Cloud Computing Guidelines - DIGITAL TRANSFORMATION

lovingbangInternet and Web Development

Nov 3, 2013 (4 years and 8 months ago)


Assistant VP of IT

*Cloud Computing*
Some Guidelines

Kelly McDonald

Dec. 8, 2011

Assistant VP of IT

Campus Clouds?

Contracted computing is not always a ‘cloud’

Blackboard Example

Most popular cloud computing example is Gmail

Might be processed in one of many Google Data Centers

Could be multi


resides on Amazon’s S3 storage



for its data sharing functionality

ampus services will eventually utilize both on and
campus cloud components in a very seamless

The major concern is the integrity of university data

Assistant VP of IT

The Information Security and Privacy

Organized by the ERMCC in 2006

Chartered to advise them on information security
and privacy issues

Helped to reduce the Social Security Number
footprint in on
campus applications

Recommended the concept of a sensitive data
registry for tracking use

Most recently developing the framework for an
Information Security Program for campus use

Assistant VP of IT

Guidelines for Cloud Computing

ISPC has been working on these documents for the
past 10 months

It is evident that there are degrees of concern,
based upon the level of university impact.

We are producing a set of guidelines to assist the
average faculty/staff/administrator in making wise
choices in how they use cloud services for their
individual work.

We are also producing a set of guidelines and a
questionnaire to help guide departmental transitions
into cloud service agreements.

Assistant VP of IT

Individual Cloud Computing …

Faculty want to:

Share files via
, etc.

Communicate with students via Facebook, Gmail, blogs,

Collaborate via Google Docs, wikis, etc.

Yet they are constrained by compliance with FERPA

Students must be permitted to inspect their own
educational records

Faculty may not disclose personally identifiable information

Other Issues:

License terms of cloud services

Reliability of
loud services

Assistant VP of IT

Larger Risks and Concerns…


The service provider should demonstrate that
they can maintain business continuity and deliver services
with minimal disruption, and that the data is properly backed


Provisions should be made to ensure that
the university can recover data, should anything happen to
the cloud computing provider.

Security and Privacy

Data should be protected in
accordance with university policies, and privacy laws such as

Compliance with Laws and Regulations

example, information subject to export controls should not be
located in other countries.

Assistant VP of IT

More Risks and Concerns…

Legal Concerns

Since cloud computing relationships are
governed by contract, there are items to be considered prior
to entering into an agreement, such as:

Data definition and use

Data ownership

Service level expectations and performance metrics

Liability concerns for breaches of data

Termination of service terms

Assistant VP of IT

General Cloud Guidelines …

Acquiring Cloud Computing Services

Will sensitive university information be stored or

How critical is the provided service to the business process
or academic activity?

If the service or data is not accessible during critical times,
would it create a significant hardship or financial loss?

Are there regulatory or contractual requirements that
govern the use or protection of the information? (data
privacy, export controls, human subjects research, etc.)

The ITPC has developed a Cloud Computing
Questionnaire, to assist departments during cloud
computing acquisition.

Assistant VP of IT

Guidelines cont’d…

Revise business procedures and practices to ensure
that cloud computing services are properly managed

Assess the specific risks

Define roles and responsibilities

Establish security procedures

Monitor the service to ensure that performance and
availability expectations are being met

Update your business continuity plans to properly reflect
the cloud computing service

Assistant VP of IT

The Movement is Inevitable…

a purely economic level, the similarities between electricity and
information technology are even more striking. Both are what
economists call general purpose technologies. Used by all sorts of
people to do all sorts of things, they perform many functions rather
than just one or a few. General purpose technologies, or GPTs, are
best thought of not as discrete tools but as platforms on which many
different tools, or applications, can be constructed. Compare the
electric system to the rail system. Once railroad tracks are laid, you
can pretty much do only one thing with them: run trains back and
forth carrying cargo or passengers. But once you set up an electric
grid, it can be used to power everything from robots in factories to
toasters on kitchen counters to lights in classrooms. Because they're
applied so broadly, GPTs offer the potential for huge economies of
if their supply can be consolidated

Big Switch: Rewiring the World, from Edison to
, Nicholas Carr, Jan. 2008