Information Technology Services

Home » CloudLock


Protecting your data and the university’s data is important to UNCG. To better protect these data, UNCG uses CloudLock, a cloud security service. Information Technology Services (ITS) administrates this service.

CloudLock scans cloud storage services like Google Drive and Box to guard against inadvertent exposures and ensure data security.

CloudLock checks data patterns and file permissions to determine if there might be a security risk. (Note: This is an automated process; ITS will not be reading your files.)

When CloudLock identifies a file that may contain sensitive data, such as Social Security numbers and credit card data, it generates an alert. In August 2017, ITS will begin sending an email notification to the faculty or staff who owns the file that generated the alert.

The email will include:

  • Information about the identified file(s), e.g. filename, URL, date it was detected.
  • Suggestions as to next steps you should take.

Different Levels of Sensitivity and Risk to be Identified by CloudLock

If you work with university business, academic, and research data, you should be aware that the data is subject to the University's Data Classification policy. This policy defines four categories of data based on sensitivity and risk: High, Moderate, Low, and Minimal.

Storage requirements have been established for each category of data. See details at University Data Storage Requirements.

It is important that you 1) determine the proper category of data you wish to store and 2) use the approved storage service(s) for that data category.


  • Social Security numbers (High Risk data) in a spreadsheet in Google Drive.
    • The file owner will be notified that Google Drive is not approved for High Risk data.
    • If the file owner needs to keep the file, they will be asked to move the spreadsheet to Box or another data storage service approved for High Risk data.
  • Social Security numbers or FERPA information (High Risk data) in a spreadsheet in Box that is shared with users outside of UNCG.
    • High Risk data is allowed in Box, but sharing that data outside of UNCG may not be allowed by the data steward responsible for that data.
    • The file owner would be notified and asked to verify that the group of users who have access and the folder settings are correct.
  • Press release (Minimal Risk data) in a spreadsheet in Google or Box.
    • No notification would occur as both Google Drive or Box are approved storage services for Minimal Risk data.