Information Security

Cloud Security

Securing cloud services is a primary function of the Information Security Department.  Use of cloud services such as file storage, email, or learning management systems requires responsible computing practices. To ensure the confidentiality, integrity and availability of data you may store or share in cloud services, it is critical that adherence to policies governing use of cloud services are followed. 

Policy on Cloud Services for Storage, Communication, and Productivity Involving University Data

  • Use of cloud services for storage, communication and productivity involving University Level 1 data is prohibited (examples include, but are not limited to, Dropbox, Google Apps for Education, Office 365). 
  • Use of cloud services for storage of University Level 2 data must be limited to services contracted by and supported by the University.  Cloud services which are not supported by and provisioned by the University are prohibited. 
  • Uses of cloud service offerings which are not supported, provisioned or contracted by the University for storage, communication, and productivity are not recommended. This applies to any uses of University records including vital records which are classified as public or Level 3 data. University data should be limited to University supported, provisioned and contracted services. 
  • The use of public cloud services for academic, non-FERPA data is permitted. 

Additional Information

Policy for Use of Cloud Services for Storage, Communication, and Productivity Involving University Data (Software as a Service):


The following table outlines the data classification and proper handling of CSU, Chico data
Data Classification
Level 1
Protected
Level 2
Private Internal
Level 3
Public General
Non-University Data
Local Storage
(on your computer)
Incidental Use Allowed
Incidental Use Allowed
Incidental Use Allowed
Cloud Storage Approved by University
CSU Chico*
Box
Incidental Use Allowed
CSU Chico*
Box Level 1 Folder
Incidental Use Allowed
CSU Chico*
Sharepoint/O365/
OneDrive/Google Apps
Incidental Use Allowed
Incidental Use Allowed
Non-CSU Chico
Google, Box, Dropbox & O365
*Only services contracted by and supported by the University
Allowed   Not Allowed
Level 1 Protected Data - Confidential
(PII) Social Security number and name, driver's license number and name, and credit card numbers
(ePHI) Health Information
 Level 2 Private Data -Internal
Information Must be protected because of ethical or privacy concerns, such as grades, disciplinary actions, or student photos
  • FERPA Information
  • Employee Data
Level 3 Public Data - General
Information such as title, email address, or other directory information that is freely available in the public domain
Non-University Data
Personal files, instructional documents, syllabus