensitive information there. Dr. Shaun G. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jim Cheetham Sent: Tuesday, March 07, 2017 4:26 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cloud Security Policy Quoting Shaun Gray (2017-03-08 10:03:56)
We are developing a policy for the storage of data on the cloud. Does anyone have a policy or advice they would care to share to help us with this process?
Surely this would be the same policy as the one that already governs you sharing information with existing third-party organisations that don't use the word "cloud"? i.e. I can't place sensitive data on AWS until I've evaluated the protections that AWS offer me; exactly the same as the way I can't share sensitive information with an external partner until I've evaluated the protections that they offer me ... Treating "cloud" as anything that's different from "someone else's computers", especially from a policy perspective, is missing the point. -- Jim Cheetham, Information Security, University of Otago, Dunedin, N.Z. ✉ jim.cheetham () otago ac nz ☏ +64 3 470 4670 ☏ m +64 21 279 4670 ⚷ OpenPGP: B50F BE3B D49B 3A8A 9CC3 8966 9374 82CD C982 0605 Medford Township Public School District email is provided to staff for the purpose of professional communication. Please be aware that messages sent via email may not be secure and that network administrators may have to review communications to maintain network integrity and ensure the responsible use of the system. This electronic transmission and documents transmitted as attachments contain information from the Medford Township Public School District that may be proprietary, confidential and/or privileged under state or federal law. The information is intended for the sole use of the individual(s) or entity named above. The individual(s) or entity named above as the receipt of this information is expressly prohibited from disclosing this information to any other party unless required to do so by state or federal law or regulation. If you are not the intended recipient, be aware that any disclosure, copying or distribution or use of the contents of this electronic transmission and any document attachments is expressly prohibited. If you have received this electronic transmission in error, please notify the sender immediately by replying to the address listed above and delete or destroy all copies of the original electronic transmission.
Current thread:
- Cloud Security Policy Shaun Gray (Mar 07)
- Re: Cloud Security Policy Jim Cheetham (Mar 07)
- Re: Cloud Security Policy Shaun Gray (Mar 08)
- Re: Cloud Security Policy Adam Maynard (Mar 07)
- Re: Cloud Security Policy Shaun Gray (Mar 08)
- Re: Cloud Security Policy Jones, Mark B (Mar 08)
- Re: Cloud Security Policy Kevin Crider (Mar 08)
- Re: Cloud Security Policy Shaun Gray (Mar 08)
- Re: Cloud Security Policy Jim Cheetham (Mar 07)