Cloud storage services
Cloud storage services are great for transferring large files, accessing files remotely and working collaboratively with others.
We recommend you use these approved services depending on what you want to do.
Transfer sensitive files
For example, files that can’t be sent by email for contractual reasons such as restricted research data.
Access files remotely
Departments should not approve expense claims for unapproved software and services.
The University incurs significant costs to provide staff with approved cloud storage, file transfer and collaboration tools, as well as appropriate security tooling to monitor and protect University systems and data.
Dropbox and other similar services are not approved for storing University data and must not be used. (As such, Dropbox installations are no longer approved as standard.) This is because:
- To comply with the UK GDPR and Data Protection Act 2018, the University must have appropriate contracts with third-party providers who handle personal information (eg student grades, staff details and research data). Free or ‘personal’ software licences are often insufficient in meeting these requirements. Staff should not enter into agreements with vendors on behalf of the University without the approval of Procurement, Legal and IT Services.
- Dropbox doesn't work with our approved methods for user authentication (eg single sign-on), user management and access control. This increases the risk of unauthorised access (eg staff who have left the University) and unnecessary data retention. It also makes the University's password policy unenforceable, increases the risk of password reuse, and bypasses the required two-factor authentication, implemented to safeguard University data.
- IT Services has limited control of external services, which is challenging for business continuity and disaster recovery (eg in the event of data loss, illness and staff turnover). It means we're unable to detect suspicious login activity, prevent unauthorised access, or perform subsequent security investigations.
If you believe you have an exceptional circumstance, you must get approval from Cyber Security before using an unapproved external service. To discuss your circumstance, please contact IT Support.