It's true, the network does seem to get the blame for many things!
But if technology providers are to be believed, all our woes will soon be over, thanks to the advent of the “Cloud”.
This is a subject I get asked about a lot when I visit schools, so I wanted to put pen to paper to try and clarify what it's all about, as I know there is a great deal of confusion.
Interested in finding out more about ICT in schools? Take a look at our FREE White Paper to discover more >>
Before I get bombarded by emails from the true experts among you, I realise this is a gross simplification. However I think it summarises nicely the key aspects of a cloud environment for an independent school.
The benefits of this kind of arrangement include:
• Systems can generally be accessed from anywhere, using any device. This facilitates remote working, easy sharing of data and Bring Your Own Device (BYOD).
• The hardware, software and security of the cloud system is maintained and managed by the service provider, removing a huge burden of work, worry and cost from the school.
• Remote storage of the data makes disaster recovery and resilience much simpler to achieve. Backup almost ceases to matter – although you have to be careful of the geography of your cloud partner (on which, more later).
• Such systems tend to be licensed on a "per user, per month" basis, thereby removing large CapEx spends on replacement server equipment and making costly disk and SAN upgrades a thing of the past.
There are however a number of different types of cloud and it is very important that schools understand the differences between them and the benefits and risks associated with each before making any decision to migrate to the cloud.
Public Cloud
With public cloud, the provider stores data in a network of computers, which potentially may be located anywhere in the world, with server use and storage pooled among clients. This model reaps huge economies of scale for the providers, and as such they are able to offer comparatively low monthly subscription costs. Well-known examples of public cloud would include Microsoft Office 365 and Google Apps for Education (GAFE).
Private Cloud
With the private cloud model, the same benefits are delivered as with public cloud, but on a "private" basis, with separate resources being dedicated to each client at the cloud provider’s data centre. This provides greater security and control over data, including assurances over exactly where the data is held. Being a more individual service, private cloud can also offer a much more tailored experience for schools, encompassing not just data storage and the common Microsoft applications, but a full desktop of all their education software. However, as this model does not allow providers to leverage the economies of scale in the same way as public cloud, it is necessarily more expensive.
Due Diligence and Data Protection
It is important to realise with any cloud implementation that, although you are transferring control of your data to a third party, you still remain legally responsible for protecting that data. As such it is vital to carry out due diligence to ensure you are happy with the level of security, availability and legal compliance the provider offers. This should include looking at their Service Level Agreements around availability, compliance with security standards such as ISO27001, and examining their T’s &C’s to ensure you are clear where your data is going to be held (including not just “live” data but also copies for backup and disaster recovery).
On this latter point, the data protection act requires that personal data may not be transferred out of the EEA unless the territory to which it is sent ensures an adequate level of protection. Given the US dominance of public cloud provision, it is transfers to and from the US that are most likely to affect a UK customer.
Last October the EU-US Safe Harbour agreement that enabled data transfers between the EU and the US to comply with Data Protection laws was overturned. Its successor (the EU-US Privacy Shield) only came into effect in July and is already being contested in courts in Ireland and France. To keep European business flowing the large public providers (Microsoft Azure, Google, Amazon) have attempted to embed EU data protection laws in their contracts for EU citizens. However, if we learned one thing from Snowden, it is that the US Government considers all data processed by a US business to be “fair game” – wherever the ultimate user may be from. So even if the cloud provider is well intentioned toward protecting its EU client base; there is no guarantee that the US courts or government will agree.
What does this all mean for an independent school?
Caution should remain in place when using public cloud services. There are some excellent applications available for education and you should take full advantage, however, try and resist public cloud based messaging solutions (email etc) unless they guarantee EU only data processing & be careful about what data you share using public cloud tools. At the end of the day, school data will always remain the responsibility of the school, and therefore it is for the school to assess safeguarding risks.
Cloud technologies can be a fantastic tool to embed ICT into school life, however, many schools remain sufficiently concerned over data geography to adopt private cloud solutions, or indeed “closed cloud” solutions where all data remains in school. The latter is a topic in its own right which I shall be exploring in a future article.
Interested in finding out how entrustIT could help your schools ICT? Download our FREE White Paper to discover more >>