Cloud computing is a method of accessing IT services that are delivered by an external provider. Such services are quickly provisioned, simple to access and flexible. But did you know that the security of certain cloud services may put University data at risk?

When evaluating whether to use a cloud service to store University data and provide functionality, careful consideration needs to the given to the Cloud Service Provider terms of service and/or other service agreements. Providers may include terms that allow them access to user’s data for various purposes.

Most security incidents relating to the use of Cloud Services can easily be avoided by following a few simple steps. Information Technology Services is introducing a Cloud Certification Program that will assist staff with assessing Cloud Service Providers to ensure they:

• offer value for money – by pooling requirements from a number of different areas a single purchase can be made for a more competitive price;
• adequately protect data – to ensure that Cloud Service Providers adhere to strict security requirements to protect University data including Privacy Policy requirements;
• are fit for purpose – services are purchased that meet the needs and expectations of users particularly with regard to the uptime expectations of services which differ greatly from service to service.

Under the University’s Privacy Policy staff must ensure any personal information stored on Cloud Services consider the issues above. A Cloud Security Guidance website has been published and this outlines Staff Responsibilities when purchasing Cloud Services, the Certification Process and provides a list of Cloud Services that have already been certified. For further assistance contact ITS Information Security & Risk via ICTsecurity@flinders.edu.au.