Topics Map > Security
Topics Map > Campus Services > Storage
Topics Map > OS & Desktop Software > Office Productivity
Security - Staying Safe in "the Cloud"
“The Cloud” is technology that is being rapidly adapted by organizations and individuals because it allows users to easily access their data from multiple devices anywhere in the world. “Cloud” technology means different things to different people, but a general description is using a service provider on the Internet to store and manage your data for you. Examples of Cloud computing include Google Docs, Dropbox, storing your music on Apple’s iCloud, and Microsoft OneDrive.
When you utilize cloud technology you are handing control of your data over to the service provider, which creates special challenges to keeping that data both secure and available. Here are some items you should to consider when utilizing “the Cloud.”
1. Make sure you are authorized to store information in a Cloud service. For information that is owned by an organization, you may not have the authority or permission to store that information in the Cloud, and doing so could produce legal ramifications. NOTE: If you are looking to utilize a Cloud service for UW-Platteville-owned information you will need to contact the Purchasing department and complete a cloud computing checklist.
2. Choose the right Cloud services for you and your information. There are a myriad of services to choose from, but SANS Securing the Human recommends looking at a potential service using the Four S’s:
a. Support: Is it easy to contact support? Are there multiple methods of contact (e.g. phone number, user forum, etc.)?3. Understand the settings and security on your Cloud account. Using a Cloud service appropriately has a significant impact on the security of your data! Key steps to consider are:
b. Simplicity: How easy is it to use the service? The more complex a service is, the more likely an error could unintentionally expose your information.
c. Security: Is the connection to the service encrypted? How is your data stored in the Cloud? Who can access your information?
d. Service: Review the Terms of Service agreements. Confirm who can access your data and what your legal rights are to your data once you start using the service.
a. Using strong, unique passwords/passphrases; if two-factor authentication is available use it!
b. Don’t set the default sharing on your files permissions to everyone. Add and remove access only to individuals with a need to the data.
c. If you are using a service that allows you to share a link to your data, be aware that any individual who has that link can access your data, not just the individuals you first shared it with. If you choose to share a link, make sure to disable the link when it is no longer needed.
d. Review and understand the settings protecting your data. Example: If you share a folder with someone, does that give them permission to also share it with others?
e. Make sure a current version of antivirus software is installed on computers that you use to access your data. If you upload an infected file, other computers accessing that file could also get infected.
f. Make backups of your data. Even if your Cloud provider is backing up your data, making your own backup allows you to control the frequency and how long the backups are retained; it also protects your data if your service provider goes out of business or your data becomes inaccessible.
Microsoft OneDriveUW-Platteville students, faculty, and staff have access to their own Cloud storage via Microsoft’s OneDrive. While OneDrive storage is part of your university resources through the Office365 migration, you still want to apply the above considerations and a healthy dose of paranoia to your use of OneDrive.
For instance, OneDrive can be a great tool to use to collaborate on documents for team projects, share resources with your class, or access that “To-Do” spreadsheet you use to keep track of your daily work tasks. OneDrive should not be used to store proprietary UW-Platteville information, and NEVER to store sensitive data such as social security numbers, bank account information, etc.
Beware the share. Your UW-Platteville OneDrive data may only be shared internally with other UW-Platteville individuals; however, please continue to be aware of your settings and share your data only with individuals who need to have access, rather than providing default access to all users.
Always back up your own data! UW-Platteville will have no control over downtime that may occur on your OneDrive account. Microsoft provides generally reliable service. However, if Microsoft has an issue that requires the service to be unavailable, it could happen at a time when you need access to your data. Without a backup you will have to wait until Microsoft restores service to regain access to your data.
Utilizing “the Cloud” can provide numerous opportunities and benefits, but without proper consideration and security, it can also come with many risks to your data. For questions about appropriate types of data to use in the Cloud, information about Cloud security, or other information security related items please email firstname.lastname@example.org or visit the UW-Platteville Information Security webpage at http://www.uwplatt.edu/its/information-security.
Referenced: SANS Securing the Human “OUCH! Using the Cloud Securely” newsletter, Sept 2014.
“5 Tips to Keep Your Data Secure on the Cloud” http://www.cio.com/article/2380182/cloud-security/5-tips-to-keep-your-data-secure-on-the-cloud.html
“The Security of your Files in OneDrive” http://windows.microsoft.com/en-us/onedrive/security
“The Start-to-Finish Guide to Securing Your Cloud Storage” http://lifehacker.com/the-start-to-finish-guide-to-securing-your-cloud-storag-1632901910