Encryption for cloud storage

Many people are now making use of third-party Cloud Storage services such as Dropbox, SkyDrive, Google Docs and other similar services, offering convenient access to your data from a number of different devices.

If you are using, or considering using, one of these services, you must also consider whether you need to take steps to protect any data that you upload, by encrypting it before uploading. (In the terms of these services, uploading can mean putting it into the local directory used by the client application for synchronising changes. E.g. the Dropbox folder in your home folder).

Check whether any University data you intend to upload meets the definitions of medium or high risk data according to the Records Management policy on Personal and Sensitive Business Data.

You must protect any medium or high risk data which you upload to a third-party host, by use of encryption software, or risk the University being in breach of the Data Protection Act.

Some Cloud Storage providers may not allow the upload of pre-encrypted data to their service, therefore you should carefully check the terms of service, and only use those services which allow this functionality, for storage of sensitive University data.

Points to be aware of

  • There is often no guarantee of where in the world the data resides once uploaded, compliance with UK data protection requirements should not be assumed.
  • Data may not be transmitted securely to the cloud, particularly when using third-party utilities common on smartphones.
  • Storage providers do close; make sure that it is not the only location for your data.

Alternatives to Cloud Storage

Alternatives include using encrypted USB drives for data transfer, or use of the UoE centrally provided network storage, and accessed via remote access facilities such as Windows Remote Desktop, or Apple Screen Sharing for remote working

Accessibility menu