Please refer to the Institute's risk classification levels on the Infoprotect website.
In general, it is acceptable to store Medium Risk information in MIT licensed cloud platforms. Some types of High Risk information can be stored in the cloud if it is first encrypted using file or volume level encryption (Encrypting a file before sharing ).
Such data should be reasonably secured by sharing only with persons who need to access the data for a permissible purpose, and under strict instructions that these persons (a) may not share the data with any third party, absent permission from you, and (b) should delete the data from their local systems when they are finished with it.
When using cloud storage services, you should always:
- Comply with applicable laws and MIT's policies, including those relating to Responsible Use of IT Resources
- Be mindful of your folder settings, and locate data appropriately
- Double-check the security settings on any folders prior to sharing them with another user.
- Remember the "analog hole": once data has been converted to a human readable form, there is no way to truly protect it. For example, even a PDF file with printing, saving, and copying restrictions can still be copied if the recipient uses a screen-capture tool, takes a picture with a mobile phone, or even copies the document longhand onto a piece of paper. Therefore, you should only share data with those you trust, and with only the minimum number of people necessary.
Cloud storage services should never be used to:
- Infringe others' intellectual property rights, including by sharing copyrighted content
- Violate the privacy of others
- Distribute harmful or malicious code