CoSN Assesses Cloud Risks and Realities

  • By Margo Pierce
  • 02/05/13

Nearly all K-12 schools now use cloud technology in some form. But how many understand all the possibilities and pitfalls? That's the question posed by Security and Privacy of Cloud Computing, a new report to members of the Consortium for School Networking (CoSN).

“With nearly 90 percent of K-12 institutions reporting the use of one or more cloud-based applications, there are a growing number of school systems nationwide that must understand the potential challenges and opportunities associated with working ‘in the cloud,’” said Keith Krueger, CEO of CoSN, in a news release.

The report focuses on the privacy, security, and regulatory compliance impacts of “software as a service (SaaS) cloud computing. (One of the report’s authors, Jim Siegl, chair of the CoSN Technical Committee, explained some of these same issues in The Price of Free Cloud Resources.)

The report outlines common security and privacy risks that schools face. It offers administrators a list of questions to use when evaluating service-level agreements (SLAs) related to vendor services:

Availability

  • Does the provider offer a guaranteed service level?
  • What is the backup-and-restore process in case of a disaster?
  • What is the provider’s protection against denial-of-service attack?
  • What happens to your data if the provider shuts down or is sold?

Security

  • Does the provider use SSL encryptions on all pages, and not just the login and account-creation pages?
  • For multi-tenant hosting (many schools sharing the same system), how is data separated from that of other customers?
  • Does the provider perform background checks on personnel with administrative access to servers, applications, and customer data?
  • What happens if your cloud service provider has a data breach?
  • Do you have the ability to perform security incident investigations or e-discovery? If not, will the provider assist you?

Legal and Regulatory

  • Where is data hosted?
  • If there is a contract, does it state that the provider (and any subcontractors) will operate as a “School Official” as defined by FERPA?

As one in a series of EdTechNext “mini-reports developed to keep educators updated on the latest technology trends and their educational value,” the report offers a comprehensive overview of cloud computing security and privacy issues.

About the Author

Margo Pierce is a Cincinnati-based freelance writer.

Featured

  • Indianapolis Public Schools Adopt DreamBox Math

    Thanks to a new partnership with Discovery Education, all Indianapolis Public Schools (IPS) K–8 students and teachers will gain access to DreamBox Math, which blends curriculum and continuous formative assessments that adapt to student needs to boost achievement.

  • The First Steps of Establishing Your Cloud Security Strategy

    In this guide, we'll identify some first steps you can take to establish your cloud security strategy. We'll do so by discussing the cloud security impact of individual, concrete actions featured within the CIS Critical Security Controls® (CIS Controls®) and the CIS Benchmarks™.

  • Google Brings Gemini AI to Teens in the Classroom

    Google is making its Gemini large language model available for free for students ages 13 and up in the United States (age minimums vary by country), via Google Workspace for Education accounts.

  • A top-down view of a person walking through a maze with walls made of glowing blue Wi-Fi symbols on dark pathways

    Navigating New E-Rate Rules for WiFi Hotspots

    Beginning in funding year 2025, WiFi hotspots will be eligible for E-rate Category One discounts. Here's what you need to know about your school's eligibility, funding caps, tracking requirements, and more.