Cloud computing services offer many advantages for information resources: on-demand, self-service provisioning, rapid elasticity, resource pooling, and highly granular resource metering are some examples. Along with traditional on-premise information resources, Technology Services encourages the consideration of cloud computing services to meet university needs.
However, along with its various advantages, the use of cloud computing services can also expose Texas A&M University to costly risks due to the fundamental nature of the technology involved. No matter where an information resource is hosted—whether on-premise or in a public cloud—information resource owners must continue to ensure that university data is properly managed, that all privacy requirements are met, and that compliance with all relevant standards and regulations is verified.
Defining "Cloud Computing"
The term Cloud Computing is often used in different contexts to mean different things. Particularly when addressing policy and regulations around the use of technology, it is helpful to ensure that we are all using the same meanings to the words we use.
Here at Texas A&M, the term "Cloud Computing" has the meaning described in the National Institute of Standards and Technology Special Publication 800-145:
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
The document continues to describe five essential characteristics of cloud computing services, and three service models through which cloud computing services are delivered to consumers:
Policies Governing Cloud Computing
In the fall semester of 2019, the president approved a new SAP that was recommended by the Information Risk, Policy & Security Committee (IRPSC) in order to provide guidance on the use of cloud services at Texas A&M. Standard Administrative Procedure 29.01.03.M0.13 - Cloud Computing Services took effect for IaaS products starting Sept 1, 2019, and is staged in for PaaS and SaaS products through Sept 1, 2020.
In short, this SAP says that information services that are hosted in the cloud must meet the same security controls that are applied to all other information resources at Texas A&M. Please note that the scope of this SAP is only for information resources classified as Moderate or High Impact. If you’re not sure about the impact level of your resource, you can use our Impact Calculator to assist.
List of Approved Cloud Service Providers
This list is available here: Reviewed Cloud Services. Visit that page to request that a new product be added to this list.