Cloud Services at the University

Cloud Services at the University

Vendor-provided cloud services can offer the University new, cost-effective tools and capabilities. However, providing third parties with access to University systems and data creates risk.

To help manage risks associated with cloud services and other technology and services, IT has established the following processes:

Guidelines for Cloud Security

Consider the following before deciding whether to use a cloud service to store or process University information:

  1. Functionality
    • What "need" must the service fulfill?
    • Does UD already have a service for that need?
    • Does the service have any "hidden functionality" (e.g., access to a contact list or to read anything a user types)
  2. Data security
    • Confidentiality: Is the data restricted to only those who "need to know"?
    • Integrity: Is the data accurate, authentic, and properly maintained?
    • Availability: Are the service and data accessible when you need them?
  3. Compliance requirements
    • Legal, regulatory, or contractual obligations (e.g., FERPA, HIPAA, nondisclosure agreements)
    • Research data restrictions (e.g., human subjects protections, export restrictions, data portability or availability requirements)
  4. What you can control
    • Who has access to the data?
    • Where the data goes?
    • What the third party does with the data?

If you have questions about whether a cloud service is appropriate for your needs, contact your departmental IT support staff or the IT Support Center. Email Call (302) 831-6000.