Cloud Computing

IT Security

Home

Faculty

Staff

Students

Security

Help

Cloud Computing - Important Considerations

Cloud computing is the provisioning of IT resources over the Internet, as opposed to hosting and operating those resources locally on an organization's network. Although Cloud computing may provide excellent computing resources for the university, there are legal, security, and compliance risks that must be considered before placing university data into the cloud.

An ECU Cloud Computing Regulation is being developed that will govern the use of cloud computing service providers. Until that regulation is approved, here are seven things to consider before placing ECU data into the cloud:

Is the data subject to State or Federal regulatory requirements? FERPA (student), HIPAA (patient), NC Identity Theft (SSN, Driver's License, Banner ID, etc.), and GLBA (financial) are a few examples of laws requiring that ECU implements specific security controls to protect such data. These types of data must never be placed in the cloud without prior approval by appropriate university data owners and ITCS.
Does the cloud service provider implement appropriate security controls to protect university data? Does the cloud service provider freely supply evidence of that protection? If not, there may be reason for concern that appropriate security controls are not implemented.
Can the university retrieve the data if a legal hold or e-discovery request is placed against the data? Will the outsourced service provider provide ECU access to the data without authorization by the individual who placed the data into the cloud or a subpoena? Lack of unfettered access can pose major legal issues for the university.
Does the cloud service provider outsource the data storage or other hosting functionality to others (including international hosting providers)? How difficult will it be to retrieve university data? International laws do not provide the same protections as laws in the United States, and your data may be lost forever.
What are your options if the cloud service provider experiences technical issues and loses your data? Was your data backed up or is the data lost forever?
What happens to university data once the service is no longer used? Is data destroyed or stored indefinitely? University data should be owned by the university, and destruction should follow university data retention policies.
What are the reputational and financial costs if the cloud service provider experiences a data security breach? The university is at the mercy of the cloud service provider; therefore, a risk assessment should be conducted before storing university data in the cloud.

Contact the ECU IT Help Desk at 252.328.9866 or https://ithelp.ecu.edu/ and request a consult before placing ECU data into the cloud.

For more information about Federal and State regulations, please visit the Compliance and Regulations page.

IT Security Home

Computer Security Guide (pdf)

Disaster Recovery (Depts)

Awareness

Alerts
Symantec Alerts
Scam Alerts

User Safety
Cyberstalking
Identity Theft
Phishing Scams
Security Awareness Month

Equipment Safety
E-mail
File Sharing
Remote Access
Spyware
Twitter Info
Virtual Private Network

Best Practices

Data Encryption
Shared Folders
Online Banking
Operating Systems
Passphrases
Passphrase Test
Data Protection
Research Security
Safe Computing
Sensitive Data
Web Browsers

Policies, Laws, Guidelines

Student Workers
Students Supervisors
Regulations & Compliance
Passphrase Policy

Training

Security Awareness