Educause Security Discussion mailing list archives
Re: Trying to manage the move to the cloud
From: Bob Bayn <bob.bayn () USU EDU>
Date: Fri, 11 Mar 2011 15:37:16 +0000
Our Information Security Policy includes this little statement: "Offsite storage, processing or backup of PSI/CID [private sensitive information/critical institutional data] must use service providers evaluated and approved by the responsible data steward in consultation with OIT. OIT is directed to publish standards that conform to this policy<https://it.usu.edu/policies/htm/information-security/selection-of-cloud-computing-services>." The standards are still in development; the link goes to notes, comments and links to others. Bob Bayn (435)797-2396 Security Team You are on the Security Team, too. Be an Internet Skeptic! There's nothing really free on the 'net Office of Information Technology at Utah State University http://tinyurl.com/bicyclists-share-kidneys ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Chancellor, Beth C. [ChancellorB () MISSOURI EDU] Sent: Thursday, March 10, 2011 7:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Trying to manage the move to the cloud All, It is clear that many of us are dealing with the challenges of when, if and how to adopt public cloud computing models. In the mean time, it’s concerning that at least some of our users are using free cloud services on their own. Like many of you, my institution has policies about appropriate use (AUP), privacy policies, perquisite use policies, etc. What we don’t have is a policy that say “you must use the IT resources provided by your institution” even if other resources are available at no cost. I am concerned about the onsie-twosie uses of Mozy, yahoo, hotmail, gmail, wikispaces, skydrives, and other free services (and sometimes not free) that have not been reviewed or endorsed by central IT. Have any of you written or adopted policies that require the use of University provided or endorsed IT resources and that prohibit the use of non-endorsed resources when conducting university business? Beth Beth Chancellor, MEd, CISSP Associate CIO and Chief Information Security Officer University of Missouri (573) 882-2434
Current thread:
- Trying to manage the move to the cloud Chancellor, Beth C. (Mar 10)
- Re: Trying to manage the move to the cloud Schoenefeld, Keith P. (Mar 10)
- Re: Trying to manage the move to the cloud Mclaughlin, Kevin (mclaugkl) (Mar 11)
- Re: Trying to manage the move to the cloud Lorenz, Eva (Mar 11)
- Re: Trying to manage the move to the cloud Neil Sindicich (Mar 29)
- Re: Trying to manage the move to the cloud Mclaughlin, Kevin (mclaugkl) (Mar 11)
- Re: Trying to manage the move to the cloud Schoenefeld, Keith P. (Mar 10)
- Re: Trying to manage the move to the cloud Shamblin, Quinn (Mar 11)
- Re: Trying to manage the move to the cloud Bob Bayn (Mar 11)
- Re: Trying to manage the move to the cloud Jeffrey I. Schiller (Mar 11)
- Re: Trying to manage the move to the cloud Nathan Zierfuss (Mar 11)
- Re: Trying to manage the move to the cloud Leon DuPree (Mar 29)
- Re: Trying to manage the move to the cloud Jeffrey I. Schiller (Mar 11)