U8: All devices (including desktops, laptops and mobile devices such as smartphones and tablets) storing or processing confidential information must meet Harvard device protection requirements.
D4: Client applications on the device which might be used to access or transfer confidential information must be configured to protect their communications.
SA3: Communications between servers or applications and client machines must be protected, whether these servers are managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).
SA4: Communications between servers or applications must be protected, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).