University of Delaware Public Cloud Memorandum of Understanding (MOU)

Introduction

Public Cloud platforms are highly integrated shared computing environments. While they can have the highest levels of security applied, they also can be designed to be completely open. If you use these systems, it is important that you, the requester, understand your responsibilities to the University, and to anyone who has interest in the data you will store and process. This memorandum of understanding (MOU) covers the agreement between the department requesting access to UD approved cloud platforms, and UDIT. 

Approved Cloud Platforms

At this time, the University of Delaware has approved the following public cloud platforms:

  • Google Cloud (GCP)
  • Microsoft Azure

This approval only covers environments with a centralized chargeback method and identity access management. Designing systems in the cloud is the responsibility of the requester. Public cloud platform providers use their own terms/branding for items which are largely the same, and this can cause confusion. In this document, “Azure Subscription” and “GCP Billing Account” are considered equivalent.

Data Storage

Data stored in a cloud platform must be treated similarly to data stored in an on-premise system. Adherence to the Data Governance & Security Program (DGSP), and any updated versions, is incumbent on the requester. While it is possible to design a system in a public cloud that adheres to a variety of data standards, systems must be planned out thoughtfully and the Requester Responsibilities must be followed.

Financial Note

At the time of request, a single purpose code must be provided. UDIT will automatically bill this account for anything that occurs within that subscription. This code may be provided for multiple subscriptions; however, only one line item monthly invoice will be generated. It is up to you to split and JV across that code from any sub projects. Use of a basic budget is recommended. Money is spent on actual service use, and the provided purpose code will be billed for any usage. UDIT will not “cover” unanticipated costs due to user error. We recommend that you pay close attention to your active spending. The platforms have budgetary tools to alert you to any over spending. We encourage their use in the strongest of terms.
 

What Is Provided

After a cloud provider service has been approved, UDIT will provision and provide the access below for the approved service:

Azure Subscriptions

Azure subscriptions are established with a vnet that is peered to a hub vnet with VPN access to campus. The vnet will be set to use campus DNS. An initial subnet is also created that has its network routed through the hub Azure Firewall. The hub subscription contains a WIN Active Directory Domain Controller and an Azure Firewall. The requester will be provisioned with the owner role in the subscription.

GCP Billing Accounts

GCP Billing Accounts are provisioned with the requester as owner of the project. No other services are initially configured.

Meetings

  • UDIT holds monthly meetings to discuss common topics and issues with these cloud environments. The requester or a designee is required to attend these meetings on a regular basis. 
  • UDIT also maintains a Microsoft Team for notifications of immediate issues, along with general discussion. IT Pros that are associated with an Azure Subscription or GCP Billing Account will automatically be added to this team. IT Pros can send a message to askit@udel.edu to request that others who are associated with the Azure or GCP service be added to this team.
  • Changes will be announced via standard change control methods.
  • Many vendors and organizations provide regular meetings focused on public cloud storage education. These training are useful for keeping your knowledge of a rapidly changing cloud industry current. You are encouraged to attend these.

Training and Education

UDIT does not provide education on the use of these public clouds. This is your responsibility. Please seek appropriate training.

Requester Responsibilities

  • You must be an IT Professional to submit the Cloud Platform request. An IT Professional must be associated with every subscription.
  • You understand the data classification set forth in the DGSP.
  • You agree to follow the DGSP and other appropriate UD and UDIT policies, including OCM branding and Information Security Policies.
  • A Technology Request is still needed when creating solutions in the public cloud services.
  • You understand and agree to fiscal responsibility regarding this service.
  • You agree to attend the monthly UDIT cloud storage meetings on a regular basis or have your designee attend on your behalf. A regular basis will be defined as at least once a quarter.
  • You will identify Data Stewards for any data you store or process and obtain their approval prior to using such data.
  • You will refrain from using approved cloud platforms to create shadow systems or duplicative services.
  • You are responsible for the security of the subscription. If you provide others access to perform actions, it is incumbent on you to limit access appropriately and ensure that roles are understood.
  • You agree that failure to follow these responsibilities may result in suspension of the service.
  • You understand that the MOU may be adjusted at a later date with notification. Continuation of service will need you to sign the new MOU.
Print Article