Cloud Platform Eligibility for Sensitive and Restricted Data
Campus provides contracts for three Infrastructure as a Service (IaaS) public cloud platforms: Google Cloud Platform, Amazon Web Services and Microsoft Azure.
- Google Cloud Platform is the campus preferred provider for Sensitive and Restricted Data
- Amazon Web Services is eligible
- Microsoft Azure is eligible
All three eligible platforms operate on the principle of the Shared Responsibility Model for Cloud Platforms (GCP, AWS and Azure)In the case of our preferred provider, GCP, campus is providing additional monitoring and security tooling to those utilizing the account.
The campus approach is to provide additional tooling and support to reduce the effort to build and maintain an appropriate security posture, without overly restrictive controls of creation of a full secure enclave. This enables faculty and staff the flexibility to leverage the many different services and the flexibility of the public cloud providers, while working with valuable institutional or research data, without imposing limitations or restrictive guidelines for use.
Campus has other services that are eligible for use with Restricted and Sensitive data, so if you and / or your local IT department have concerns or questions regarding the effort needed to meet your responsibilities in the shared security model, please reach out to us. We are happy to help you make an informed decision on what meets your needs. (Compliance list of approved tools, Storage Finder)
Regardless of selected platform, the account owner still maintains the responsibility to achieve & maintain the appropriate security controls per campus policy. This will require learning about or understanding the security best practices of the services you are leveraging in the cloud. The cloud team can advise and consult on best practices, but is not providing secured versions of all of the hundreds of cloud services available through these platforms.