S1. Comply with Virginia Tech Minimum Security Standards

A core principle of our approach to the public cloud is that it should be treated, from a security standpoint, as an extension of the Virginia Tech technology infrastructure. All security policies and standards that apply on-premises therefore apply in the cloud.

The Information Technology Security Office (ITSO) publishes Minimum Security Standards³. While these standards are sometimes expressed in terms of "servers" with the tacit assumption that the application is deployed in a traditional manner on local infrastructure, service owners should make a good faith effort to interpret these standards in the context of public cloud deployments and act accordingly.