We previously explored the promise of the cloud for educators, yet there’s a public perception that cloud data is highly vulnerable. At the same time, many industry observers state the cloud is far safer than hardware-based systems. For educators, this issue will loom critical as more data and instruction go virtual. Who’s right?
Changing Cloud Security Concerns
Cloud data concerns are well-founded, as grappling with cloud security is a real issue. According to one survey, 17 percent of cloud data breaches involve higher education assets, second only to the medical industry.
Attacks on the cloud are changing from simple DDoS (distributed denial of service) attacks to much more sophisticated types making them larger and faster. Multiple blazing attacks of 100-400Gbps (gigabits per second) in a single year are no longer uncommon. A decade ago, 8Gbps would have been the top-speed attack at most, so more data is being compromised and offloaded more quickly than ever. Even a single point of failure has been demonstrated to take down cloud access for entire institutions and enterprises.
Connected devices and HTTP (Hypertext Transfer Protocol) are two of the vulnerable new targets of recent cloud attacks. The use of virtualization in higher ed is another new technology that introduces an additional potentially vulnerable layer to cloud communication.
Because of this, both industry and higher education are indeed worried. In a LinkedIn survey, 90 percent of industry respondents indicated moderate to severe concerns about cloud security. In response to the same survey, 10 percent felt completely unprepared for cloud security attacks.
Putting Security Concerns in Perspective
On the other hand, the cloud is likely far safer than perceived. Michael Hites, chief information officer for the University of Illinois system, one of the nation’s largest public university systems, notes that the cloud breaches are still less likely than credit card hacks, phishing emails, or malware attacks.
“Higher education has battled network and data security for decades and will continue to balance open access with the protection of assets and also privacy with security,” Hites says.
Both Google and Microsoft’s security directors have publicly stated that the cloud, monitored correctly, is now safe enough for their own corporate use.
Best Practices for Cloud Use in Education
Implementing best practices can minimize the risks of leveraging cloud technology in K-12 and higher education. A good place to start may be with large cloud vendors, as they maintain stronger levels of security than smaller providers. Regardless, transparency and full control with vendors is important, and strong encryption must be put in place. Contracted cloud providers should certify redundancy, secure backup, and secure comprehensive archiving.
Token and other authentication must be utilized to strengthen security at login and to verify identity. Carefully parceled user access via local security consoles is another good practice. Where possible, institutions should deprecate and forbid the use of URL shorteners, which are demonstrably more vulnerable to HTTP-type attacks on cloud data.
Hybrid IT can be another useful practice. This can include customization through a vendor’s hardware and software support architecture. The local institution may choose to modify the system and control all security features, user access, and more. In addition, certain sensitive data, such as personally identifiable information (PII), may warrant securing these data on premises while hosting other less sensitive data in the cloud.
To handle such situations, Lenovo Software’s Unified Workspace Platform provides a web-based network that allows for access to files, applications, and reports from any device. Lenovo software simplifies IT infrastructure by enabling the user to create a private access data center, public cloud, and local device resources through a common customizable browser interface.
Takeaway: As higher ed and K-12 districts increasingly move material and student data onto the cloud, security will be paramount. Cloud security is much safer than is publicly perceived, but it’s still vulnerable, and there are specific steps IT administrators can and should take to ensure robust security.
1. “The Promise of the Cloud for Educators” Lenovo Education. December 28, 2015.
2. “Higher Education Planning for the Cloud, in the Cloud, and of the Cloud” The Evolllution. November 9, 2015.
3. “Is Scalable Cloud Computing Ready for Higher Education?” Microsoft. 2016.
4. “Considerations When Creating a Secure Cloud Environment” The WHIR. April 1, 2016.
5. “Five Security Best Practices for Cloud and Virtualization Platforms” Data Center Knowledge. November 9, 2015.
6. “Guess What? URL Shorteners Short-Circuit Cloud Security” Ars Technica. April 14, 2016.
7. “LinkedIn Cloud Survey Highlights Users’ Security Fears” Computer Business Review. March 10, 2015.
8. “Google, Microsoft Agree: Cloud is Now Safe Enough to Use” CNET. February 26, 2014.
9. “The Cloud in Higher Education: Balancing the Benefits, Challenges and Risks” The Evolllution. November 10, 2015.