Improperly configured cloud-based systems lead to privacy and cybersecurity incidents. To reduce or eliminate these issues, UIT will implement technical guardrails, establish monitoring, and build organizational expertise to prevent and/or detect misconfiguration of cloud-based systems used by Stanford.
This is pursuant to the university’s established comprehensive cloud security strategy.
- SaaS/PaaS Security — Periodically offer platform-specific security training for two or more key platforms (e.g., Salesforce, ServiceNow)
- IaaS Security — Conduct proof-of-concept of native cloud security tools in AWS and GCP that provide the ability to prevent and/or detect configurations that may lead to privacy and cybersecurity incidents
- IaaS/PaaS Security — Implement activity logging across centrally managed AWS and GCP instances as well as key PaaS platforms