P4. Security and data governance policies are applicable to the cloud
The same security and data governance practices that would apply on premises apply in the cloud. All Virginia Tech-owned accounts on all public cloud providers should be treated as an extension of the Virginia Tech network.
Policy 7010 (Policy for Securing Technology Resources and Services) applies to any technology resource or service that:
- Is owned or managed by the university;
- Is connected to the university network;
- Connects to another university technology resource or service; or
- Stores university data or information.
This policy applies whether the network connections are remote or campus-based. (emphasis added)
Additionally, University Policies for Data Access Controls and Classifications apply equally in cloud environments as they do on-premises. University Policy 7105 and Policy 7100 are the foundations of data governance at Virginia Tech, elaborated by standard operating procedures, and guidelines. Control over data hosted in public cloud environments must be structured in a manner that retains the roles and responsibilities outlined in these governance policies.