Only 5 percent of colleges say they aren’t considering cloud computing options.
There’s a nightmare shared by college IT directors who have moved some of their online services to off-campus cloud computing networks: Becoming the focal point of a massive cloud data breach, and having to answer to administrators, students, and parents about what went wrong.
Even this disastrous scenario hasn’t kept higher education from moving—however tentatively—toward the cloud, at a higher rate than many industries.
Read more about cloud computing in higher education…
Higher ed taps IBM’s cloud computing
IT outsourcing: When it makes sense and when it doesn’t
Thirty-four percent of colleges and universities are implementing or maintaining cloud computing, according to a 2011 survey from CDW-G that tracked cloud adoption nationwide.
The survey questioned respondents from eight business and government sectors—and only large businesses adopted cloud computing more than higher education.
Colleges have gravitated toward cloud services—helping rid campuses of rooms filled with server racks that require costly and constant cooling—even as disturbing reports have surfaced this year. Nearly half of 1,200 IT decision makers polled by Trend Micro in June said they had encountered a cloud-based security incident within the past year.
The Trend Micro research didn’t focus on higher education, but its results show that cloud-computing concerns are pervasive: Half of respondents said security was their organization’s main barrier to cloud adoption.
Schools, companies, and organizations that have transferred sensitive data to the cloud overwhelmingly use encryption as another layer of security to protect from outside attacks.
Eighty-five percent of respondents to the Trend Micro survey said they use encryption, and more than half said they would more carefully consider a cloud-computing service if encryption was provided in the cloud package.
“All [campus IT officials] dread this thought that there could be some high-profile incident,” said David Cottingham, senior director for managed services with CDW-G. “No one wants to be on the cover of a magazine talking about a security breach and how it might have happened and how it could have been prevented.”
Many college IT chiefs, especially those who have managed a campus network since the technological dark ages, will worry about the security of their chosen cloud-computing network the same way they would about their own IT infrastructure, Cottingham said.
“They have very valid concerns, but those concerns aren’t all that different from the same concerns when they’re running their own dedicated servers,” he said, adding: “The idea of control is a big factor.”
University IT decision makers often weren’t willing to commit their entire institution to cloud computing.
Seven in 10 cloud users who responded to the CDW-G survey said they started their migration to the cloud with a single application, such as eMail in higher education—a service that has been farmed out by many of the most prominent campuses, such as Yale and Brown University.
Lingering security concerns could slow higher education’s shift to the cloud, experts said, but only 5 percent of college respondents to the CDW-G survey said they were “not considering” moving campus information to the cloud. Three in 10 said they were planning a move to a cloud-computing network.
Melissa Woo, director of cyber infrastructure at the University of Wisconsin-Milwaukee, has argued against unquestioned acceptance of cloud computing in higher education, pointing out glaring weaknesses in the cloud system and recent high-profile security breaches.
“Where [are] our student data being stored? Where [are] our research data being stored?” Woo said. “These are all risks we need to mitigate.”
Cloud vulnerabilities made headlines July 16 when Twitter’s co-founder said a hacker had access to private company documents after illegally accessing a Twitter employee’s eMail account.
The official Twitter blog said: “We believe the hacker was able to gain information which allowed access to this employee’s Google Apps account.” Google Apps for Education is a popular set of cloud-based tools for students and faculty used by thousands of schools and colleges nationwide.
The high-profile hack involving Twitter’s Google Apps program could give some college IT leaders pause when moving to a cloud network, but Twitter officials insist the program is safe.
“This attack had nothing to do with any vulnerability in Google Apps, which we continue to use,” the Twitter blog said. “This is more about Twitter being in enough of a spotlight that folks who work here can become targets. … This isn’t about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords.”
Cottingham from CDW-G said occasional news items trumpeting a cloud-computing breach—however small—continue to have an effect on campus technologists who might be considering further cloud adoption. Still, he expects higher education to trust cloud services more in coming years.
eMail services won’t be the only part of the campus IT infrastructure moved to the cloud, Cottingham said; decision makers eventually will use cloud services to store course schedules, provide storage solutions, and supply disaster recovery programs, along with myriad administrative functions.
“I think the cost case is so compelling that people will move toward the cloud, but they’ll do that with vigilance,” he said, adding that IT officials shouldn’t commit to a cloud-computing service until security-related questions are addressed. “If the answers aren’t crisp and clear, you should look somewhere else. If there weren’t the cost implications there, people would stay put [with on-campus networks] and cite security issues” as a reason to avoid the cloud.
Colleges and universities that have switched to cloud-based eMail overwhelmingly choose Google as their cloud service, according to the 2010 Campus Computing Project survey.
Nearly 60 percent of survey respondents from public universities who use eMail hosting services said their campus uses Gmail accounts, with 35 percent using Microsoft Outlook and 5 percent using Zimbra.
The disparity is even greater at private universities, where more than seven in 10 respondents said their school uses Gmail accounts, according to the research. Twenty-five percent said they use Microsoft.
Traditional campus IT operations have proven as vulnerable over the past year as the cloud services that receive extensive media attention when things go awry.
Ohio State University officials confirmed in December that Social Security numbers, dates of birth, and other personal information for about 760,000 current and former students were accessed by unauthorized network users.
OSU discovered the security lapse in late October and hired “the nation’s best computer forensic consultants” to search the school’s network and check what, if anything, had been taken from university records.
Michael Maloof, chief technology officer for information management company TriGeo Network Security, said universities’ penchant for collecting and keeping sensitive information will continue to attract online hackers looking for databases rich with valuable information, whether the school uses cloud services or not.
“The vast accumulation of data is exactly why higher education is such a lucrative target for attacks,” Maloof said, adding that constant monitoring could be the only way for college IT officials to fend off hackers. “Real-time monitoring of sensitive systems and data can spot suspicious behavior, either from inside or outside the organization, while there’s still time to act.”