From Transformation to Security: The Evolution of Cardinal Cloud

Stanford’s use of the public cloud has grown substantially in recent years. Unfortunately, along with the many benefits come multiple and unique cybersecurity threats. To meet the challenge, we’re evolving the Cardinal Cloud program with the launch of Cardinal Cloud Security.

The next phase of our cloud journey

Cardinal Cloud Security will focus on solutions, initiatives, and best practices designed to safeguard Stanford’s digital assets and intellectual resources in the public cloud. This includes:

• Simplifying how those who use Cardinal Cloud secure their account configurations and technology resources — to protect the integrity of our data and prevent cybercrime.
• Building out and promoting compliance frameworks that feature built-in security, like the Cybersecurity Maturity Model Certification (CMMC).
• Establishing clear and accessible guidance so organizations can better manage their use of Infrastructure, Platforms, and Software-as-a-Service cloud tools.

A little history and context

Today, we use Cardinal Cloud to refer broadly to the University IT (UIT)-managed Amazon Web Services (AWS) and Google Cloud Platform (GCP) services that enjoy billing convenience, cost savings, guardrails, and integrations. But to get here, our cloud program transitioned through several phases.

In late 2016, we launched our Cloud Transformation program. Back then, we were looking to ready our organization’s skills and practices to prepare practitioners for the proficient adoption of cloud computing.

We brought the program into its next phase in 2020 with two significant changes. For starters, we gave this multi-year initiative a name: Cardinal Cloud. Next, we began to shift the emphasis from transformation and readiness to cloud enablement and adoption. During this phase, we helped to optimize cloud use and minimize spend by:

• Securing enterprise discounts to reduce the cost of cloud computing.
• Structuring our AWS and GCP accounts into enterprise-scale managed organizations.
• Streamlining the process to integrate the cloud with SUNetIDs and the campus infrastructure.

(If you’re paying for a standalone retail account using a P-Card, or if UIT didn’t originally provision your account, you’re not using Cardinal Cloud and you’re missing out on some great benefits.)

The third evolution

The Cardinal Cloud Security program has a permanent home within Stanford’s Information Security Office. Led by Noah Abrahamson, Stanford’s first director of Cloud Security, it sets the stage for Stanford’s future journey to the cloud.

“Cardinal Cloud gave us the building blocks we needed to increase adoption. We’re now ready to evolve the program to the next level to focus on making the cloud easier to use and safer to secure,” said Abrahamson.