Is Your Cloud Data Safe? Defense Department and K-12 Districts Share Concerns
As schools look to the cloud for software and hardware solutions, the opportunities for cost savings opportunities, combined with the operating efficiencies gained, are appealing. But what about the security of student data? Is the cloud a safe place for birth dates, social security numbers, and other sensitive personal information?
As schools look to the cloud for software and hardware solutions, the opportunities for cost savings opportunities, combined with the operating efficiencies gained, are appealing. But what about the security of student data? Is the cloud a safe place for birth dates, social security numbers, and other sensitive personal information?
Concerns about cutting security corners to save money are legitimate. So District Cloud Computing Contributing Editor Margo Pierce turned to an expert for a cloud security primer. Walt Mueller is vice president of engineering with the intelligence and security department at BAE Systems. He leads a team of 1,000 engineers who build cloud data storage systems for the US Department of Defense and national intelligence services, where protection of data is a key element.
Margo Pierce: One concern school administrators just getting used to the idea of taking advantage of cloud services have is the security of information being entrusted to somebody else. So, what exactly happens to information from a school when it goes out into the cloud?
Walt Mueller: It's put into an environment that shares common hardware with other pieces of information that's out there. The information is partitioned off virtually; that means it may be on the same piece of hardware, but with software in the middle separating one piece of data from another piece of data. So the protection of that information has to be in that software. If there's any failure in that separation, the information can be compromised. So there's a concern there.
Pierce: Well then, what can districts do to help themselves with this issue?
Mueller: If you really want to protect your data, you ought to encrypt it. Normally, people just put information on their drives and don't worry about encryption. If you add encryption to it, even if it's compromised, [whoever] gets into the data won't be able to de-encrypt.
The other thing you have to worry about is the actual way to communicate with the cloud over the network. In addition to sharing virtual infrastructure, [a school] would be sharing common network infrastructure and people can put listening things inside the network itself even before it gets into the cloud storage. So, if you worry about people picking it off, that would be another area where encrypting data before it's transmitted and stored is a way to double-ensure the data is protected.
Even the DOD (Department of Defense) IT community isn't at the point where they fully trust it yet, but they're getting closer.
Pierce: What is the benefit of cloud data storage to a school district?
Mueller: It's easier to share data. You have less duplication of data, especially with kids. Being able to deliver information in a common way.
Pierce: By delivering information, you're talking about things like digital content as opposed to textbooks?
Mueller: It's going to be a great learning enabler. Remember the backpack with 10 books--how do they walk with that? I just walk around with a tablet and connect it to everything. No more "I left my book at school."
And you get a lot more interactive learning with the tablets through the cloud. It's got a better reach out to all the students. Interactive-capability learning, we haven't even touched the surface on that.
Pierce: Sure, accessibility is great, but aren't there concerns about theft?
Mueller: Like anything--riding a bike, say--there's risks involved. Just understand those risks, put together strategies to mitigate it to where you're comfortable, and then go forward. If you don't accept that, then you're going to be left behind. Just look at video gaming and all they're learning from that. The interactivity that they've got, that's how we reach [students]. We've got to tap into that. Keep them engaged, and the only way to do that is through new technologies.
Pierce: It's that simple?
Mueller: Yes, there's risk when you get careless and start thinking, "I'm not going to encrypt it this time," because nothing has happened to you. When you start getting careless and making things open, it's like walking out of your house and leaving your door unlocked. Normally you lock it, but you had that one time somebody broke in and you should have locked it. Be vigilant about the security strategy that you take and I think you'll be OK.
Pierce: What is the future of cloud storage in K-12 education?
Mueller: I think everything ought to be out there in the cloud and accessible by anybody that's walking around with a tablet, an iPhone, whatever it might be. I think it's an enabler for learning and building things in the future. Of course, I'm an engineer, so building things is what I think about.
About the Author
Margo Pierce is a Cincinnati-based freelance writer.