Rev. 1.0
Effective Date: November 1, 2016
Last Revised: –
Table of Contents
1. Summary
This document is in direct support of the Georgia Institute of Technology Computer and Network Usage and Security Policy (CNUSP). The Office of Information Technology (OIT) provides Cloud Based File Sync and Storage (CBFSS) services to qualified campus users at Georgia Tech. This policy provides the necessary guidance to users of these services on security and best practices.
2. Definitions
| Cloud Storage | An Internet-based environment where the physical location may not be 100% known or required (other than through contractual agreements). |
| Syncing | Connecting a computing resource with a local environment such as a laptop, desktop, or mobile device with the intended purpose to have an offline copy. |
| Sharing | Granting access to a computing resource to an individual or group of individuals that did not previously have access either through the dissemination of a link or granting of specific named-user access within a given system. |
| Consumer Accounts | An account, which does not fall under a Georgia Tech vetted agreement and safeguards, and may be granted to any individual requesting access to a third party service. |
3. Scope
This policy applies to all users of cloud based services provided by the Georgia Tech Office of Information Technology.
This policy does not apply to any other cloud based services used at Georgia Tech.
4. Statement of Policy
Overview
The following FAQ describes what types may be stored in each of the OIT cloud services. You should consider the various categories when storing data in any cloud provider: https://gatech.service-now.com/home?id=kb_article_view&sysparm_article=KB0023330.
When using OIT provided cloud services, all other Institute IT policies apply and should be followed. For more information on the Institute IT/Security policies, please see the IT policy book on the Institute Policy Library: http://policylibrary.gatech.edu/information-technology
Incidental Personal Use
As with per the Institute Acceptable Use Policy, incident personal use of IT services is permitted, including the services in-scope of this policy.
Syncing of Data
Any syncing of data to personally owned devices requires that those personal devices conform to the security standards detailed in the Data Access Policy and the Data Protection Safeguards.
Sharing of Data
Any syncing or sharing with users internal or external to Georgia Tech must follow the Data Access Policy, and any other relevant Institute policies regarding intellectual property.
5. Best Practices
Device Authorization
Users are encouraged to periodically review all connected devices to a CBFSS offering and to remove any old or no longer needed devices. Users are solely responsible for the data that they have synced to a given device under their authorization.
Sharing and Data Retention
Users are encouraged to periodically review all sharing within a CBFSS offering and to remove any old or required shares or sharing links and to remove access to users who are no longer at the Institute or no longer collaborating on that given resource. Users are solely responsible for how and when their content is shared and with whom.
Users are encouraged to follow the Georgia Board of Regents Retention schedule. The schedule and more information can be found at: http://www.usg.edu/records_management/schedules/
6. Compliance
Any person (or unit) who uses OIT CBFSS Services consents to all of the provisions of this policy and agrees to comply with all of its terms and conditions, with all Institute and Board of Regents policies, and with all applicable state and federal laws and regulations. Users have a responsibility to use these resources in an efficient, effective, ethical, and lawful manner. Violations of the policy may result in loss of usage privileges, administrative sanctions (including termination or expulsion) as outlined in applicable Georgia Tech disciplinary procedures, as well as personal civil and/or criminal liability.
7. References
| Resource | Link |
| Which Cloud-Based File Sync and Storage Offering Should I Use? | https://gatech.service-now.com/home?id=kb_article_view&sysparm_article=KB0023330 |
| Georgia Tech Data Access Policy (DAP) | http://www.policylibrary.gatech.edu/information-technology/data-access |
| Georgia Tech Computer & Network Security Procedures | http://www.policylibrary.gatech.edu/computer-and-network-usage-and-security |
| Georgia Tech Copyright Infringement Complaint Response Procedures | http://www.oit.gatech.edu/copyright-infringement-complaint-response-procedures |
8. Revision History
| Revision Number | Author | Description |
| 1.0 | Jimmy Lummis | Initial published draft. |
Please note that this is a Service Policy, not an Institute Policy. Institute Policies can be found on the Policy Library Website.