Blog Archive

Followers

Sunday, July 1, 2012

Get Off of My Cloud



http://edocumentsciences.com
With all due respect to the Rolling Stones, Get Off of my Cloud could easily be an ad pitch for cloud-based security.  With our looming topic as Cloud Based Computing in an educational setting, several questions have arisen about security.  As with all things technology related, I felt it was important to find the most current information possible, rest assured, this information is current within the past two months.

First, let's make sure we're all singing from the same sheet - can you hear Mick Jagger in the background? If so, just hum along.  Let's be sure we envision "The Cloud" in the same general manner. Cloud computing is storing data and accessing application software via the Internet.  As online education is anytime, anywhere learning; cloud computing allows users anytime, anywhere access to their data and the applications to generate and manipulate that data.  As long as a user has access to the Internet, s/he has access to the cloud.

There are three different cloud hosting options:  private, public, and hybrid.  A private cloud provides hosted services to a limited number of specified people behind a firewall.  Generally, users are assigned log ins and passwords to access data.  In a public cloud setting, a vendor makes resources available to the general public free or on a pay-per-usage basis. As the name suggests, a hybrid model combines some in-house resources (private) with public resources.

Now let's tip-toe into the Alphabet Soup of cloud acronyms:

SaaS - Software as a service.  An information- and application-based cloud.  A business-level service over the public Internet.

PaaS - Platform as a service.  Development clouds. Software authoring - within the rules of the host - this is an economical way to develop without a hardware investment.

IaaS - Infrastructure as a service. Information technology made available via remote access.


And now a stroll through security...

The cloud service provider takes on the bulk of the responsibility for security, although the "client" is not free of responsibility.  The provider's job is simple:  within the provided infrastructure, isolate an environment for each client.  Each client should be able to access his data, not the data of any other client.  No one should be able to see the structure, systems, data or any attribute of any other client's environment.

Just because operating systems may run in the cloud does not free the the administrator of the client's network, or the client himself, from keeping up to date with the latest patches, and installing endpoint based antivirus, and firewalls.  Individual users should be reminded to keep confidential data, such as usernames and passwords, safe and secure.  Sensitive data should be encrypted, as always.


5 comments:

Amy said...

I am learning so much from you, Sue! I know sooo little about Cloud Based Computing. Thank you also for addressing our previous questions about cloud security. Besides Google Docs and Live@edu, what other servers or sites provide these storage services?

As always, thank you for sharing your wealth of knowledge!
Amy

Amy said...

One more question...do you currently use the Cloud with your students? If so, how do you integrate it and ensure security?

Sue Parler said...

Amazon is big with cloud computing. Here's a link to a good explanation. The cloud game is big and there are a ton of players. Read the fine print when you look at providers to be sure that you still maintain the rights.

Aside from Google Docs, we do a lot with our online Learning Management System. Our students can store documents there as well. Many of us use Dropbox - cloud-based storage (2GB free).

As we are a 1:1 computing school, our teachers and students always have their data with them, because we have mobile technology. The real cloud storage issue is coming quickly as we move away from removable SATA hard drives and into solid state drives. Right now, if a Tablet PC fails (assuming it is not the hard drive), we swap drives into a working Tablet PC while we repair the malfunctioning one. In so doing, the student is never without his or her data. Solid state drives are not swappable - if that Tablet needs repair, the student loses data until the unit is repaired. This is where cloud-based storage will be his of her saving grace.

EmilyMarshall said...

Thanks for the info on cloud security! I think our class discussion will be interesting and informative! I am looking forward to hearing what everyone else has to say and learning from them. In your research did you read anything about how secure private cloud storage really is? Is the user the biggest point of failure (not installing security patches/keeping passwords confidential/etc)? Or is the information still vulnerable in other ways not controlled by the user?

Sue Parler said...

@Emily

The provider has some responsibility as well. Use Amazon's Cloud Storage as an example. I can store my Amazon-purchased MP3s there and my Kindle purchases there. If I do so, I have access to that data from every device with an Internet connection. All I need to do is enter my username and password.

My job is to keep my personal log-on info secure. Amazon's job is two-fold: guarantee up-time and keep my data for my eyes (and ears) only.

About Me

My Photo
Sue Parler
I'm currently in my 32nd year teaching at DePaul Catholic HS in Wayne, NJ. I teach Game Design, Cryptology, and Spanish -- yes, it's an odd mix -- even I admit it. I am the IT Coordinator at DePaul Catholic as well, which means I manage the network, the student information system, the website, and the 900+ computers in the building. Yep, keeps me busy.
View my complete profile

My Blog List