Access Keys:
Skip to content (Access Key - 0)

Security Considerations for Cloud Storage

In general, it is acceptable to store Medium Risk information in MIT licensed cloud platforms (MIT Dropbox, MIT Google Drive, MIT One Drive). Some types of High Risk information can be stored in the cloud if it is first encrypted using file or volume level encryption (Encrypting a file before sharing ).

Best Practices for securing Medium Risk data stored in the cloud

Medium Risk data should shared only with persons who need to access the data for a permissible purpose, and under strict instructions that these persons (a) may not share the data with any third party, absent permission from you, and (b) should delete the data from their local systems when they are finished with it.

Devices used to access such data should be appropriately protected regardless of where the data is stored. Please review the recommended tasks to protect Medium Risk data for guidance.

Best Practices for securing High Risk data stored in the cloud

High Risk data should be encrypted with file or volume-level encryption before uploading to an MIT licensed cloud platform. Encryption passwords should be shared securely and separately from the volume. The Institute licenses LastPass which can be used to generate strong passwords and share passwords securely. Volume-level encryption ensures that only those that have the password can access the data. It provides protection in the case of misconfiguration of folder permissions, a compromised account, and not even the administrators of the cloud platform can access the data without the password.

High Risk data should be shared only with persons who need to access the data for a permissible purpose, and under strict instructions that these persons (a) may not share the data with any third party, absent permission from you, and (b) should delete the data from their local systems when they are finished with it.

Devices used to access such data should be appropriately protected regardless of where the data is stored. Please review the recommended tasks to protect High Risk data for guidance.

General usage guidelines

When using cloud storage services, you should always:

  • Comply with applicable laws and MIT's policies, including those relating to Responsible Use of IT Resources
  • Be mindful of your folder settings, and locate data appropriately
  • Double-check the security settings on any folders prior to sharing them with another user.
  • Remember the "analog hole": once data has been converted to a human readable form, there is no way to truly protect it. For example, even a PDF file with printing, saving, and copying restrictions can still be copied if the recipient uses a screen-capture tool, takes a picture with a mobile phone, or even copies the document longhand onto a piece of paper. Therefore, you should only share data with those you trust, and with only the minimum number of people necessary.

Cloud storage services should never be used to:

  • Infringe others' intellectual property rights, including by sharing copyrighted content
  • Violate the privacy of others
  • Distribute harmful or malicious code

See Also

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

December 04, 2024

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-dropbox c-dropbox Delete
security security Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki