Main Nav

Cloud Security Awareness

Cloud computing is similar to the Bring Your Own Device (BYOD) syndrome. You can fight it all you want, but sooner or later your organization will most likely have to accept it. A common failure with securing the Cloud is that most organizations focus on only the technical controls, such as where is the data stored or when and how is the data encrypted. However, you must also train and educate the very people using this technology or you can expose your organization to tremendous risk. Technical controls can only do so much. The following are some of the key awareness points to consider.

1. What Is The Cloud?

First, don't assume everyone in your organization knows or understands what the Cloud is. Before you start explaining policies for Cloud, explain what it is and how it works. Consider including examples; people may not realize that Google Docs or Dropbox is the Cloud.

2. Is The Cloud Allowed?

Is the use of the Cloud allowed in your organization? If no, then make sure people know it. If yes, then which Cloud solutions can they use and what are the limitations? Are they allowed to install their own Cloud solution? For example, if you have BYOD you may want to make sure people are not backing up your organizational data to their personal iCloud account.

3. Sharing

What data can be stored in the Cloud? Once stored, what data can they share and with whom? Can they use the Cloud to share data with people outside the organization?

4. Access

What devices can they or can't they access the Cloud from? Is two-factor authentication required? What other access requirements do you have?

The Cloud, like so many other technologies, is a tremendous tool organizations can leverage. However just like so many other technologies, unless people understand the basics of how to use it securely, you are exposing your organization to tremendous risk.

BIO: Lance Spitzner is the training director of SANS Securing The Human program. His job and passion is helping organizations around the world build high-impact awareness programs. To learn more or download free resources visit the Securing The Human website.


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


Digital Badges
Member recognition effort
Earn yours >

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.