Daniel Liptrott, managing director of NCC Group’s escrow division, tells us about the latest cloud developments
Secondary schools aren’t usually the ones to adopt emerging technologies first, which is quite understandable. The element of risk associated with new innovations outweighs the potential benefits. Digital gambles are reserved for the private sector and those that can afford to fail.
However, as these technologies become more trusted and widespread, it makes sense for schools to explore whether to invest. If it can improve efficiency and ultimately improve teaching and learning then it’s something that should be considered.
We have certainly reached that stage with cloud computing. It’s a term that has become ubiquitous but also causes confusion – due mainly to the fact that it’s a very broad concept. What it boils down to is computing-as-a-service, with shared resources delivered as a utility over the Internet. This means applications, data and storage can all be accessed remotely. The efficiency comes from the massive economies of scale that can be achieved.
In October 2014, the European Commission predicted that cloud would be ‘commonplace’ within a year in many of Europe’s schools. Indeed, many schools across the country have now adopted cloud computing in a range of ways.
For example, Altrincham Grammar School for Girls in Manchester uses a few cloud hosted services: Edmodo is used by many staff for the Virtual Learning Environment (VLE) functionality, some events are scheduled using Doodle and the staff calendar is shared through Google. Steve Pearce, network and infrastructure manager said: “Now we’re part of the Bright Futures Educational Trust, the benefits of cloud hosted technology are becoming more apparent. We’re currently investigating a move to Microsoft’s Office 365 with its promise of increased unified collaboration and sharing tools for staff and students alike. In addition, we’re beginning to consider cloud-hosting services like Azure or Amazon’s EC2 to supplement on-site capabilities.”
Whether schools are simply using services like Dropbox and Google Drive, or storing pupil data with third party cloud providers, they need to be aware of both the legislation they are subject to, as well as potential pitfalls outside the bounds of regulation.
The UK Government recognised this, and has issued departmental advice for school leaders and school staff in relation to the Data Protection Act 1998 (the DPA) when considering moving some or all of their software services to internet-based cloud service provision.
It’s a good document, which I would recommend to any schools looking at adopting cloud services. It provides a simple checklist that schools should run through with their suppliers, to ensure they don’t fall foul of the DPA.
Risks associated with cloud computing include data breaches, where cyber criminals exploit security vulnerabilities to enter the system. There are also insider threats, where naïve or malicious employees gain access to sensitive data and misuse it in some way. A leak of highly confidential information could destroy a reputation in hours – which is of paramount importance to any school.
Additionally, a sudden loss of critical software is another common concern and could have the potential to bring a school to a stand still.
The severity of these threats only highlight the importance of good cloud practices – but given the responsibility for protecting from these hazards lies predominately with the provider, it can leave schools feeling helpless.
This is why provider due-diligence is so crucial. Scrutiny and careful examination during initial conversations with cloud providers can be the difference between efficiency savings and a disaster.
Two main considerations with regards to cloud provider due-dilligence:
· Ensure you have back-up: Any good provider should offer a comprehensive and secure back-up and recovery solution. Data will no longer be stored on your site, so you need guarantees that if something fails at their end you won’t be impacted. This is standard practice amongst the vast majority of providers but needs to be confirmed.
· Demand a contingency plan: It’s worth remembering that cloud providers are subject to the same stresses and strains as any organisation. If you trust them with critical applications or data, you need to know they’ll still be accessible if they run into financial difficulties or go out of business altogether. Schools should demand a contingency plan as part of any cloud package. All that’s needed is a simple interim continuity service that acts as a safety net, giving schools continued access to their data or software should any issues arise.
These are both small measures. But by taking them, and being careful with your provider choice, schools can ensure they learn from the mistakes of the private sector and use the cloud safely to improve delivery of teaching and learning.
Daniel Liptrott is managing director at global information assurance specialist NCC Group.