“I think the cost case is so compelling that people will move toward the cloud, but they’ll do that with vigilance,” he said, adding that IT officials shouldn’t commit to a cloud-computing service until security-related questions are addressed. “If the answers aren’t crisp and clear, you should look somewhere else. If there weren’t the cost implications there, people would stay put [with on-campus networks] and cite security issues” as a reason to avoid the cloud.
Colleges and universities that have switched to cloud-based eMail overwhelmingly choose Google as their cloud service, according to the 2010 Campus Computing Project survey.
Nearly 60 percent of survey respondents from public universities who use eMail hosting services said their campus uses Gmail accounts, with 35 percent using Microsoft Outlook and 5 percent using Zimbra.
The disparity is even greater at private universities, where more than seven in 10 respondents said their school uses Gmail accounts, according to the research. Twenty-five percent said they use Microsoft.
Traditional campus IT operations have proven as vulnerable over the past year as the cloud services that receive extensive media attention when things go awry.
Ohio State University officials confirmed in December that Social Security numbers, dates of birth, and other personal information for about 760,000 current and former students were accessed by unauthorized network users.
OSU discovered the security lapse in late October and hired “the nation’s best computer forensic consultants” to search the school’s network and check what, if anything, had been taken from university records.
Michael Maloof, chief technology officer for information management company TriGeo Network Security, said universities’ penchant for collecting and keeping sensitive information will continue to attract online hackers looking for databases rich with valuable information, whether the school uses cloud services or not.
“The vast accumulation of data is exactly why higher education is such a lucrative target for attacks,” Maloof said, adding that constant monitoring could be the only way for college IT officials to fend off hackers. “Real-time monitoring of sensitive systems and data can spot suspicious behavior, either from inside or outside the organization, while there’s still time to act.”