Security Considerations for Cloud Services

Georgetown University Information Services (UIS) is ensuring that all third-party cloud hosting vendors are approved and authorized for any cloud hosting services, Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) or any other option of cloud hosting services. Third-party cloud hosting vendors must go through technical review and approval process before employing its services or gaining access to University technology assets, data, systems, servers, and networks. 

Technology functions, applications and services that are widely available through cloud providers or “software as a service” (SaaS) and available for low or no cost often require individual users to accept end-user license agreements in order to access the application or service. These agreements serve as the software terms of use and often fail to address the required protections for Georgetown data; therefore, technology vendors must participate in technical reviews before starting any new or renewing any contracts or agreements with the University for cloud services.