University of Bath

Deciding whether to store data in the cloud

What you should consider if you are thinking about saving data in the cloud.

Our advice

Staff and students should use caution before storing information on Google Apps, Dropbox, or any other cloud service provider. As a general rule, you should not use a third party cloud service provider if there are likely to be legal or reputational consequences should the information you are storing or processing be lost, stolen, or seen by unauthorised persons or organisations. Staff and students can benefit from using files.bath which offers secure file storage with the same ease of use. Computing Services will not install sharing applications on to PCs where there would be an unacceptable security risk, or would otherwise interfere with the network.

Think about the following when you consider storing information in the cloud:

Sensitivity

There is no way of guaranteeing the security of the data anywhere. However, data stored on files.bath is held on secure servers located on campus. This provides an extra layer of assurance over data security that cloud services, who could store your data anywhere in the world, do not.

Therefore, our advice is to consider the nature of the information. If it includes sensitive personal, non-public information (e.g., addresses, financial information, health information, or confidential educational records) it must be stored on systems that are designed with security in mind and which typically use access control and encryption to prevent unauthorised access. If loss or unauthorised access of the data would be in breach of the Data Protection Act, or cause embarrassment or reputational damage to the University, it should not be placed with cloud service providers.

Even when using cloud services for non-sensitive information, you should always use a different password to your University IT account.

Value and Ownership

The University's research produces valuable intellectual property. If you have files or data that have high intellectual or financial value (e.g. original research papers or designs), cloud service providers should not be used. If you have data that would impact the University in any way should that data be lost or become unavailable, multiple, secure methods of data storage are recommended, of which files.bath is one recommended by the University, in preference of cloud based options.

Research Restrictions

If you are undertaking research, there may be restrictions in place which would preclude the use of cloud technology. These include confidentiality agreements with partner organisations or research subjects, restrictions as part of your research grant, or import/export restrictions. You should check carefully before submitting files to a cloud service provider and ensure that all parties and stakeholders in the research are satisfied that your handling of the data is sufficiently robust. Good management of university research data, and data management plans are becoming increasingly important; cloud service providers can often make data management plans difficult to meet.