Cloud Technology Forecast: Sunshine with Change of Showers: Keeping Universally-Accessible District Information Safe
Asher-Schapiro, Avi, District Administration
Cloud computing is taking K12 by storm with fully 90 percent of K12 institutions relying on or implementing cloud technology in 2012, according to the Consortium for School Networking (CoSN). District CIOs are under increased pressure to cut costs and keep up with the latest technological trend, and implementing the cloud is an easy fix. According to a recent report released by Lenovo and Intel, What IT Leaders in K12 Need to Know about Cloud Computing, cloud technology can save districts up to 25 percent on IT costs within the next five years by outsourcing network maintenance and allowing schools to access low-cost or free educational software.
Like any new technology, however, the move toward the cloud carries risks, especially when it comes to privacy and security. "Whether you are a school district, Coca Cola, or the Department of Defense, you have to assess how cloud computing affects the confidentiality, integrity, and availability of your data," says Taiye Lambo, founder of CloudeAssurance, a private cloud security consultancy. For school district leaders who store confidential information, including students' addresses, health records, tests scores, and photos on the cloud, ensuring that it is both secure and accessible is especially important.
Diverse Cloud Options
It is often difficult for CIOs to parse the security implications of cloud-computing because the cloud refers to a wide range of remote-server options, offering a vast array of services, all of which carry different levels of security risk. For districts, cloud computing options fall roughly into two categories: software-as-a-service (SaaS) and storage as a service (STaaS). Both services are becoming commonplace as districts move toward 1:1 technology-to-student ratios. "Districts are increasingly looking toward SaaS technologies that enable collaboration so that students and teachers can access software, communicate, and collaborate," explains Stephan Braat, general manager for cloud solutions at CDWG, an IT products and solutions provider working with over 8,000 districts nationwide. "At the same time, there is also need for STaaS so districts can house and store that information and data."
In addition to the SaaS/STaaS distinction, districts must choose whether to rely on district-run clouds, cloud consortiums, or private vendors. While setting up a private cloud housed on district servers allows CIOs to personally monitor the cloud and take charge of security, it misses out on the savings of outsourcing IT responsibilities. Cloud consortiums allow districts to pool resources and build a common cloud that is secured and monitored by district employees. Although increasingly popular, consortiums are not an immediate option for all districts, since they require long-term planning and coordination.
According to CDW-G, private cloud vendors, which manage cloud storage and security externally, are increasingly dominating the K12 market. Over 40 percent of districts now rely on Google Docs and Gmail for data storage and communication. At the same time, an increasingly diverse group of vendors are offering cloud services to districts, including: Amazon, Lenovo, Microsoft, Apple, and a host of smaller boutique firms.
If a district opts for an external cloud vendor, CIOs should be prepared to take on a degree of risk. "The biggest thing CIOs are struggling with is that, in reality, external cloud solutions don't allow for any internal control. Everything is on the side of the solution providers," says Ramiro Zuniga, an independent expert on cloud security and CIO of Port Arthur (Texas) ISD serving 10,000 students.
Since external cloud vendors house and maintain all data in the cloud, CIOs relinquish authority to change network settings or troubleshoot. According to Zuniga: "That puts CIOs in a precarious situation if data are lost or breached. …