Protect Data in the Cloud
This article applies to: Cloudification , Security & Policy
If Cornell doesn't provide a service that you need, follow these guidelines, at a minimum, to help protect university data.
Select a Trustworthy Consumer (Non-Cornell) Cloud Service
Never use your NetID password. Using your NetID password for any service that doesn't use Cornell's Shibboleth, CUWebLogin, or ADFS increases the risk of your password being compromised (everything you can access at Cornell would be at risk - personal information about yourself and others could be stolen, your email could be used to spam people, etc.).
Read the end user license agreement (EULA).
- Set permissions to ensure privacy - Make sure data isn't publicly shared by default (very common). If you can't ensure data is kept private and secure, work with local technical support to find a better service.
Read and make sure you agree to privacy policies - Find out things like:
- How much will the service disclose about you?
- Who will it share your information with?
- What kinds of your information will it share (name, contact info, credit card numbers, etc.)?
Back up your data. If you are going to store data in a non-Cornell cloud service and you are unsure about the quality of the service provider's backup system, you should have your own backup.