‘Cloud’ computing is becoming a part of everyday life in a rapidly changing digital world. Education Gazette explains how the cloud works, how N4L will help, and explores cloud computing privacy implications for schools.
The implications and opportunities arising from working, playing, and learning ‘in the cloud’ are something that schools and educators need to be increasingly aware of. This is particularly important as Government initiatives such as the creation of a fibre network for schools, internal school network upgrades, and the impending rollout of Network for Learning’s (N4L) managed network make affordable, quality, fast internet connections a reality for more and more schools.
You may have been using the cloud for years, but perhaps didn’t realise it. If you’ve used Facebook or streamed a video online, you’re interacting with the cloud. In fact, as Neil Melhuish from Netsafe, a non-profit organisation working toward a safer and more secure online environment and designated Ministry of Education agent of choice for internet safety education, puts it, the cloud could be thought of as simply a re-branding of the internet.
“If you’ve used Facebook, banked online or anything similar, you’re in the cloud. All that’s really happening is that modern data transfer speeds have made it cost-effective and reliable to the point that people can effectively use off-site storage and software that isn’t actually on your computer.”
If your school is already working in the cloud, or thinking about doing so, the advantages and drawbacks outlined below may be relevant to you.
Advantages of the cloud
- Increased opportunity for collaboration: across all areas of education, from learning to administration. For example, Google Drive and Microsoft Office 365 allow multiple students, educators, or other staff to contribute to the same document, reducing complexity and potential confusion.
- Risk management: data stored in the cloud cannot be destroyed by a local failure or accident.
- Anywhere, anytime: students and teachers can access work stored in the cloud from home, at school, on the bus or anywhere they can connect. All that’s needed is an internet browser.
- Data security and privacy: Storing your data offsite with a cloud provider can mean it’s more secure, as they will have substantial resources and expertise in protecting against viruses, malware (malicious software), and attacks. However, you should look into each case individually.
- Savings potential: Cloud-based systems do not require school-based server and network maintenance, saving schools the cost of hiring IT professionals to provide this. Additional software cost savings could also have a positive impact on school budgets.
Drawbacks of the cloud
In the past, reliability of connectivity (from the provider end) has been an issue. However, this is rapidly improving, especially with regard to the large providers like Google and Microsoft.
Downtime (when a system fails) is an issue that should still be considered for cloud-based systems. Again, major downtime incidents are becoming less common, particularly amongst larger providers. However, there may be a number of intermediary providers involved that should also be considered, for instance lapses in local ISP (Internet Service Provider) connectivity could prevent access to cloud-stored files for a period of time.
Some other potential drawbacks include:
- Availability of data offline: Some providers are not allowing material to be opened in any way apart from access through their servers.
- Data costs: Increased data consumption arising from on-going cloud use can mean increased costs for schools. Extra costs may also arise from the transfer of existing files up into the cloud to start with, and transfer back down to local networks for activities such as printing.
- Potentially reduced ability to control access to software types and features, thus controlling costs of software licensing.
- Privacy: As mentioned above, while information stored in the cloud can be more secure, cloud-based storage and increased connectivity can mean information is open to mis-use.
N4L and the managed network
Cloud computing is set to become more attractive to schools with N4L’s managed network becoming available from the end of 2013.
N4L’s managed network is set to provide affordable, safe, predictable, ultra-fast internet connectivity for schools with uncapped data – all things that are important when it comes to cloud computing. Andy Schick, Marketing Manager for N4L, explains.
“The managed network is very important because cloud services can’t be leveraged properly without really solid internet connectivity. What we know is that ultra-fast broadband can provide fantastic potential speeds and stability for schools, but whether that potential is realised or not is largely dependent on the provider.
“That’s where N4L comes in: we’re designing the managed network specifically for New Zealand schools, so this isn’t just commodity internet. Part of our work will be to gain an understanding of cloud applications as they are used in schools and to make sure we are always improving the pathways between those applications and schools. We’ll be constantly supporting the environment to deliver a great experience.”
A vulnerability trade-off
For schools, privacy is a key consideration. Issues around this have been in the public eye recently, in particular, concern has been expressed at the way some organisations are sharing information with government agencies.
Neil Melhuish at Netsafe believes that any school that adopts cloud computing as all or part of its digital way of life should be thinking about what he calls a ‘vulnerability trade-off’. This means that any increase in connectivity could lead to an increase in potential for both malicious attack and privacy risk.
“The more secure a network is, the less accessible it is. If you unplug completely and isolate your school’s network from the wider internet, then it is 100 per cent secure. But then, nobody can use it effectively. That’s why disclosure and on-going risk management are so important.”
The bottom line is that there are as yet no hard and fast rules that schools can follow. Ultimately, schools are responsible for making their own assessment of cloud service providers. The Privacy Act dictates that schools are responsible for ensuring that information identifying persons is protected “by such security safeguards as it is reasonable in the circumstances to take.”
Selecting a service
Netsafe cannot give schools a ‘thumbs up (or down)’ on any particular cloud-based service, but Neil says there are some key themes that should be considered during the assessment of any supplier.
- Who owns the data? Does the information that is stored with the service remain the property of the school?
- How is the data being used? Will the school’s data be used only for providing the service (i.e. does the service use any data for its own commercial reasons, such as advertising?)
- Which country’s laws apply to the service? This is an issue that recent media coverage has brought to light. Many cloud services are based in the United States of America and therefore are not subject to New Zealand law.
- Is there a succinct and comprehensive overview of the service’s security and privacy policies?
- Are the service’s terms and conditions plainly written and easy to follow?
- What is the provider’s track record like? It should be fairly simple to find out if there has been any negative media coverage.
The best place teachers can go to familiarise themselves with the Privacy Act, and how it applies to cloud computing, is the Office of the Privacy Commissioner (see link below). Netsafe have an on-going relationship with the Ministry of Education, so can provide advice to schools through their website and seminars that they run.
Assessment and consultation
This means that the school community can be kept informed of the measures used to ensure the privacy of data, and that the school is as transparent as possible about what data is being used for, and by whom. Schools should continue to seek consent when the nature of data use changes from that which has been authorised.
Neil says that, unfortunately, because the disclosure documents that many companies cover themselves with are so complex, most schools are unlikely to have the capacity to make a legally thorough assessment of cloud terms and conditions. Again, recent media coverage has highlighted the dangers of this.
Risk mitigation for schools should be two-pronged, says Neil. Schools should do everything they can to arrive at a reasoned assessment of a cloud provider and the terms and conditions they commit to. Keeping the community ‘in the loop’ is just as important.
“The ‘informed consent’ approach is generally effective when implementing safe and responsible educational use of technology. This is because on-going disclosure emphasises a process, rather than a one-off judgement. That is appropriate to the online medium, which is never static.”
Employing common sense
Neil points out that we all take a risk when doing anything online, but says that shouldn’t put schools off capitalising on the opportunities afforded by cloud computing. If there’s one thing that the internet has, it’s the potential for community, and collective knowledge is power in the online universe.
The Ministry of Education’s Enabling e-Learning section on Te Kete Ipurangi (TKI) provides information, resources, and communities to support teachers and schools in developing their use of digital technologies:
The Office of the Privacy Commissioner provides advice in Cloud Computing – A guide to making the right choices:
More information on N4L and the managed network for schools:
By Jaylan Boyle