Risks Related To Cloud Computing Within The K - 12 Education System
As educators and students increasingly participate in cloud computing, it is imperative that everyone involved is aware of the inherent risks. Doing this will allow educators, parents, and students to make informed decisions and take possible precautions. The information below attempts to inform ETEC 522 students specifically of the key risks of cloud computing for those involved in K-12 education, as well as provide suggestions for mitigating this risks. Lastly, we hope to provide thoughtful discussion about school media release forms and issues related to BC's Freedom of Information and Protection of Privacy Act (FIPPA).
Top Three Key Risks and the Questions Related to Them:
Security - Who is managing my data? Where is my data being stored? If it is outside of the country in which I reside, do they have the same regulations?
Privacy - Is my data protected? Since I allow a service provider to host my data, do I still own my data?
Access - What if there is a service outage? How can I retrieve my data? Can I transfer my data to another provider should I choose to do so? What if my service provider goes out of business? Can I still access my data or is it lost? Does my district have enough bandwidth for when everyone is bringing their own devices (BYOD) to school and uploading/downloading from the cloud?
Top Three Key Risks and the Questions Related to Them:
Security - Who is managing my data? Where is my data being stored? If it is outside of the country in which I reside, do they have the same regulations?
Privacy - Is my data protected? Since I allow a service provider to host my data, do I still own my data?
Access - What if there is a service outage? How can I retrieve my data? Can I transfer my data to another provider should I choose to do so? What if my service provider goes out of business? Can I still access my data or is it lost? Does my district have enough bandwidth for when everyone is bringing their own devices (BYOD) to school and uploading/downloading from the cloud?
Security, Access and Privacy Concerns
Privacy continues to rank high among the biggest challenges facing educators, particularly Canadian educators wishing to use cloud computing with their students.
Although BC's Freedom of Information and Protection of Privacy Act (FIPPA), has recently had a review, it remains more stringent than other Canadian provinces, and the United States (BC Campus, 2011). Many educators have called for another review of this act as they feel it limits what they are currently able to do within their classroom and argue that the act does not reflect the shift in our current educational paradigm (BC Campus, 2011).
With an increasing amount of educators using U.S. based social media services such as Blogger, Facebook, Google Docs, Twitter to collaborate in learning environments, challenges around privacy are going to multiply exponentially. For example social media companies (or cloud computing services) that are based in the United States are bound by "The Patriot Act which allows the U.S. government to access the social media content and the personally identifying information without the user' knowledge or consent" (Klassen, 2011, p. 3). This stands in direct opposition of BC's FIPPA which "mandates that no personally identifying information of British Columbians can be collected without their knowledge and consent, and that such information not be used for anything other than the purpose for which it was originally collected" (Klassen, 2011, p.3).
The Office of the Information and Privacy Commissioner for British Columbia published Cloud Computing Guidelines For Public Bodies in June 2012. It recommends that a public body reviews the security that a cloud provider has in place by examining the following key areas:
Similarly, Gregg (2010) suggests that when considering cloud computing services, ten key questions should be asked.
Although BC's Freedom of Information and Protection of Privacy Act (FIPPA), has recently had a review, it remains more stringent than other Canadian provinces, and the United States (BC Campus, 2011). Many educators have called for another review of this act as they feel it limits what they are currently able to do within their classroom and argue that the act does not reflect the shift in our current educational paradigm (BC Campus, 2011).
With an increasing amount of educators using U.S. based social media services such as Blogger, Facebook, Google Docs, Twitter to collaborate in learning environments, challenges around privacy are going to multiply exponentially. For example social media companies (or cloud computing services) that are based in the United States are bound by "The Patriot Act which allows the U.S. government to access the social media content and the personally identifying information without the user' knowledge or consent" (Klassen, 2011, p. 3). This stands in direct opposition of BC's FIPPA which "mandates that no personally identifying information of British Columbians can be collected without their knowledge and consent, and that such information not be used for anything other than the purpose for which it was originally collected" (Klassen, 2011, p.3).
The Office of the Information and Privacy Commissioner for British Columbia published Cloud Computing Guidelines For Public Bodies in June 2012. It recommends that a public body reviews the security that a cloud provider has in place by examining the following key areas:
- Governance - policies, procedures, standards
- Identity and Access Management - controls for both users and employees
- Infrastructure Security - network, system and application security
- Encryption - during movement of data it should be encrypted so that it is not intercepted
- Contractual provisions - FIPPA needs to be discussed and addressed and limit third party disclosers.
Similarly, Gregg (2010) suggests that when considering cloud computing services, ten key questions should be asked.
- Where's the data? Different countries have different laws ~ see diagram below.
- Who has access? Control is a key concern... insider attacks? Hackers?
- What are your regulatory requirements? Will your cloud provider meet these and be willing to undergo review?
- Do you have the right to audit? All terms should be agreed upon in writing.
- What type of training does the provider offer their employees?
- What type of data classification system does the provider use? Encryption should be discussed.
- What are the service level agreement (SLA) terms?
- What is the long-term viability of the provider?
- What happens if there is a security breach?
- What is the disaster recovery/business continuity plan?
Activity 4:
|
|
Activity 5 - Case Study:The Scenario
Mrs. Trey has been doing lots of wonderful things with her Grade five class located somewhere with Canada. She wants to find a way to share and communicate the learning in the classroom with her student's parents. She decides to create a blog using the service of Blogger. Aware of concerns of privacy, Mrs. Trey only posts first names of her student's when she posts pictures and student work. Her administrator learns of her classroom blog and asks if her students have signed a media consent form to which Mrs. Trey responds "yes". Background Information: FIPPA (B.C.'s Privacy Act) Pursuant to section 30.1 of the Act, a public body (and its service providers) must ensure that personal information is stored only in Canada and accessed only in Canada unless one of the following applies: (a) if the individual the information is about has identified the information and has consented, in the prescribed manner, to it being stored in or accessed from, as applicable, another jurisdiction; (b) if it is stored in or accessed from another jurisdiction for the purpose of disclosure allowed under this Act; (c) if it was disclosed under section 33.1 (1) (i.1). Activity: Choose a school district from below and familiarize yourself with their media release form. Having knowledge of FIPPA section 30.1 Imagine that you are an administrator within this particular district. Next, please respond to one or two of the questions below on the Wallwisher.
Surrey's School Districts Media Consent Form Calgary's School District Media Consent Form Toronto's School District Media Consent Form Burnaby's School District Media Consent Form |
How do we prepare our students?
Video Reference:
PennState University. (2012, November 12). Cloud Computing Security - Simply Speaking. Retrieved on September 21, 2012 from http://youtu.be/WiFnz5XdaQM |
Activity 5 - Please respond on the Wallwisher below:
References
BCcampus (2011) Privacy and Cloud-based Educational Technology Conference Final Reprot. Retrieved fromhttp://www.bccampus.ca/assets/Content/Reports/Privacy-Conference-Report-April11-fomatted.pdf
Gregg, M. (2010) 10 Security Concerns for Cloud Computing. Retrieved from Tech Republic website:http://images.globalknowledge.com/wwwimages/whitepaperpdf/WP_VI_10SecurityConcernsCloudComputing.pdf
Katzan, H. (2010) On the Privacy of Cloud Computing. Retrieved from http://cluteonline.com/journals/index.php/IJMIS/article/view/824/808
Klassen, V. (2011) Privacy and Cloud-Based Educational Technology in British Columbia: A Background Paper. Retrieved from BCcampus website: http://www.bccampus.ca/assets/Content/Whitepapers/Background-Paper-Privacy-and-Ed-Tech.pdf
Office of the Information & Privacy Commissioner for British Columbia ( 2012). Cloud Computing Guidelines for Public Bodies. Retrieved fromhttp://www.oipc.bc.ca/pdfs/public/CloudComputingGuidelines(February2012).pdf
Powell, J. (n.d) Cloud computing – what is it and what does it mean for education? Retrieved from http://erevolution.jiscinvolve.org/wp/files/2009/07/clouds-johnpowell.pdf
Gregg, M. (2010) 10 Security Concerns for Cloud Computing. Retrieved from Tech Republic website:http://images.globalknowledge.com/wwwimages/whitepaperpdf/WP_VI_10SecurityConcernsCloudComputing.pdf
Katzan, H. (2010) On the Privacy of Cloud Computing. Retrieved from http://cluteonline.com/journals/index.php/IJMIS/article/view/824/808
Klassen, V. (2011) Privacy and Cloud-Based Educational Technology in British Columbia: A Background Paper. Retrieved from BCcampus website: http://www.bccampus.ca/assets/Content/Whitepapers/Background-Paper-Privacy-and-Ed-Tech.pdf
Office of the Information & Privacy Commissioner for British Columbia ( 2012). Cloud Computing Guidelines for Public Bodies. Retrieved fromhttp://www.oipc.bc.ca/pdfs/public/CloudComputingGuidelines(February2012).pdf
Powell, J. (n.d) Cloud computing – what is it and what does it mean for education? Retrieved from http://erevolution.jiscinvolve.org/wp/files/2009/07/clouds-johnpowell.pdf