Don't Cloud SFU Data
Storing information in "the cloud" is becoming more compelling, but great care is required to ensure the cloud is used by SFU faculty and staff only when appropriate. We must ensure we comply with the provisions of the BC Freedom of Information and Protection of Privacy Act (FIPPA).
In general, using the cloud or "Software-as-a-Service" (SaaS) systems is legal only if SFU can guarantee that personal information in the data remains in Canada. This is not true for many SaaS systems (Apple's iCloud, Amazon Web Services including EC2 and S3, ElasticHosts, IBM SmartCloud, Rackspace Cloud, ...), free email and collaboration services (Google, Microsoft, Yahoo, AOL, ...), and various document-storage and backup systems (Dropbox, Windows Live, ASUS WebStorage, FilesAnywhere, IDrive, Syncplicity, and many others).
All systems implemented or controlled by SFU IT Services comply with FIPPA, and should be used by all faculty and staff.
As CIO, I have to assume that all email accounts, all electronic calendars, and many SFU documents ("business records") contain personal information subject to FIPPA. Here are some consequences.
- Do: Use SFU Connect for all SFU business, including email, calendars, and shared briefcases of documents.
- Do Not: Forward your SFU email to a cloud email account, such as those of Google or Microsoft.
- Do: Access SFU Connect from all your personal devices, whether desktop or laptop computers, tablets or iPads, smart phones or iPhones.
- Do Not: Synchronize your devices through cloud services such as Apple's iCloud, now used by default by iTunes (both PC and Mac), iPhones, iPads, and iPod touch devices.
- Do: Share documents collaboratively through services provided by SFU. Examples include WebCT, protected web sites, Sakai or wiki spaces, WebDAV or sftp sites, and SFU Connect "Briefcases". (Briefcases allow you to create shared folders of documents that can be uploaded and downloaded from any Connect client. New versions of Zimbra, the software of SFU Connect, are expected to provide much improved briefcase functionality similar to Dropbox.)
- Do Not: Synchronize documents containing personal information through Dropbox or similar mechanisms.
- Do Not: Backup a device containing SFU information to any cloud service storing the information outside Canada.
Why are there no cloud services in Canada?
There are a few, but not many. (One example of a survey SaaS company is FluidSurveys, which guarantees to store all data in Canada.) One obvious reason is that the Canadian market is too small to convince the large industry players to bother with creating and maintaining isolated systems in Canada. Some Canadian cloud providers exist and more are emerging, but most are not free. As we note opportunities, we continue to evaluate the business cases for Canadian cloud computing, but still rely mainly on systems housed and maintained at SFU.
On the provincial and national fronts, BCNET (our high-speed research network consortium), CANARIE (the national high-speed research network), and CUCCIO (the Canadian University Council of Chief Information Officers) continue our efforts to develop Canadian cloud capacity appropriate for higher education.