Cloud Storage Security Guideline
UPDATED JANUARY 2016
To establish a prudent cloud based storage security guideline not covered by an existing legal contract between Boise State University and a cloud storage service provider such as Google. This guideline does not authorize any action which would infringe on any other policy, rule, statute, contract or legislation to which the University and users of its IT resources are subject.
This guideline applies to all users accessing systems and resources at Boise State University.
Employees using cloud storage to store University data MUST:
- Ensure that the University data is protected using appropriate data encryption as outlined in the System Security Encryption Guideline.
- Ensure that all University data has been permanently deleted from cloud storage once their need to store such data is no longer required.
- Immediately report to the Chief Information Security Officer any incident or suspected incidents of unauthorized data access as it relates to their cloud storage provider.
The use of cloud based storage services MUST NOT:
- Introduce risk to the security, privacy, copyright and retention of Boise State data.
- Be utilized to store or share Level 1 (Private/Confidential) or Level 2 (Protected) data as defined by the Boise State Data Classification Standard.
The use of cloud based storage solutions to store Boise State University data in an insecure manner could lead to inadvertent disclosure, lost and/or stolen data. Such a breach could result in damage to critical applications, financial loss, and damage to the University’s public image. Therefore, all users employing cloud based storage solutions to store Boise State University data of any type, must adhere to University-defined policies, standards, plans and processes.
Individuals using computer systems owned by Boise State University do so subject to applicable laws and University policies. Boise State University disclaims any responsibility and/or warranties for information and materials residing on non-university systems or available over publicly accessible networks. Such materials do not necessarily reflect the attitudes, opinions, or values of the State of Idaho, Boise State University, its faculty, staff, or students.
Questions about this guideline should be directed to the Chief Information Security Officer:
Phone: (208) 426-5701