To an extent yes, but that doesn’t cover the risk of loss etc, one can always use one’s own encryption with other services. Services such as Dropbox and Box, onedrive, Google etc, are very convenient and often more secure than many in house services used by academics, but they do not provide the level of guarantee I think is needed for high value and high sensitivity data. That needs more sophisticated management and so more tailored cloud services. These are already available from some of the well know repository software suppliers.


John K. Milner

Mail to: [log in to unmask]


From: Research Data Management discussion list [mailto:[log in to unmask]] On Behalf Of Jeremy Harrington
Sent: 31 July 2015 08:35
To: [log in to unmask]
Subject: Re: Advice on cloud services



Box does claim higher security than other cloud file services (encryption specifically).  You don’t regard that as providing any greater comfort?


Jeremy Harrington | IT Director

The Institute of Cancer Research | 15 Cotswold Road | Belmont | Sutton | Surrey | SM2 5NG


Tel: +44 (0)208 722 4055 | Mob: +44 (0)7919 282029

Email:  [log in to unmask] | Web: |

Please follow us on Twitter: @ICR_London : Facebook:


Making the discoveries that defeat cancer


From: Research Data Management discussion list [mailto:[log in to unmask]] On Behalf Of John Milner
Sent: 30 July 2015 18:04
To: [log in to unmask]
Subject: Re: Advice on cloud services


There are some more complicated issues here. One drive is just a lump of storage oftentimes associated with O365 and I reckon is to be treated much like you'd treat the hard drive on a laptop, but bigger and more reliable, we hope, with the added benefit of being able to share it more easily.


Services like Dropbox and Box are similarly designed as convenient dumping and sharing grounds and I don't yet see them as suitable resting places for high value high sensitivity data.


If you are going to store high value high sensitivity data then you need to have infrastructure as a service in the cloud and this really implies having an institutional repository built in the cloud, which may well be more cost effective and scalable than having in house hardware, but requires the same level of careful design and management.



Sent from my iPad

On 30 Jul 2015, at 17:53, Tim Banks <[log in to unmask]> wrote:

The University of Leeds staff terms and conditions for use of OneDrive can be found here:


The main clause of interest is:

18. In accordance with the University’s Information Security Policy, Highly Confidential information must not be copied to or stored within the Service unless encrypted and then only for the shortest period necessary for business operations.

(we do permit the storage of ‘confidential’ data in OneDrive).


Definitions of data types along with some examples can be found in the Information Protection Policy:




Faculty IT Manager, IT

University of Leeds


From: Research Data Management discussion list [mailto:[log in to unmask]] On Behalf Of Jill Evans
Sent: 30 July 2015 16:16
To: [log in to unmask]
Subject: Advice on cloud services


Dear All


I’d really appreciate some advice/opinions on cloud services.  In particular, has anybody changed, or is thinking of changing, the advice they give researchers on use of cloud services for storing data?


IT here has recently implemented OneDrive for Business which gives researchers a massive amount of storage space with data guaranteed to be held on EU servers.  Cloud is fine, indeed wonderful, for many types of data, for sharing and working collaboratively, etc., but I’m still pretty much of the opinion that it shouldn’t be used for any extremely sensitive data where there is an implicit risk to confidentiality or reputation, and so on.


I have noticed some more relaxed attitudes to cloud-based services recently in the UK and elsewhere but I am still telling people not to use cloud for sensitive data and if they do store data in the cloud, back up to a different location.  This is somewhat in conflict with what IT would like. 


I would happily change this advice but I would like some reassurance that new practices are: 1) endorsed by the RDM community 2) comply with funder requirements (almost certainly they would not) 3) underpinned by legislation (I understand a new European DPA is under discussion which may provide specific guidance on cloud).


At the risk of sounding naïve or uniformed, if considering using cloud for sensitive data, does encryption and restricting access make it OK now?  I can’t imagine telling some of our Health researchers to put all their data in the cloud…maybe I’m just hopelessly behind the times but alarm bells are ringing.


Thanks and best wishes




Jill Evans

Research Data Manager

University of Central Lancashire

Research Office

Greenbank Building




01772 894033


[log in to unmask]

[log in to unmask]

Follow @UCLanRDM on Twitter for the latest news and events

Research at UCLan: 



The Institute of Cancer Research: Royal Cancer Hospital, a charitable Company Limited by Guarantee, Registered in England under Company No. 534147 with its Registered Office at 123 Old Brompton Road, London SW7 3RP.

This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer and network.