CoSN Assesses Cloud Risks and Realities

Nearly all K-12 schools now use cloud technology in some form. But how many understand all the possibilities and pitfalls? That's the question posed by Security and Privacy of Cloud Computing, a new report to members of the Consortium for School Networking (CoSN).

“With nearly 90 percent of K-12 institutions reporting the use of one or more cloud-based applications, there are a growing number of school systems nationwide that must understand the potential challenges and opportunities associated with working ‘in the cloud,’” said Keith Krueger, CEO of CoSN, in a news release.

The report focuses on the privacy, security, and regulatory compliance impacts of “software as a service (SaaS) cloud computing. (One of the report’s authors, Jim Siegl, chair of the CoSN Technical Committee, explained some of these same issues in The Price of Free Cloud Resources.)

The report outlines common security and privacy risks that schools face. It offers administrators a list of questions to use when evaluating service-level agreements (SLAs) related to vendor services:

Availability

  • Does the provider offer a guaranteed service level?
  • What is the backup-and-restore process in case of a disaster?
  • What is the provider’s protection against denial-of-service attack?
  • What happens to your data if the provider shuts down or is sold?

Security

  • Does the provider use SSL encryptions on all pages, and not just the login and account-creation pages?
  • For multi-tenant hosting (many schools sharing the same system), how is data separated from that of other customers?
  • Does the provider perform background checks on personnel with administrative access to servers, applications, and customer data?
  • What happens if your cloud service provider has a data breach?
  • Do you have the ability to perform security incident investigations or e-discovery? If not, will the provider assist you?

Legal and Regulatory

  • Where is data hosted?
  • If there is a contract, does it state that the provider (and any subcontractors) will operate as a “School Official” as defined by FERPA?

As one in a series of EdTechNext “mini-reports developed to keep educators updated on the latest technology trends and their educational value,” the report offers a comprehensive overview of cloud computing security and privacy issues.

About the Author

Margo Pierce is a Cincinnati-based freelance writer.

Featured

  • blue AI cloud connected to circuit lines, a server stack, and a shield with a padlock icon

    Report: AI Security Controls Lag Behind Adoption of AI Cloud Services

    According to a recent report from cybersecurity firm Wiz, nearly nine out of 10 organizations are already using AI services in the cloud — but fewer than one in seven have implemented AI-specific security controls.

  • stacks of glowing digital documents with circuit patterns and data streams

    Mistral AI Intros Advanced AI-Powered OCR

    French AI startup Mistral AI has announced Mistral OCR, an advanced optical character recognition (OCR) API designed to convert printed and scanned documents into digital files with "unprecedented accuracy."

  • robot waving

    Copilot Updates Aim to Personalize AI

    Microsoft has introduced a range of updates to its Copilot platform, marking a new phase in its effort to deliver what it calls a "true AI companion" that adapts to individual users' needs, preferences and routines.

  • teenager interacts with a chatbot on a computer screen

    Character.AI Rolls Out New Parental Insights Feature Amid Safety Concerns

    Chatbot platform Character.AI has introduced a new Parental Insights feature aimed at giving parents a window into their children's activity on the platform. The feature allows users under 18 to share a weekly report of their chatbot interactions directly with a parent's e-mail address.