Websites are an important method by which the various schools, departments, labs, researcher teams, faculty, and staff communicate information with both the outside world and within the University community. While these sites provide valuable information, if not properly maintained, the integrity of the sites can be compromised. Website compromises can included: malicious redirects, malware infections, data theft, spam and ads, and defacement or content changes.
The risks of a compromised site can range from a negative impact on a site and it’s owners reputation to a data breach which could impact a research team’s ability to recruit participants or even continue the project.
In order to reduce the risks of compromised sites, the University requires the options in the chart below be used to host websites.
Using these options provides better security controls and monitoring, ensures sites are scanned and updated, and can lead to quicker response times in the case of incident.
|
Hosting Option
|
Use Case |
Public |
Private |
FERPA
Non-Directory
|
GLBA
|
HIPAA |
NIST 800-171
CUI
|
PCI DSS |
CampusPress
(Standard sites) |
EWI replacement:
For individual faculty websites and units
|
Yes |
Yes |
No |
No |
No |
No |
No |
OpenScholar
(Premium sites) |
EWI replacement:
For centers, institutes, and larger research labs
|
Yes |
Yes |
No |
No |
No |
No |
No |
Pantheon
(Custom sites) |
EWI replacement:
For schools and departments requiring custom features or enhanced performance
|
Yes |
Yes |
No |
No |
No |
No |
No |
| Azure App services |
Only for web-enabled applications in which the application webpages are not separable from the application code, or restricted data types that cannot be hosted on CampusPress, OpenScholar, or Pantheon. Supports .NET, Java, Node.js, Python, and PHP |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
| Azure Virtual Machine |
Only for web-enabled applications that cannot be hosted on Azure App Services, or sites that work with restricted data types that cannot be hosted on CampusPress, OpenScholar, or Pantheon. Preferred for Windows based web servers, but can also run Linux. |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
| Amazon Web Services (AWS) EC2 |
Only for web-enabled applications in which the application webpages are not separable from the application code, or restricted data types that cannot be hosted on CampusPress, OpenScholar, or Pantheon. Should only be used to host Linux based web servers. |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
Google Cloud
Platform (GCP)
|
Not a standard offering for web hosting and is managed by Burwood. Should only be used if Azure and AWS are not viable and with security's approval. |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
| Enterprise Web Infrastructure (EWI) |
Being Decommissioned.
Should not be used unless it is the last option for public or private data. |
Yes |
Yes |
No |
No |
No |
No |
No |
| Departmental Server Hosted |
Only for web-enabled applications in which the application webpages are not separable from the application code, or restricted data types that cannot be hosted on CampusPress, OpenScholar, or Pantheon |
Yes |
Yes |
Requires
Security
Approval
|
Requires
Security
Approval
|
Requires
Security
Approval
|
No |
No |
| Andrew File System |
Not approved for use. |
No |
No |
No |
No |
No |
No |
No |
| Oracle Cloud Infrastructure (OCI)
|
Hosts the Human Resources sites only.
Not approved for other uses.
|
No |
No |
No |
No |
No |
No |
No |
Other Third-Party Hosting
(Wix, GoDaddy, Squarespace, etc.) |
Not approved for use. |
No |
No |
No |
No |
No |
No |
No |