Skip to main content

Home/ Diigo In Education/ Group items tagged cloud security

Rss Feed Group items tagged

D. S. Koelling

Embracing the Cloud: Caveat Professor - The Digital Campus - The Chronicle of Higher Ed... - 37 views

  • My work as chief privacy and security officer at a large public university has, however, given me pause to ask if our posture toward risk prevents us from fully embracing technology at a moment of profound change.
  • Consequently, faculty members are accepting major personal and institutional risk by using such third-party services without any institutional endorsement or support. How we provide those services requires a nuanced view of risk and goes to the heart of our willingness to trust our own faculty and staff members.
  • The technologically savvy among us recognize that hard physical, virtual, and legal boundaries actually demark this world of aggressively competitive commercial entities. Our students, faculty, and staff often do not.
  • ...5 more annotations...
  • But can we embrace the cloud? Can the faculty member who wears our institution's name in her title and e-mail address, to whom we've entrusted the academic and research mission of the institution, be trusted to reach into the cloud and pluck what she believes is the optimal tool to achieve her pedagogical aims and use it? Unfortunately, no. Many faculty and staff members simply use whatever service they choose, but they often do not have the knowledge or experience needed to evaluate those choices. And those who do try to work through the institution soon find themselves mired in bureaucracy.
  • First we review the company's terms of service. Of course, we also ask the company for any information it can provide on its internal data security and privacy practices. Our purchasing unit rewrites the agreement to include all of the state-required procurement language; we also add our standard contract language on data security.

    All of this information is fed into some sort of risk assessment of varying degrees of formality, depending on the situation, and, frankly, the urgency. That leads to yet another round of modifications to the agreement, negotiations with the company, and, finally, if successful, circulation for signatures. After which we usually exhume the corpse of the long-deceased faculty member and give him approval to use the service in his class.

    We go through this process not from misguided love of bureaucracy, but because our institutions know of no other way to manage risk. That is, we have failed to transform ourselves so we can thrive and compete in the 21st century.

  • But our faculty and staff are increasingly voting with their feet—they're more interested in the elegance, portability, and integration of commercial offerings, despite the inability to control how those programs change over time. By insisting on remaining with homegrown solutions, we are failing to fall in lockstep with those we support.
  • Data security? Of course there are plenty of fly-by-night operations with terrible security practices. However, as the infrastructure market has matured (one of the generally unrecognized benefits of cloud services), more and more small companies can provide assurances of data security that would shame many of us even at large research-intensive institutions.
  • If higher education is to break free of the ossified practices of the past, we must find ways to transfer risk acceptance into the faculty domain—that is, to enable faculty to accept risk. Such a transformation is beyond the ability of the IT department alone—it will require our campus officials, faculty senates, registrars, and research and compliance officers working together to deeply understand both the risks and the benefits
1 - 2 of 2
Showing 20 items per page