IT Services will develop a cloud service assessment methodology to guide University business units through the process of gathering information about a proposed cloud solution. It will help in the assessment of: the sensitivity of the information, the consequence of its compromise, and the acceptable level of risk. These assessments will help to determine if the risk of moving information to a community, hybrid, or public cloud is reasonable given the identified return on investment.
For any cloud service, a Threat and Risk Assessment and Privacy Impact Assessment will be performed to determine the overall risk exposure to the University. Information on how to perform this process is available from the Privacy Office or from IT Services. Once the risk is understood along with an appreciation for the total cost of ownership, an appropriate business case can be developed to guide the cloud service decision process.
Next section: Next Steps