Embed Size (px)
DESCRIPTION
Dr Christine Sexton talks about perceived cloud security issues and
Citation preview
Dr Christine Sexton
Director, Corporate Information and Computing Services
University of Sheffield
Our Cloud Story
Why?
• Poor student email service
• Email servers getting old
• Quick wins (timetable)
• Calendar product not supported
• Improved service
• Mobile strategy
• Concentrate on added value
• Pace of Innovation
• Carbon footprint
How
• Students – normal governance
• Decision May 2009
• Implementation August 2009
• Staff – approval of UEB
• Implemented email during 2011
• Calendar August 2011
Implementation
• Open & transparent
• Engage user community
• No big deal
• Risks identified
– Charging– Resistance to change– Volatility of development– Impact on skills
• Tools provided by Google• All mail migrated
• Student– Migration of existing mail– Friendly email aliases
• Staff– Users can continue to use client– IT Support staff early adoptors.– Support Staff in Departments, personal service– Feedback sessions after dept is complete.
Calendar
• Students
– Population of Calendars with timetables
• Staff
– Big Bang approach needed
– Data Migration out-sourced
– Users used to Oracle Calendar
– Major business change involved
Issues
• Disruptive technology
• Integration
• Training for different communities of users
• Benefits
• Other “Core Apps” - Docs, Sites, Groups, Labs
• Client configuration
• Google changing things
Multiple accounts
“That's great news for students, now when can staff have it?”
A member of staff
Security
“After careful assessment of Google Apps for Education against UK Data Protection Law and the University’s own privacy policies the University is satisfied that personal data is being processed appropriately”
Risk
The University has a modified contract with Google, based on Google’s standard terms and conditions.
Google have agreed to only process personal data in accordance with the standards set out by the EU directive on data protection.
The University has assessed the risk in relation to the US Patriot Act is satisfied that the increased risk presented by this is very small and is manageable.
Safe Harbor
Export Control
• Technical information covered by UK export law
• Legal advice The use of Google mail … would not in itself qualify as exporting data.
• Data transmitted by email can pass through national boundaries regardless of destination
• Therefore, although the risk is very low …… careful consideration should always be given as to how controlled technology is transmitted and where it is stored.
The future
![Federated Cloud Security Architecture for Secure and … · Federated Cloud Security Architecture 171 2 Cloud Security We briefly review cloud security [40] and related prior work](https://img.pdfslide.net/doc/110x75/5b19fbfc7f8b9a32258cef49/federated-cloud-security-architecture-for-secure-and-federated-cloud-security.jpg)