Re: Cloud Security Policy

["Jones, Mark B" <Mark.B.Jones () UTH TMC EDU>]

Are we talking about moving content to personal Google accounts (@gmail.com)
or GAE/G Suite accounts.

If the former I would suggest trying to stop it.  

If the latter, you have administrative control of the content, you can
control passwords, and you can get a Business Associates Agreement signed.
Done correctly, it is possible to make G Suite HIPAA/FERPA compliant.

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shaun Gray
Sent: Wednesday, March 08, 2017 8:59 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cloud Security Policy

 

Thanks Adam. Many staff members are moving content to Google and as a
district we are moving some departmental systems to the cloud. I'm more
concerned about folks storing sensitive content in the Google space
especially since the password requirements there not very strong.

 

 

Dr. Shaun G.

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Maynard
Sent: Tuesday, March 07, 2017 4:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> 
Subject: Re: [SECURITY] Cloud Security Policy

 

You have to think about what your sanctioned cloud services/apps are, and if
you'll tolerate the others. Then how users should be using those sanctioned
services/apps. Do you want to allow sensitive data to be stored in the
cloud. If yes, should you require encryption. Do you want cloud specific
data retention. There's always some type of regulatory influence. You can
also consider technical and administrative safeguards, and DLP.

 

Here are some examples:

http://www.luc.edu/its/itspoliciesguidelines/cloud_computing_policy.shtml
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.luc.edu_its_itspoli
ciesguidelines_cloud-5Fcomputing-5Fpolicy.shtml&d=DQMFAg&c=6vgNTiRn9_pqCD9hK
x9JgXN1VapJQ8JVoF8oWH1AgfQ&r=jgMu8DNgV_dycz0rYwkNbEQq36F0BI5_Zpblz7C5LhM&m=X
EkuVVq6HIF-BA3Cad6h5hbIg3aQLKCmSyFqwcl4csI&s=4Y-EcCADHkequsOtDfWKhaIQKUWPEKB
0e0WiEZbZvxc&e=> 

https://it.tufts.edu/cloud-pol
<https://urldefense.proofpoint.com/v2/url?u=https-3A__it.tufts.edu_cloud-2Dp
ol&d=DQMFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=jgMu8DNgV_dycz0r
YwkNbEQq36F0BI5_Zpblz7C5LhM&m=XEkuVVq6HIF-BA3Cad6h5hbIg3aQLKCmSyFqwcl4csI&s=
RKP6Bwjmgyhy9GivNgVUoOhz36kb1UO3HIZok18FuqI&e=> 

https://ccit.college.columbia.edu/blog/bz32/public-cloud-storage-guide-and-p
olicy
<https://urldefense.proofpoint.com/v2/url?u=https-3A__ccit.college.columbia.
edu_blog_bz32_public-2Dcloud-2Dstorage-2Dguide-2Dand-2Dpolicy&d=DQMFAg&c=6vg
NTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=jgMu8DNgV_dycz0rYwkNbEQq36F0BI5_Z
pblz7C5LhM&m=XEkuVVq6HIF-BA3Cad6h5hbIg3aQLKCmSyFqwcl4csI&s=3lvyOQZVHrHso8ve5
WTGR5mcz_Ll6XqriTuhpKSFaTg&e=> 

http://www.gla.ac.uk/media/media_418975_en.pdf
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.gla.ac.uk_media_med
ia-5F418975-5Fen.pdf&d=DQMFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&
r=jgMu8DNgV_dycz0rYwkNbEQq36F0BI5_Zpblz7C5LhM&m=XEkuVVq6HIF-BA3Cad6h5hbIg3aQ
LKCmSyFqwcl4csI&s=5RNCGEDatwZQdmzeKsoisNMo-Q4qkhHPddnG1P14KR0&e=> 

 

 

-Adam

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shaun Gray
Sent: Tuesday, March 7, 2017 4:04 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> 
Subject: [SECURITY] Cloud Security Policy

 

Greetings Everyone,

 

We are developing a policy for the storage of data on the cloud. Does anyone
have a policy or advice they would care to share to help us with this
process?

 

 

Dr. Shaun L. Gray, GSEC

Network Engineer

Medford Township Board of Education

P / 609-975-6159

 

 

 

  _____  

Medford Township Public School District email is provided to staff for the
purpose of professional communication. Please be aware that messages sent
via email may not be secure and that network administrators may have to
review communications to maintain network integrity and ensure the
responsible use of the system. This electronic transmission and documents
transmitted as attachments contain information from the Medford Township
Public School District that may be proprietary, confidential and/or
privileged under state or federal law. The information is intended for the
sole use of the individual(s) or entity named above. The individual(s) or
entity named above as the receipt of this information is expressly
prohibited from disclosing this information to any other party unless
required to do so by state or federal law or regulation. If you are not the
intended recipient, be aware that any disclosure, copying or distribution or
use of the contents of this electronic transmission and any document
attachments is expressly prohibited. If you have received this electronic
transmission in error, please notify the sender immediately by replying to
the address listed above and delete or destroy all copies of the original
electronic transmission.

 

  _____  

Medford Township Public School District email is provided to staff for the
purpose of professional communication. Please be aware that messages sent
via email may not be secure and that network administrators may have to
review communications to maintain network integrity and ensure the
responsible use of the system. This electronic transmission and documents
transmitted as attachments contain information from the Medford Township
Public School District that may be proprietary, confidential and/or
privileged under state or federal law. The information is intended for the
sole use of the individual(s) or entity named above. The individual(s) or
entity named above as the receipt of this information is expressly
prohibited from disclosing this information to any other party unless
required to do so by state or federal law or regulation. If you are not the
intended recipient, be aware that any disclosure, copying or distribution or
use of the contents of this electronic transmission and any document
attachments is expressly prohibited. If you have received this electronic
transmission in error, please notify the sender immediately by replying to
the address listed above and delete or destroy all copies of the original
electronic transmission.

Attachment: smime.p7s
Description: