Cloud Computing | News

CoSN Assesses Cloud Risks and Realities

• By Margo Pierce
• 02/05/13

Nearly all K-12 schools now use cloud technology in some form. But how many understand all the possibilities and pitfalls? That's the question posed by Security and Privacy of Cloud Computing, a new report to members of the Consortium for School Networking (CoSN).

“With nearly 90 percent of K-12 institutions reporting the use of one or more cloud-based applications, there are a growing number of school systems nationwide that must understand the potential challenges and opportunities associated with working ‘in the cloud,’” said Keith Krueger, CEO of CoSN, in a news release.

The report focuses on the privacy, security, and regulatory compliance impacts of “software as a service (SaaS) cloud computing. (One of the report’s authors, Jim Siegl, chair of the CoSN Technical Committee, explained some of these same issues in The Price of Free Cloud Resources.)

The report outlines common security and privacy risks that schools face. It offers administrators a list of questions to use when evaluating service-level agreements (SLAs) related to vendor services:

Availability

• Does the provider offer a guaranteed service level?
• What is the backup-and-restore process in case of a disaster?
• What is the provider’s protection against denial-of-service attack?
• What happens to your data if the provider shuts down or is sold?

Security

• Does the provider use SSL encryptions on all pages, and not just the login and account-creation pages?
• For multi-tenant hosting (many schools sharing the same system), how is data separated from that of other customers?
• Does the provider perform background checks on personnel with administrative access to servers, applications, and customer data?
• What happens if your cloud service provider has a data breach?
• Do you have the ability to perform security incident investigations or e-discovery? If not, will the provider assist you?

Legal and Regulatory

• Where is data hosted?
• If there is a contract, does it state that the provider (and any subcontractors) will operate as a “School Official” as defined by FERPA?

As one in a series of EdTechNext “mini-reports developed to keep educators updated on the latest technology trends and their educational value,” the report offers a comprehensive overview of cloud computing security and privacy issues.