Cloud Computing Services Policy
Cloud computing offers a number of advantages including low costs, high performance and quick delivery of services. However, without adequate controls, it also exposes individuals and organizations to online threats such as data loss or theft, unauthorized access to corporate networks, and so on.
It is imperative that employees NOT open cloud services accounts or enter into cloud service contracts for the storage, manipulation or exchange of University-related communications or University-owned data without first consulting the Information Technology Services (ITS) Department. This is necessary to protect the integrity and confidentiality of Southwestern Oklahoma State University (SWOSU) data and the security of the University network.
Southwestern Oklahoma State University’s ITS department remains committed to enabling employees to do their jobs as efficiently as possible through the use of technology. The following guidelines are intended to establish a process whereby SWOSU employees can use cloud services without jeopardizing University data and computing resources.
This policy applies to all employees in all departments of Southwestern Oklahoma State University, no exceptions.
This policy pertains to all external cloud services, e.g. cloud-based email, document storage, Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), etc. Personal accounts are excluded.
If you are not sure whether a service is cloud-based or not, please contact the ITS Department.
- Use of cloud computing services for work purposes must be formally authorized by the ITS Department. The ITS Department will certify that security, privacy and all other information technology management requirements will be adequately addressed by the cloud computing vendor.
- For any cloud services that require users to agree to terms of service, such agreements must be reviewed and approved by the ITS Department.
- The use of such services must comply with Southwestern Oklahoma State University’s existing Computing Policy.
- Employees must not share log-in credentials with co-workers.
- The use of such services must comply with all laws and regulations governing the handling of personally identifiable information, University financial data or any other data owned or collected by Southwestern Oklahoma State University.
- Sensitive and/or protected data may not be stored in the Cloud.
- Personal cloud services accounts may not be used for the storage, manipulation or exchange of University-related communications or University-owned data.
Approved Cloud Computing Services
Southwestern Oklahoma State University has secured Dropbox as an approved cloud computing service for the purpose of conducting University related business and the storage of its data. Though independent of any personal account, a Dropbox for Education account may be connected with a personal account for convenience. Contact the ITS Department for account access and directions in joining the SWOSU Dropbox team.