Cloud Services and Research

Cloud services are used increasingly often in research. Whether accessing the cloud service via a website or from app on a mobile device, the interactions and data stored in the cloud service must be secured and protected. For any security cloud service (and the data stored by the vendor), Texas A&M University has a minimum-security threshold, and depending upon the data classification (from the State’s perspective), the State may have more stringent requirements. TAMU IT Risk & Compliance can help to determine applicable requirements.

First though, check to see if the cloud service has previously been reviewed by going to https://tools.it.tamu.edu/community/tools/reviewed-cloud-services.php and looking through the listing of Reviewed Cloud Services. The State also has a listing of TX-RAMP-certified cloud services. If a cloud service is listed in either listing, there’s a good chance that so long as you use the enterprise version (e.g. not the free version), that it should meet security requirements. To ensure this, work with your local IT personnel and email TAMU IT Risk & Compliance at it-security@tamu.edu for assistance.

The Texas Risk and Authorization Management Program ("TX-RAMP") provides a standardized approach for security assessment, certification, and continuous monitoring of cloud computing services that process the data of Texas state agencies. The process to determine what may need to be TX-RAMP certified and getting TX-RAMP certified can be daunting, but TAMU IT Risk & Compliance can help navigate this process with you and the vendor.

A word of caution though- if a vendor does not wish to go through the TX-RAMP certification process, or even the simpler TAMU Cloud Service Review process, the cloud service cannot be used. That is a vendor decision. Not a TAMU decision. Similarly, if a vendor is slow to respond, or doesn’t respond to emails and/or calls, that too is a vendor decision.

• Qualtrics – [TAMU’s enterprise-licensed] Qualtrics is a secure, university-approved online survey platform that allows users to design, distribute, and analyze surveys. It includes features like response prevention controls and meets data security requirements not found in free alternatives. Note that while Qualtrics is not approved for HIPAA data, TAMU’s REDCap is (see next bullet). For more information, visit the TAMU Qualtrics. If you already have a TAMU Qualtrics account, login at https://qualtrics.tamu.edu/.
• REDCap – TAMU’s implementation of REDCap is a secure web application for building and managing online surveys and databases for research data collection. It provides a no-cost, flexible and secure method to collect data. REDCap can be used to collect virtually any type of data, including 21 CFR Part 11, FISMA and HIPAA-compliant environments. It is specifically geared to support online or offline data capture for research studies and operations. For more information, visit TAMU’s REDCap.

• TAMU Reviewed Cloud Services
• TX-RAMP Certified Cloud Services
• Cloud Computing Policies
• TAMU Qualtrics
• TAMU REDCap
• TAMU IT Risk & Compliance email address for cloud service review questions: it-security@tamu.edu 

AI cloud services are being leveraged in research more often. They, like any other cloud service, require security review and possible TX-RAMP certification depending on the data going into it. Texas A&M University System has a regulation specifically for AI, TAMUS SAP 15.99.08 "Artificial Intelligence in Research". It states that "…open-source or public AI tools and platforms should not be used…" and "…only AI platforms and tools that have a contractual agreement in place with the system and/or a member, and technical controls to protect data shared with or processed by the AI platform or tool, may be used…"

TAMU has several AI services to interact through TAMU AI Chat. TAMU AI Chat provides staff, faculty, researchers, and students with a secure, university-approved platform to access multiple artificial intelligence (AI) tools like OpenAI’s GPT, Anthropic’s Claude Sonnet, and Google’s Gemini. This platform enables users to efficiently complete tasks, brainstorm ideas, analyze data, and engage in various other productivity-enhancing activities. All [research] data stays within TAMU’s AI service. 

Visit TAMU AI Chat for more information.

To aid researchers, TAMU Technology Services has created helpful comparison for approved AI services. Visit Texas A&M AI services comparison chart for more information.

The State of Texas has determined that certain hardware, software, and applications are prohibited technologies. DeepSeek AI is considered listed as a Prohibited Technology. As such, DeepSeek cannot be used. Not only can the cloud version not be used, but TAMUS has determined that this extends to the local/open-source version as well. Visit TAMUS Cybersecurity Updated Prohibited Technology Guidance for more information.

For questions regarding AI contact: aichat@tamu.edu

• Texas A&M AI Services
• TAMU AI Chat
• TAMUS AI Framework
• Texas A&M AI Services Comparison Chart
• Texas A&M University System SAP 15.99.08 "Artificial Intelligence in Research"
• Texas Covered Applications and Prohibited Technologies
• TAMUS Cybersecurity "Updated Prohibited Technology Guidance"
• Email aichat@tamu.edu for AI-related questions