Cloud computing is rapidly transforming the IT landscape. Many Lehigh University Data Owners are showing strong interest in outsourced Cloud offerings that can help them reduce costs and increase enterprise agility. These Cloud services offer enormous economic benefits but they also may pose significant potential risks in safeguarding university information assets, and in complying with a myriad education, industry, and government regulations.
The goal of this guide is to provide to units within Lehigh University an ability make pragmatic decisions about where and when to use Cloud solutions by outlining specific issues that should be raised with hosting providers before selecting a vendor, as well as highlight the ways the vendor might respond in any service RFP so that Lehigh Data Owners might conduct business in the Cloud with confidence.
This guide can be used to assist Lehigh University personnel as well as Service Providers in responding to RFP’s and evaluating collocation, managed hosting, Cloud and Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Desktop-as-a-Service (DaaS), and Backend-as-a-Service (BaaS) providers. It is recommended each Data Owner should carefully evaluate every question/requirement to insure it is valid for their specific needs. Additional evaluation criteria, questions, and information may be included to reflect unique requirements and thus certain portions of this content may be eliminated or expanded upon, depending upon those specific requirements.
To create an organized evaluation template this guide will be broken into nine areas for consideration. Two of these areas include a General Considerations and Data Encryption section. The remaining seven areas will align to areas of security risk services associated with enterprise Cloud computing as defined by Gartner Research. In those areas Gartner recommends that organizations address several key issues when selecting a Cloud hosting provider:
To reap the benefits of Cloud computing without increasing security and compliance risks, Lehigh University must ensure they work only with trusted service providers that can address these and other Cloud security challenges. In moving from using just one Cloud-based service to using several from different providers, we also must manage all these issues across multiple operators, each with different infrastructures, operational policies, and security skills. This complexity of trust requirements drives the need for a ubiquitous, highly reliable method to secure your data as it moves to, from and around the Cloud.
Library & Technology Services
8A East Packer Ave,
Bethlehem, PA 18015
Lehigh University provides a leading-edge library and technology environment that enables flexibility, innovation, and effectiveness in all areas of the academic enterprise, including learning and the student experience, research, administration, community-building and outreach.
27 Memorial Drive West, Bethlehem, PA 18015