Privacy and security concerns have, in the past, meant that many schools have refrained from migrating to the (mysterious) cloud. But – if Bett is anything to judge by – the start of a great change is upon us. We speak to the experts to assess cloud risks, benefits and how to set yourself up in this new digital arena
Moving to the cloud is no longer thought of as a risky step into the unknown or gaining entry to a brave new world. It has tangible benefits that include saving money and the streamlining of administrative and whole school processes, as well as encouraging collaboration in the classroom. The decision to move shouldn’t be taken lightly, however. Some schools will be better prepared than others because of their existing ICT infrastructure; by identifying a plan of action that includes strong security measures and connectivity protection SBMs can put themselves in prime position to end the mystery of the cloud!
Privacy and security
Privacy and security issues remain central to any decision making or planning related to procuring cloud services. “The majority of schools are unlikely to have big IT teams to look after security controls and policies so the management of both needs to be as simple as possible, allowing those responsible to monitor and control the cloud from a single, central platform,” says Ed Macnair, CEO at CensorNet. However, Mark Chambers, CEO at Naace, says that data security weaknesses will usually be evident in a school’s own system, rather than in the cloud. “With cloud services delivered by fewer people than the more traditional system there are consequently fewer points at which breaches can occur,” he says. “Many of the instances of errors happening in schools are ‘unintentional’ and it’s arguable that these can be reduced with good leadership and management; the vulnerabilities of cloud services are more prone to deliberate and malicious acts.”
Raza Baloch, director at Into the Cloud, says that schools can minimise security risks by starting with due diligence on cloud service providers. “Finding the right cloud service provider is hugely important. The government’s G-Cloud 8 framework agreement stipulates that a cloud provider must be accredited if they are going to carry out work with any school. Make sure your chosen provider has this accreditation.”
Planning for the big move
Where planning and infrastructure provisions are concerned changes to data protection legislative arrangements will soon prove to be of significant relevance to schools, according to Neil Watkins, managing director of Think IT. “A key consideration for SBMs to think about when transitioning to the cloud is data security and addressing who has access to what information. Shortly, every public-sector organisation will be required to have a data protection officer, which could become a significant burden for schools, especially primaries.”
Guidance from the Department for Education (DfE) outlines that three main areas need to be addressed when considering cloud transition: broadband, existing ICT infrastructure and readiness to transition. For example, the department recommends ‘high download and upload speeds’ for broadband, whilst warning against ‘duplication of costs’ in the case of contracts and current commitments. “Schools will need to do a full audit of their infrastructure as a move to the cloud will, undoubtedly, put greater strains on broadband and internal network connections,” says Carl Sheen, education training consultant for Genee World. “It may require an initial investment, but the benefits and cost-savings that will follow are well worth it.” Our experts also emphasise that two other key planning decisions should be made prior to a cloud system going live: determining which security measures you’ll introduce and whether to invest in extra connectivity protection.
Making the right connections
Raza says that SBMs should consider items like firewall protection, direct denial of service (DDOS) mitigation software and, for a fail-safe connection option, determine if having two internet service provider entry points is worthwhile. “If one entry point fails the other can be relied upon. A backup line will cost extra money and some schools may draw the conclusion it’s a wasted expense,” he says. “But, alas, when one connection fails, it will be a case of thinking, ‘Why didn’t we have two lines?’” For those unfamiliar with the term DDOS, it refers to a common method used by hackers to prevent users from accessing a given website. They flood a given entry point with traffic, thereby forcing a denial of service because the entry point can only handle a certain number of requests at one time. Returning to the subject of connectivity, Neil recommends a slightly different fail-safe option – installing fibre broadband in the ground with a 4G wireless solution as a backup. “New wireless solutions are fast enough that users won’t notice any degradation in service and prices are falling quickly so that they will shortly compete with fibre,” he explains.