Cloud Storage Guidelines to Educational and Sensitive Data

WWU-provided cloud services from Microsoft (e.g., SharePoint, Teams, OneDrive) are appropriate for most communication and collaboration; however, care must be taken in setting sharing permissions before you store information on a cloud service.

Types of data requiring special attention before sharing on a cloud service:

  • Personal information (e.g., social security numbers, dates of birth, student records, and financial aid data).
  • Proprietary information (e.g., College financial data and donor information).
  • Regulated information, the disclosure of which is subject to regulatory compliance (including FERPA, GLBA, HIPAA, etc.).

Sharing of documents with internal and external collaborators is possible, but caution should be exercised when doing so.  Make sure you understand the sharing mechanisms available before sharing files or folders with anyone – and set up reminders to periodically review any sharing permissions you have setup. You are encouraged to contact an IT specialist if you have any questions relating to setting permissions or would like any assistance

Sensitive information should not be stored on office computers, removable storage devices, or non-Microsoft cloud services like G Suite and DropBox. If a computer must be used to store sensitive information, it must be in a secure location, and each individual authorized to use the computer should have a unique username and adhere to ITS password requirements.  Sensitive information should not be stored on a laptop or mobile device unless absolutely necessary (and that device is both password-protected and encrypted).

WWU OneDrive for Business

WWU provides online storage and collaboration options to all WWU students, faculty, and staff. OneDrive for Business provides a cloud storage resource for University data. While WWU-local computing resources are preferred mechanisms for storing sensitive data – WWU has specific agreements with Microsoft that allow FERPA- and HIPAA-protected data to be managed within OneDrive for Business when internal business process warrant. Other services such as Office 365 Exchange and SharePoint Online are also covered by the WWU agreement and may also be acceptable for sensitive information. Sharing of documents with internal and external collaborators is possible, but caution should be exercised when doing so. Please note: One Drive for Business is different from the individual consumer version of OneDrive, which does not meet the security requirements for WWU data storage.

WWU Google Drive

WWU offers authentication to the Google Drive environment with your WWU credentials (userID@wwu.edu). This is an additional option for those that choose to use this alternative. WWU does not have a specific agreement in place for this storage option to meet HIPAA-protection requirements. While Google is contractually and legally responsible to protect FERPA data, WWU advises the use of Microsoft SharePoint, Teams, or OneDrive for any sensitive data storage.

WWU’s ability to support G Suite is not backed by a support contract and will amount to “best effort” in many cases.

Again, the sharing of documents with both internal and external collaborators is possible, but caution should be exercised when doing so.

Other Applications

WWU offers many other applications and services that are cloud-based: Canvas, eProcurment, PageUp, etc. These examples are specific tools that enable certain activities within their academic or business processes. These services differ considerably from general file storage solutions like OneDrive for Business and Google Drive – in that the ability to extend sharing permissions are quite different. These services present much lower risk to institutional data.

Topic: Security