Cloud File Storage has the unique capability that allows access to data from anywhere on any device (e.g. iPad, Android device, etc.). Most cloud file storage providers also provide “syncing” capabilities that allow you to have the same data in multiple places and “sync” it up to the cloud. This allows access from multiple machines but also provides a backup in case of data loss. The 3rd thing that many cloud file storage services offer is the ability to “share” your data with others. Some providers allow you to edit simultaneously, while some providers allow you to share back and forth for editing. There are many different ways to share and store data in the cloud.
Do you know the University currently has "access from anywhere" file storage options available? You can access your University “Home” or “Shared” drive by connecting to the VPN and mapping a drive. Another option is OneDrive for Business, which allows you to access your data (once uploaded into the service) from any web browser, and selectively share it with others inside and outside the University. OneDrive for Business is part of Office 365 and is sponsored by the university.
A consumer cloud file storage service is one that is made specifically for consumers and generally does not cost anything to sign-up. Examples of consumer cloud file services are DropBox, OneDrive, and Google Drive. As a general rule, you will get a limited amount of free storage to start with and can purchase more when needed.
An enterprise cloud file service is a service that is usually a purchased, contracted arrangement between your workplace and a cloud service provider. Access is provided via login with your HawkID.
Consumer services are made to be very user friendly, while security (and contractual guarantees to protect the information) is often a second consideration. You should always ask yourself “If the service goes out of business or is no longer available; how will that impact my business operations, can I manage without this data?"
Enterprise services are built “enterprise tough”. IT Staff at the University of Iowa will negotiate licensing and, support issues, including appropriate protections for institutional and personal data. For additional ease of use, ITS sponsored enterprise services that ITS provides will allow you to use your enterprise credentials (HawkID and HawkID passphrase) to sign in.
If you are already using a “consumer” service like DropBox, you don’t need to stop using it. However, you need to be aware of the types of files you are storing in the service. Information that is either protected or restricted, i.e. classified either as Level II or III data should only be put in a University sponsored enterprise cloud file service or service that has been negotiated with Purchasing/Licensing and Legal.
Protected data is anything classified as Level II (moderately sensitive) information. Protected data is data that may be accessed and used by campus users in the fulfillment of their roles on campus. Access restrictions are applied accordingly.
Restricted data is any data classified as Level III (highly sensitive) information. Inappropriate handling of this data could result in criminal or civil penalties, identity theft, personal financial loss, and invasion of privacy. Restricted data typically falls under one or more related Federal regulation and industry standard(s) that require them to have special security protections to maintain individual’s privacy.
The Family Educational Rights and Privacy Act (FERPA) broadly covers any record containing student information. Files that include social security numbers, as well as official records such as test scores, grade reports, or other information that identifies students, are considered “restricted data”. Data that has been “de-identified” and/or are not official education records are considered "protected data."
Health Insurance Portability and Accountability Act (HIPAA) data includes any records containing personally identifiable health related information. Health records containing social security number, patient number, name, address, birth date or anything that identifies an individual are all considered “restricted data”. Data that has been “de-identified” is considered "protected data."
In general, you should only upload information the University classifies as Level I (public) to any consumer cloud file service. Level I data does not carry the same privacy or protection requirements, or regulations, to protect the sensitivity of the data.