Educause Security Discussion mailing list archives
Re: Cloud Security Policy
From: Jim Cheetham <jim.cheetham () OTAGO AC NZ>
Date: Wed, 8 Mar 2017 10:25:47 +1300
Quoting Shaun Gray (2017-03-08 10:03:56)
We are developing a policy for the storage of data on the cloud. Does anyone have a policy or advice they would care to share to help us with this process?
Surely this would be the same policy as the one that already governs you sharing information with existing third-party organisations that don't use the word "cloud"? i.e. I can't place sensitive data on AWS until I've evaluated the protections that AWS offer me; exactly the same as the way I can't share sensitive information with an external partner until I've evaluated the protections that they offer me ... Treating "cloud" as anything that's different from "someone else's computers", especially from a policy perspective, is missing the point. -- Jim Cheetham, Information Security, University of Otago, Dunedin, N.Z. ✉ jim.cheetham () otago ac nz ☏ +64 3 470 4670 ☏ m +64 21 279 4670 ⚷ OpenPGP: B50F BE3B D49B 3A8A 9CC3 8966 9374 82CD C982 0605
Attachment:
signature.asc
Description: signature
Current thread:
- Cloud Security Policy Shaun Gray (Mar 07)
- Re: Cloud Security Policy Jim Cheetham (Mar 07)
- Re: Cloud Security Policy Shaun Gray (Mar 08)
- Re: Cloud Security Policy Adam Maynard (Mar 07)
- Re: Cloud Security Policy Shaun Gray (Mar 08)
- Re: Cloud Security Policy Jones, Mark B (Mar 08)
- Re: Cloud Security Policy Kevin Crider (Mar 08)
- Re: Cloud Security Policy Shaun Gray (Mar 08)
- Re: Cloud Security Policy Jim Cheetham (Mar 07)