Moving to the Cloud? What should you consider?

This year our school has adopted Google Apps for Education. Sounds simple, huh?

Not so. Decisions to move your staff and students into Cloud Computing solutions are complex and in my view, require thoughtful planning and consideration. When I became Director of ICT and eLearning at the start of 2013, my first job was to implement a new Learning Management System. That was pretty big and was the main focus for much of 2013, but the early stages of that project coincided with planning starting around the possibility of a move into the Google Apps space.

Why Google Apps? Plenty of reasons, but here are just a few.

The collaborative nature of the docs – the way students can work together and co-create. The visibility of works in progress when shared with teachers. The ability to provide feedback and formative assessment easily at point of need, when students are in the process of writing. The cloud storage provided to users – 30GB for each user when you’re a Google Apps for Education school. Providing staff with a cloud storage option that sits within your domain, instead of having staff opening their own cloud storage accounts eg: Dropbox, and sharing school docs outside of a school domain. I’ll elaborate further on my reasoning in another post (and I promise I’ll get to it!!).

But before any decisions could be made, I needed to familiarise myself with issues surrounding Cloud Computing so that I could evaluate whether or not a move in this direction was right for my school. What did this involve? Reading, and plenty of it. I looked at Gartner and Forrester research and followed links shared on Twitter to business blogs like Harvard Business Review and Forbes. I needed to see where business was heading and explore speculation about the future of work and what might be required. I read countless articles about cloud storage and privacy concerns. And through all this, I was linking what I was reading to the education system and analysing how what applies in business translates to school environments.

Coming across Data Sovereignty and the Cloud: A Board and Executive Officer’s Guide , published by the Cyberspace Law and Policy Centre, UNSW Faculty of Law was fortuitous. The report was sponsored by  NEXTDCBaker & McKenzie and Aon. NEXTDC is a data centre company, looking to become the biggest cloud data centre storage service in Australia. I have visited their Port Melbourne location, taking a tour through what is an impressive facility. Baker and McKenzie are a law firm and Aon is a global provider of risk management services. When you look at recent changes to Australian Privacy Laws you can see why organisations like this are interested in supporting research and policy reports of this nature. Australian Privacy Principle 8 deals with cross border disclosure of personal information – an area affecting schools and businesses if you use a cloud computing solution where the data is stored in overseas data centres.

The report raised many questions for me, and led to a 90 minute phone conversation with David Vaile, one of the authors of the report. Even at the end of that, I was no closer to firm resolve around the issues surrounding cloud computing and privacy. Within the report is reference to the Australian Signals Directorate’s (Defence Force) Cloud Computing considerations. Their discussion paper provides the following:

“…assists agencies to perform a risk assessment and make an informed decision as to whether cloud computing is currently suitable to meet their business goals with an acceptable level of risk.”

Contained within it is an overview of Cloud Computing considerations you can apply to whatever platform you are looking at implementing. In my case, this was Google Apps for Education. What I did was take this list (as follows) and then read Google Security Whitepapers and information about GAFE and found the information that addressed the following considerations.

  1. Cloud computing security considerations include:
    • My data or functionality to be moved to the cloud is not business critical (19a).
    • I have reviewed the vendor’s business continuity and disaster recovery plan (19b).
    • I will maintain an up to date backup copy of my data (19c).
    • My data or business functionality will be replicated with a second vendor (19d).
    • The network connection between me and the vendor’s network is adequate (19e).
    • The Service Level Agreement (SLA) guarantees adequate system availability (19f).
    • Scheduled outages are acceptable both in duration and time of day (19g).
    • Scheduled outages affect the guaranteed percentage of system availability (19h).
    • I would receive adequate compensation for a breach of the SLA or contract (19i).
    • Redundancy mechanisms and offsite backups prevent data corruption or loss (19j).
    • If I accidentally delete a file or other data, the vendor can quickly restore it (19k).
    • I can increase my use of the vendor’s computing resources at short notice (19l).
    • I can easily move my data to another vendor or in-house (19m).
    • I can easily move my standardised application to another vendor or in-house (19m).
    • My choice of cloud sharing model aligns with my risk tolerance (20a).
    • My data is not too sensitive to store or process in the cloud (20b).
    • I can meet the legislative obligations to protect and manage my data (20c).
    • I know and accept the privacy laws of countries that have access to my data (20d).
    • Strong encryption approved by DSD protects my sensitive data at all times (20e).
    • The vendor suitably sanitises storage media storing my data at its end of life (20f).
    • The vendor securely monitors the computers that store or process my data (20g).
    • I can use my existing tools to monitor my use of the vendor’s services (20h).
    • I retain legal ownership of my data (20i).
    • The vendor has a secure gateway environment (20j).
    • The vendor’s gateway is certified by an authoritative third party (20k).
    • The vendor provides a suitable email content filtering capability (20l).
    • The vendor’s security posture is supported by policies and processes (20m).
    • The vendor’s security posture is supported by direct technical controls (20n).
    • I can audit the vendor’s security or access reputable third-party audit reports (20o).
    • The vendor supports the identity and access management system that I use (20p).
    • Users access and store sensitive data only via trusted operating environments (20q).
    • The vendor uses endorsed physical security products and devices (20r).
    • The vendor’s procurement process for software and hardware is trustworthy (20s).
    • The vendor adequately separates me and my data from other customers (21a).
    • Using the vendor’s cloud does not weaken my network security posture (21b).
    • I have the option of using computers that are dedicated to my exclusive use (21c).
    • When I delete my data, the storage media is sanitised before being reused (21d).
    • The vendor does not know the password or key used to decrypt my data (22a).
    • The vendor performs appropriate personnel vetting and employment checks (22b).
    • Actions performed by the vendor’s employees are logged and reviewed (22c).
    • Visitors to the vendor’s data centres are positively identified and escorted (22d).
    • Vendor data centres have cable management practices to identify tampering (22e).
    • Vendor security considerations apply equally to the vendor’s subcontractors (22f).
    • The vendor is contactable and provides timely responses and support (23a).
    • I have reviewed the vendor’s security incident response plan (23b).
    • The vendor’s employees are trained to detect and handle security incidents (23c).
    • The vendor will notify me of security incidents (23d).
    • The vendor will assist me with security investigations and legal discovery (23e).
    • I can access audit logs and other evidence to perform a forensic investigation (23f).
    • I receive adequate compensation for a security breach caused by the vendor (23g).
    • Storage media storing sensitive data can be adequately sanitised (23h).
    • ( Cloud Computing Security Considerations )

This took some time. There were weeks out of my life in 2013 where I was living and breathing information regarding privacy, security and cloud computing. Believe you me, if you encountered me during this time, my conversation topics were limited and suitable only for a specific audience!

But, it was worth it. I had a document I could present to my Executive that helped us come to the decision that Google Apps for Education was suitable for our school environment. What I gained from this exercise was a thorough understanding of issues surrounding Cloud Computing and the information I needed to be able to speak confidently with my school community about the move we were making.

If you’re a school looking to move into the Cloud Computing space, then measures like this are necessary. If you’re an Australian school looking for links to assist you with the process, then take a look at the following.

Defence Signals Directorate – Cloud Computing Considerations

http://www.dsd.gov.au/publications/csocprotect/cloud_computing_security_considerations.htm

Data Sovereignty and the Cloud  – a Board and Executive Officer’s Guide

http://cyberlawcentre.org/data_sovereignty/CLOUD_DataSovReport_Full.pdf

And if you’re looking to go Google, the following will help.

Google’s approach to IT Security – A Google Whitepaper

https://cloud.google.com/files/Google-CommonSecurity-WhitePaper-v1.4.pdf

Google Apps Service Level Agreement

http://www.google.com/apps/intl/en/terms/sla.html

Google Apps Documentation and Support – Security and Privacy Overview

http://support.google.com/a/bin/answer.py?hl=en&answer=60762

Google Apps for Education

http://www.google.com/enterprise/apps/education/benefits.html

Security Whitepaper: Google Apps Messaging and Collaboration Products

http://static.googleusercontent.com/external_content/untrusted_dlcp/www.google.com/en/us/a/help/intl/en-GB/admins/pdf/ds_gsa_apps_whitepaper_0207.pdf

It’s not over for me. The next thing to consider is replication of data to cloud storage. Off I am to the Amazon Web Summit next week in Sydney to explore that one a little further. 😉

 

School’s out Friday

I’ve been missing in action lately.

Why?

Well, work is occupying a lot of my time right now. In fact, I’m working pretty much all day and then following up that with more work into the night. I’m consumed with getting my head around cloud storage, SaaS (Software as a Service) and the implications this has for privacy. It’s pretty intensive and has required some heavy duty reading. Do I feel like I’m settled in where I sit with my thinking around all of this? No, I’m not. I’m torn in fact, and being in this state means that I seem to do nothing but think about this all the time.

Yes, that is the life I lead folks. One consumed by my work. I counsel myself by knowing that this is a subject matter that needs pursuing, and answers need to be made clearer for schools who are signing up for Cloud based storage and SaaS. Hopefully, as things become clearer in my head I’ll be able to share my thinking here.

Time to clear the head and get some sleep, only to ponder more in the morning.

Enjoy your weekend. Grab some downtime (advice I should follow…)

School’s out Friday

This is the second time I’ve posted a Halloween video from Matthew Weathers, a Maths Lecturer at Biola University in California. As one of the comments on YouTube says about him, “You are seriously the coolest teacher in the planet.” Halloween’s approaching pretty fast; Matthew better start planning if he’s going to come up with something to rival this!

It’s school holidays here in Victoria, and I’ve had a bit of a lazy week. Not that I’m complaining. Lazy beats frantically busy right now! One thing I have been able to do is to keep up with my Twitter and Google+ stream, and there have been some interesting announcements over the past week. Things are firing up in the Tablet market with the release of the Kindle Fire. It’s a Kindle for movies, music, apps, games, reading & more. The price point, US $199, might just make it a serious contender up against the iPad 2.

It’s powered by a Cloud Accelerated browser they are calling Amazon Silk. What they are doing is utilising the Amazon cloud to provide a faster user experience and to enable streaming for your content. Rather than me try to explain what that means, take a look at the experts from Amazon explaining it below.

It’s release date in the US is November the 15th, and as yet, there seems to be no information about when we might be able to obtain it here in Australia. If they’re smart, they’ll make sure it’s available prior to Christmas. I could see quite a few Yuletide stockings being filled with one of these.

Enjoy the weekend. AFL Grand Final day here in Melbourne tomorrow. I’m gunning for Geelong – go Cats!

 

Explaining Evernote

Image representing Evernote as depicted in Cru...
Image via CrunchBase

I’ve had an Evernote account for some time now, and really think it is one of the best organisational tools available. I love that it exists as an account I can access from any computer, anywhere. I love the desktop version that sits on my Mac. I love the web clipper add on that I use with my Firefox browser. I especially love the Evernote apps I have downloaded to my iPhone and iPad that enable me to get access to what is stored on Evernote and also enable me to add to the account easily. I love that everything syncs so quickly, and that I can use it without an internet connection knowing that it will sync once an internet connection has been established.

I created this screencast recently about Evernote and thought some of you who know nothing about it might benefit from watching it. It is by no means an exhaustive account of what it can do, because truly, I know I haven’t explored everything it is capable of doing. I ran a Staff PD about Evernote and Dropbox after school last week, and people who came were very impressed with the potential it has for education, and their own personal management of data. I would love to see us introduce Evernote to all of our students, and start them really thinking about how they can use it to manage class projects, or save data from whiteboards or even their handwritten notes. It is part of my plan to try and get this happening at my school, and staff members who attended tonight’s session seemed to be in agreement that this would be a positive thing.

One thing that people are wary of is storing their data in the cloud (on an organisation’s servers). There has to be a certain comfort level you have with releasing your data to someone else to store it for you, and people do get concerned that other people (hackers) might be able to access their documents or notes. Dropbox has been under fire in the past week, for a bug in their system that caused a security glitch that allowed people to log into any Dropbox account by typing in any password at all for a period of four hours. Even prior to this unfortunate ‘glitch’ Dropbox have been criticised about their levels of data security.

I think we all have to be mindful that when you host your data elsewhere, and for free, you have to accept that with convenience comes some cost. That cost may be that companies hosting your data could give some of it to Government agencies if it’s requested. It may be that you leave yourself open to hackers who seem intent of late to usurp the claims made by cloud storage companies that data is safe. I certainly love the convenience of being able to access data across multiple devices, but I’m certainly not going to be storing any sensitive documentation there that I wouldn’t want anyone else accessing.

This is part of the game that is the World Wide Web now. Know the rules before you start playing is as good advice as any I’m guessing.

Google’s book to help us understand the Web.

Google have produced a very handy online book explaining how the Web works. 20 Things I Learned About Browsers and the Web provides explanations about Cloud Computing, HTML, Web apps,  browsers, privacy, and a number of other topics that many people would have no clue about. 

Most of us use the Web on a daily basis, but many people have no idea how it works or how they can read the information in an URL to determine the nature or validity of a site. The explanations in this book are simply stated, and easy to understand. As you’d expect, the book makes quite a few references to the Google Chrome browser, but that’s fair enough given that they’ve gone to the effort of producing the book and making it freely available for us to use.

We really owe it to ourselves to have a deeper understanding of the Web, especially as it becomes more and more pervasive in our lives. I’ll certainly be using this book with the students I teach.

The Horizon Report: 2009 K-12 Edition

Educause and the New Media Consortium have just released the K – 12 Edition of The Horizon Report. Horizon Reports always make for interesting reading, as they predict the time to adoption of many of the emerging technologies finding their way into the fabric of our teaching. Horizon reports usually have as their focus higher education institutions. This report has K – 12 education as its focus so their evaluation of likely adoption in Primary and Secondary education is especially interesting.

One of the very interesting observations they make in the findings is that assesment and filtering impact on the degree to which some technologies can be adopted in school settings. It’s the old story of assessment driving curriculum and affecting adoption of new ways of doing things. There is no doubt it is difficult assessing someone’s efforts commenting on blog posts or their participation in ning networks. And yet these are valid pursuits that can lead to real engagement in learning. Filtering is another issue; the unfortunate fact is that impressive tools like Voicethread and Ning are often classified as ‘social networks’ or ‘chatrooms’ and filtering software prevents them loading in some schools. I’ve had to go to my network administrators to have blocks removed and I’ve heard the same story from many other educators.  

So, what are the findings, what are the trends to watch?

Time to adoption – One year or less

  • Collaborative Environments
  • Online Communication Tools

Time to Adoption – Two to three years

Time to Adoption – Four to five years

I don’t know if I totally agree with their findings. I’d find it surprising to see Nings become mainstream in the next year within school settings, given that most of the educators I know stare at you blankly when you mention the word. Unless we some some major investment from Government to support  Professional Development for teachers in the field of new technologies, I just can’t see mainstream adoption in such a short time frame.

Take a read for yourself. It’s well worth downloading and showing to your school administration. Congratulations go to Judy O’Connell who served on the advisory board of the project.  

Reblog this post [with Zemanta]

Trends to watch- how should educators respond?

I was reading an online article today from eweek.com called ‘Five trends to watch in 2009’.  Their focus audience is small to medium size business. The five trends to watch as they saw it were;

1. Cloud Computing.

2. Virtualisation

3. Notebook/Netbook adoption

4. Open Source Software

5. Online Social Networking

My question is, are we as educators onto this? If we are going to effectively prepare our students for the workplaces they will be entering, shouldn’t we be incorporating some of these applications into our teaching environments and curriculum?

I work in a 1:1 school, but as we see the cost of computers and wireless air devices reduce I could envisage students fronting up in both private and public education with their own computers with internet access at the ready. I’m wondering if schools are prepared for this?

* Update –  Many students today have phones with internet access – don’t know why I didn’t think of this when I was writing this post. Just dim sometimes! Once again though, many schools take the no phones in class policy when they should be capitalising on the incredibly powerful tool students have at their disposal.

I know that this year I intend to make greater use of the cloud and create and store more of my documentation using online applications. It just makes sense. It’s something I intend to share with my students and will be encouraging them to use Google docs and notebook.   

These are ideas we need to keep at the forefront of our thinking if we are going to best prepare our students for the workplaces they will be entering.

Reblog this post [with Zemanta]