Spinup Self-Service portal now approved for sensitive data

November 15, 2018

Cloud computing is especially useful for deploying small to large computing environments quickly (minutes) for use on an array of computing problems. Last Year, Yale ITS developed a Spinup Self-Service portal, which allowed faculty, staff, and graduate students an easy, user friendly, interface to Amazon Web Services (AWS) for deployment of cloud computing environments. While helpful to many across campus, it could only be used with low risk data. Now, Yale’s Spinup is approved for moderate and high-risk data, allowing nearly everyone the ability to quickly deploy computational capability for their particular needs.

Not sure of your data risk classification? When creating a Spinup “space” to house resources, a new built-in questionnaire helps the individual determine the data classification. Based on the computed data risk level, Spinup automatically enables additional security measures as needed. If it is determined that the space is for moderate or high-risk data, the individual must agree to the Spinup Sensitive Data Agreement. This agreement explains the Spinup Shared Security Responsibility Model and defines which security measures are provided and which are the individual’s responsibility.

Why not just use AWS directly? Cloud servers, suitable for sensitive data, deployed via Spinup, have many advantages over those deployed from cloud providers’ portals (at the same cost) including:

  • There is no need to learn complex cloud platform specific processes, procedures, and terminology.
  • Servers are located behind Yale’s enterprise firewall, offering:
    • Protection from malicious actors
    • Access to Yale services, e.g., mail, Active Directory, Storage@Yale
  • Operating system patches are automatically and regularly applied.
  • Spinup servers are assigned Yale Internet Protocol (IP) addresses and registered with Yale’s Domain Name Service (DNS).
  • Spinup provides security enhancements such as Multifactor Authentication (MFA), disk encryption, industry standard hardened operating systems, and centralized logging.
  • Spinup includes user compliance/attestation enhancements.