Educause Security Discussion mailing list archives
Re: Cloud Security Policy
From: "Jones, Mark B" <Mark.B.Jones () UTH TMC EDU>
Date: Wed, 8 Mar 2017 17:13:42 +0000
Are we talking about moving content to personal Google accounts (@gmail.com) or GAE/G Suite accounts. If the former I would suggest trying to stop it. If the latter, you have administrative control of the content, you can control passwords, and you can get a Business Associates Agreement signed. Done correctly, it is possible to make G Suite HIPAA/FERPA compliant. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shaun Gray Sent: Wednesday, March 08, 2017 8:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cloud Security Policy Thanks Adam. Many staff members are moving content to Google and as a district we are moving some departmental systems to the cloud. I'm more concerned about folks storing sensitive content in the Google space especially since the password requirements there not very strong. Dr. Shaun G. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Maynard Sent: Tuesday, March 07, 2017 4:28 PM To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Cloud Security Policy You have to think about what your sanctioned cloud services/apps are, and if you'll tolerate the others. Then how users should be using those sanctioned services/apps. Do you want to allow sensitive data to be stored in the cloud. If yes, should you require encryption. Do you want cloud specific data retention. There's always some type of regulatory influence. You can also consider technical and administrative safeguards, and DLP. Here are some examples: http://www.luc.edu/its/itspoliciesguidelines/cloud_computing_policy.shtml <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.luc.edu_its_itspoli ciesguidelines_cloud-5Fcomputing-5Fpolicy.shtml&d=DQMFAg&c=6vgNTiRn9_pqCD9hK x9JgXN1VapJQ8JVoF8oWH1AgfQ&r=jgMu8DNgV_dycz0rYwkNbEQq36F0BI5_Zpblz7C5LhM&m=X EkuVVq6HIF-BA3Cad6h5hbIg3aQLKCmSyFqwcl4csI&s=4Y-EcCADHkequsOtDfWKhaIQKUWPEKB 0e0WiEZbZvxc&e=> https://it.tufts.edu/cloud-pol <https://urldefense.proofpoint.com/v2/url?u=https-3A__it.tufts.edu_cloud-2Dp ol&d=DQMFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=jgMu8DNgV_dycz0r YwkNbEQq36F0BI5_Zpblz7C5LhM&m=XEkuVVq6HIF-BA3Cad6h5hbIg3aQLKCmSyFqwcl4csI&s= RKP6Bwjmgyhy9GivNgVUoOhz36kb1UO3HIZok18FuqI&e=> https://ccit.college.columbia.edu/blog/bz32/public-cloud-storage-guide-and-p olicy <https://urldefense.proofpoint.com/v2/url?u=https-3A__ccit.college.columbia. edu_blog_bz32_public-2Dcloud-2Dstorage-2Dguide-2Dand-2Dpolicy&d=DQMFAg&c=6vg NTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=jgMu8DNgV_dycz0rYwkNbEQq36F0BI5_Z pblz7C5LhM&m=XEkuVVq6HIF-BA3Cad6h5hbIg3aQLKCmSyFqwcl4csI&s=3lvyOQZVHrHso8ve5 WTGR5mcz_Ll6XqriTuhpKSFaTg&e=> http://www.gla.ac.uk/media/media_418975_en.pdf <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.gla.ac.uk_media_med ia-5F418975-5Fen.pdf&d=DQMFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ& r=jgMu8DNgV_dycz0rYwkNbEQq36F0BI5_Zpblz7C5LhM&m=XEkuVVq6HIF-BA3Cad6h5hbIg3aQ LKCmSyFqwcl4csI&s=5RNCGEDatwZQdmzeKsoisNMo-Q4qkhHPddnG1P14KR0&e=> -Adam From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shaun Gray Sent: Tuesday, March 7, 2017 4:04 PM To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Cloud Security Policy Greetings Everyone, We are developing a policy for the storage of data on the cloud. Does anyone have a policy or advice they would care to share to help us with this process? Dr. Shaun L. Gray, GSEC Network Engineer Medford Township Board of Education P / 609-975-6159 _____ Medford Township Public School District email is provided to staff for the purpose of professional communication. Please be aware that messages sent via email may not be secure and that network administrators may have to review communications to maintain network integrity and ensure the responsible use of the system. This electronic transmission and documents transmitted as attachments contain information from the Medford Township Public School District that may be proprietary, confidential and/or privileged under state or federal law. The information is intended for the sole use of the individual(s) or entity named above. The individual(s) or entity named above as the receipt of this information is expressly prohibited from disclosing this information to any other party unless required to do so by state or federal law or regulation. If you are not the intended recipient, be aware that any disclosure, copying or distribution or use of the contents of this electronic transmission and any document attachments is expressly prohibited. If you have received this electronic transmission in error, please notify the sender immediately by replying to the address listed above and delete or destroy all copies of the original electronic transmission. _____ Medford Township Public School District email is provided to staff for the purpose of professional communication. Please be aware that messages sent via email may not be secure and that network administrators may have to review communications to maintain network integrity and ensure the responsible use of the system. This electronic transmission and documents transmitted as attachments contain information from the Medford Township Public School District that may be proprietary, confidential and/or privileged under state or federal law. The information is intended for the sole use of the individual(s) or entity named above. The individual(s) or entity named above as the receipt of this information is expressly prohibited from disclosing this information to any other party unless required to do so by state or federal law or regulation. If you are not the intended recipient, be aware that any disclosure, copying or distribution or use of the contents of this electronic transmission and any document attachments is expressly prohibited. If you have received this electronic transmission in error, please notify the sender immediately by replying to the address listed above and delete or destroy all copies of the original electronic transmission.
Attachment:
smime.p7s
Description:
Current thread:
- Cloud Security Policy Shaun Gray (Mar 07)
- Re: Cloud Security Policy Jim Cheetham (Mar 07)
- Re: Cloud Security Policy Shaun Gray (Mar 08)
- Re: Cloud Security Policy Adam Maynard (Mar 07)
- Re: Cloud Security Policy Shaun Gray (Mar 08)
- Re: Cloud Security Policy Jones, Mark B (Mar 08)
- Re: Cloud Security Policy Kevin Crider (Mar 08)
- Re: Cloud Security Policy Shaun Gray (Mar 08)
- Re: Cloud Security Policy Jim Cheetham (Mar 07)