Off-Campus Internet-based Computing Services represent a growing variety of services available on the internet. Such services can be useful to SVSU in its administrative pursuits.
Internet-based computing is a general term used to include a variety of computing and information services and applications run by users across the Internet on the service provider's systems, instead of run "locally" on personal computers or campus-based servers.
Definition: These Internet-based services are sometimes called:
Some examples of these Internet-based services range from Google Apps to Microsoft Live services, and YouTube. As of early 2009, Internet-based services are still an early and somewhat immature business model. Because of heated competition in this space, we can expect considerable innovative investment will be focused here. Many Internet-based services are offered free or at very low cost in order to attract and compete for user volume. Several such systems are already in use by administration.
Almost all decisions to use Internet-based applications are made by individual departments. The content the department enters into the service may involve sensitive data, or valuable intellectual property, or institutional business records. The service may play a key role in the execution of an important business process, such as processing or storing University business records. The University has a vested interest in protecting business processes against unwanted disruptions, and protecting intellectual property and sensitive data against loss or unauthorized access and use.
When contracting for an Internet-based service the Department must document that the vendor adequately addresses the following items::
Transfer of license:
Security, Privacy, and Authentication:
Non-negotiated changes to the service:
Non-negotiated changes to the business model.
Data formats: -
The following risk analysis steps can be helpful to determine the appropriateness of using a Internet-based service. The analysis is designed to help identify potentially appropriate uses by eliminating the riskiest use cases, based on the types of data intended to be deployed in using the service. The triage also identifies ethical issues worth consideration.
When you are not sure, ask If you are unsure about a choice regarding Internet-based, please do not hesitate to contact the Executive Director or Director of Information Technology Services.
Off-Campus Internet-based (hosted/blended) Systems
SVSU uses a simple form of federated authentication that protects SVSU passwords by making it unnecessary for SVSU users to expose their passwords to the Internet or 3rd party remote servers.
When it comes time to authenticate at a remote site, the 3rd party remote server forms a call to SVSU, containing the session identifier and USER ID required for authentication. (HTTP GET redirect or HTTP POST auto-submit form)
The process of authentication at SVSU is carried out.
After the authentication is finished at SVSU, the user is sent back to the 3rd party remote server with an additional proof of the fact that the authentication was successful (token or hash). The server receives and verifies the proof. Upon successful verification, the user can continue with the service offered by the 3rd party server.