Recommandé
Recommandé
Contenu connexe
En vedette
En vedette (11)
Similaire à Dr Christine Sexton on the University of Sheffield's Cloud Story
Similaire à Dr Christine Sexton on the University of Sheffield's Cloud Story (20)
Dernier
Dernier (20)
Dr Christine Sexton on the University of Sheffield's Cloud Story
- 1. Dr Christine Sexton Director, Corporate Information and Computing Services University of Sheffield
- 3. Why? • Poor student email service • Mobile strategy • Email servers getting old • Concentrate on added • Quick wins (timetable) value • Calendar product not • Pace of Innovation supported • Carbon footprint • Improved service
- 4. How • Students – normal governance • Decision May 2009 • Implementation August 2009 • Staff – approval of UEB • Implemented email during 2011 • Calendar August 2011
- 5. Implementation • Open & transparent • Engage user community • No big deal • Risks identified – Charging – Resistance to change – Volatility of development – Impact on skills
- 6. Email • Tools provided by Google • All mail migrated • Student – Migration of existing mail – Friendly email aliases • Staff – Users can continue to use client – IT Support staff early adoptors. – Support Staff in Departments, personal service – Feedback sessions after dept is complete.
- 7. Calendar • Students – Population of Calendars with timetables • Staff – Big Bang approach needed – Data Migration out-sourced – Users used to Oracle Calendar – Major business change involved
- 8. Issues • Disruptive technology • Integration • Training for different communities of users • Benefits • Other “Core Apps” - Docs, Sites, Groups, Labs • Client configuration • Google changing things
- 10. “That's great news for students, now when can staff have it?” A member of staff
- 11. Security
- 27. “After careful assessment of Google Apps for Education against UK Data Protection Law and the University’s own privacy policies the University is satisfied that personal data is being processed appropriately”
- 28. Risk
- 29. The University has a modified contract with Google, based on Google’s standard terms and conditions. Google have agreed to only process personal data in accordance with the standards set out by the EU directive on data protection. The University has assessed the risk in relation to the US Patriot Act is satisfied that the increased risk presented by this is very small and is manageable.
- 30. Safe Harbor
- 31. Export Control • Technical information covered by UK export law • Legal advice The use of Google mail … would not in itself qualify as exporting data. • Data transmitted by email can pass through national boundaries regardless of destination • Therefore, although the risk is very low …… careful consideration should always be given as to how controlled technology is transmitted and where it is stored.
- 36. The future
- 38. Thank you c.sexton@sheffield.ac.uk http://cicsdir.blogspot.com/ @cloggingchris
Notes de l'éditeur
- WhyWhatHow Issues, including data security and privacy
- Improved service egfilestore
- Paper to UEB was two sides of A4
- Changed name of project from “Next Generation email & Calendar” to ”Google Apps”Paper to UEB was 2 sidesResistance to change risk had security behind it
- Good quality comms neededAbout 200 Users a night is viable
- Disruptive technology - what do you do with all the existing stuffIntegration with your stuffTraining for different communities of usersMaking sure you get the benefitsWhat to do about other “Core Apps” - Docs, Sites, Groups, LabsIMAP access to mail
- Built own servers and netorksAll designed with failure in mind
- Back up
- Can afford to spend more than us on security. In fact, more than most governements.
- The contract specifies how and where different types of data will be held and processed by Google.The contract specifies that both Google and the University must abide by a comprehensive Privacy Policy.The contract has specific clauses that cover when and how data will be processed and the retention periods for data.The contract and Privacy Policy are clear that data will not be shared with third parties except where required to do so by lawGoogle adheres to the United States Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce’s Safe Harbor Program. The US Patriot Act has strict legal processes that must be followed, and Google make it clear in their Privacy Policy that they will only respond to lawful requests where there is evidence that the correct processes have been followed.
- As you know, our stance is that we adhere to the principles of the European Directive on Data Protection through participation in Safe Harbor. We don't disclose where our Data Centres are and the EU Directive does not require that we do so. What's important is knowing whether the Data Processor takes appropriate measures to protect data - which of course we do.And, in case you're asked, we do not commit to maintaining data in the US/EU but we do commit to maintaining Safe Harbor compliance during the Term of the Agreement.EUData Protection Directive, which sets comparatively strict privacy protections for EU citizens. It prohibits European firms from transferring personal data to overseas jurisdictions with weaker privacy laws, but creates exceptions where the overseas recipients have voluntarily agreed to meet EU standards under the Directive's Safe Harbor Principles.These principles must provide:Notice - Individuals must be informed that their data is being collected and about how it will be used.Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.Security - Reasonable efforts must be made to prevent loss of collected information.Data Integrity - Data must be relevant and reliable for the purpose it was collected for.Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.Enforcement - There must be effective means of enforcing these rules.
- A small number of researchers in the University handle technical information that is covered by UK export law (this is usually, but not limited to, defence related technologies). As the data in Google Apps for Education may be held on servers outside of the UK, the University has obtained legal advice on the specific matter of technical information controlled by export law:The use of Google mail to send, receive or store emails that contain information controlled by export law would not in itself qualify as exporting data. For example if both the sender and recipient are in the UK.The use of any mail system to send, receive or store emails that contain information controlled by export law to those outside of the UK would qualify as exporting data.Data transmitted by email can pass through national boundaries regardless of destination and can also be accidentally forwarded to unintended recipients. Data stored in Google Apps for Education could in theory be made available to US law enforcement agencies. Therefore, although the risk is very low, and as should be the case anyway, careful consideration should always be given as to how controlled technology is transmitted and where it is stored.
- The New Privacy Policies only affect users of our Consumer Services. It does not affect the standard, core Google Apps for Education ToS, which are governed by the Google Apps for Education Agreement that the institution accepts (either online or offline). However, if you provision any of the Consumer Services (Google+, Picassa, YouTube, etc.) through the Apps for EDU Control Panel, users of those services will be presented with the Consumer Terms and those terms and the new Privacy Policies will govern the use of those products/services.
- One potential answer to the “what can we stop doing?” question.
- YHMAN regional facility based on VMWAre. Community Cloud. Currently sheffield, leedsleeds metPrivate network with virtual security.IaaS.Pathfinder project.Back up, business continuity, temporary capacity.