Can Cloud Service Providers Read/Access Data Stored Within Their Service?

Overview

A question we frequently receive is whether the service provider offering the cloud storage solution are technically capable of reading files stored on that service.

The University of Alaska supports cloud services hosted by Google and Microsoft. A summary of their access to customer data is provided below.

Microsoft

  • Encryption of data in transit: All communication between the customer and the service is encrypted across the Internet using Transport Layer Security (TLS) connections. All TLS connections are established using 2048-bit keys. All communication between the service provider's data centers, typically for geo-replication to facilitate disaster recovery, is transmitted using a private network and further protected with best-in-class encryption.
  • Encryption of data at rest: All data is encrypted twice. First using Microsoft BitLocker for disk-level encryption, and second per-file encryption of customer content. Additionally, every update to every file is encrypted using its own encryption key. Before they're stored, the keys to the encrypted content are stored in a physically separate location from the content. Every step of this encryption uses Advanced Encryption Standard (AES) with 256-bit keys and is Federal Information Processing Standard (FIPS) 140-2 compliant. Furthermore, file-level encryption relays on three separate components - blob store, content database, and the key store - that are physically separate. All three are required to decrypt a file, information held in any one of the components is unusable by itself.
  • Access to data by service provider employees or contractors: Microsoft limits physical access to its datacenters by both outer and inner perimeters with increasing security at each level. By default Microsoft personnel, and subcontractors, do not have default access to any cloud stored customer data. Access to customer data is restricted on business need by role-based access control, multifactor authentication, minimizing standing access to production data, and other controls. All access to customer data is strictly logged and regular audits are performed to attest that any access is appropriate.
  • Access to data by service provider automated processes: 

 

Additional Reading

 

Google

  • Encryption of data in transit: All communication between the customer and the service is encrypted across the Internet using Hypertext Transfer Protocol Secure (HTTPS). Google encrypts Gmail (including attachments) and Drive data while on the move. This ensures that your data is safe not only when they move between you and Google's servers, but also as they move between Google's data centers.
  • Encryption of data at rest: Customer data that is uploaded or created in some G Suite services is encrypted at rest. Gmail messages and attachments, Calendar events and descriptions, Google Drive files and Contacts are all encrypted at rest. For a detailed list of services and which data is encrypted at rest please review Google's Cloud Help Security document. Please note that not all services provided by Google (e.g. YouTube) encrypt data at rest.  
  • Access to data by service provider employees or contractors:
  • Access to data by service provider automated processes: 

 

Additional Reading

 

Need additional help or have issues

For support, requests may be submitted anytime by Requesting Support for the Enterprise File Storage service. Support Requests are worked by Priority based on the Impact and Urgency of need as well as the order they are received by the IT Employees with the knowledge and permissions to assist with the request.

For immediate assistance please review the Contact IT page for ways to contact the appropriate support group.

Print Article

Details

Article ID: 94
Created
Mon 4/20/20 8:18 AM
Modified
Wed 7/13/22 7:35 AM

Related Articles (7)

Get Started with Google Drive
UA Google Drive is the University of Alaska's branding of Google Drive, an online service that provides resources for file storage, and collaboration with other individuals. Google Drive is a personal document and file storage hub. It's easy to upload, download, and share files. You can also create, view, and edit Google Docs, Sheets, and Slides documents online.
Get Started with Microsoft Teams
Microsoft Teams is a unifying experience that brings together people, conversations and content—along with the tools that teams need—so they can easily collaborate to achieve more. It’s naturally integrated with the familiar Office applications and is built from the ground up on the Microsoft Office 365 global, secure cloud. This article will help you learn more about what Microsoft Teams is, how to use it, and how it will benefit you in your daily computing needs.
Get Started with OneDrive for Business
OneDrive for Business is a personal document and file storage hub. It's easy to upload, download, and share files. You can also create, view, and edit documents online using the integrated Office Online applications, Word, Excel, and PowerPoint. For those times you need the complete set of Office features, you can open your files in the full version of the applications and save them to your hard drive or back to the cloud.
Overview of SharePoint Online
SharePoint Online is one of the underpinning technologies of Office 365 and allows individuals and groups to easily create a wide variety of ways to share information as well as tracking and collaborating on projects. SharePoint Online offers many out of the box features to help individuals share, organize and discover information which is relevant to a department, team or project.
Sync SharePoint Files with the OneDrive Client
This article will assist you with syncing SharePoint Online files to a folder on your computer where you can work directly in the Mac Finder, or Windows File Explorer to access the files even when you're offline.
Where Should I Save Files
There are many considerations you should take into account when you're saving the file you've been working on for hours. Most of the time we simply hit save, and call it a day. However, every file you create is different. Read on to find out more regarding storage options for individual, and group access, and a quick comparison between various storage services available to the university community.