Cloud Apps: What Horizon 2011 Missed

 First, let me say that I have great respect for the work done by the New Media Consortium (NMC) in the Horizon Project. The Horizon Reports produced by NMC fill a very important niche in preparing educators & institutions at the K-12 and Post Secondary levels for new and emergent technologies that will impact teaching & learning. I assigned the K-12 2009 & 2010 reports to my pre-service teachers as required reading in my Educational Technology courses the past few years. I believe that the Horizon Reports provide a critical compass for those interested in technologies that can be leveraged for education–helping with planning, identifying new technologies and tools, highlighting emerging better & best practices with newer technologies.

Which is why I was a bit surprised that in the assessment of cloud computing and cloud tools, the 2011 K-12 Horizon Report seems to have overlooked a key aspect in determining your data/content vulnerabilities in cloud applications: identifying the profit model of the service you are using. “Why is this important?” you might ask. Well, we don’t have to look further than Facebook and Google to see what the ramifications are regarding a cloud service’s profit model. Facebook is, and continues to be, a company deriving profit from exposing user data. The recent wrangling between Facebook and users regarding who had the rights to images uploaded by users–whether Facebook could sell images users uploaded–is a prime example. Though it could be argued that the End User License Agreements (EULA)  or Terms of Service (ToS) for services like Facebook would cover these situations, EULAs or ToSs that reserve the right to change the terms without prior notice or any notice can be extremely problematic. Many cloud services who see their profit model in your uploaded content will include terms in EULAs or ToSs that state that any content you upload to the service becomes the property of that service and may be used & repurposed, repackaged, for the company’s own use, resale, & promotions. (This is one reason I’m always particular about the presentation sharing platforms I’ll post my content on–no matter what one conference organizers may support. )Is it surprising then that Facebook has over 140 discrete privacy settings? In contrast, Google’s model is to look at your user habits and sell prime cyber advertising real estate to companies interested in your demographic. Which is more intrusive? With which model is your data more vulnerable?

The report also seemed to gloss over the issues surrounding use of cloud applications when it simply states:

While the many advantages of the cloud are easy todetail, there are cautions as well. Unlike traditional software packages that are installed on a local computer, can be easily backed up, and are available as long as the operating system supports them, cloud-based applications are online services and require a persistent Internet connection. Entrusting work and data to the cloud is a commitment of trust that the service provider will continue to be there, even in the face of the changing market and other conditions. Nonetheless, the economics of cloud computing are increasingly compelling. For many institutions, cloud computing offers a cost-effective solution to the problem of how to provide services, data storage, and computing power to a growing number of Internet users without investing capital in physical machines that need to be maintained and supported. (Horizon Report 2011 K-12 p. 11)

For any teacher, school, district, institution, etc. considering using cloud services and applications, you need to know that you are committing a valuable resource into someone else’s keeping. Here are a couple of decision making tools and frameworks to help you decide if the benefits outweigh the risks. The University of Oxford has a “Checklist for assessing third-party IT services” that is a handy tool to help teachers, schools and school districts assess whether to use a cloud based service or application. The key consideration points are:

•Availability and reliability
•Continuity of service
•Support issues
•Migration issues
•Domino effects
•Duplication effects
•Strategic and legal considerations
•Rights issues
•Privacy and confidentiality
•Cost implications
For those of us working in Canadian institutions, privacy & confidentiality considerations are mandated under the provincial Freedom of Information and Protection of Privacy  (FOIPOP) acts–especially when the data/content we are dealing with involves minor children. There are far too many K-12 teachers meerily using Google Apps in the cloud with students who have no permission forms from students’ parents or guardians. All I can say to that is, “Yikes!” [Note: there are versions of Google Apps and other “cloud” apps that can be run in a smaller cloud–i.e. from a school district server–where FOI POP concerns are minimized.]
Another very helpful document for making this type of decision is, the UK Office of Library & Information Networking’s “Risk Management for Use of Third Party Web 2.0 Services “:
Risk Assessment Management
Loss of service
  • Implications if service becomes unavailable.
  • Likelihood of service unavailability.
  • Non-mission critical use.
  • Have alternatives available.
  • Use trusted services.
  • Investigate services.
Data loss
  • Likelihood of data loss.
  • Lack of export capabilities.
  • Evaluation of service.
  • Non-critical use.
  • Testing of export.
Performance problems
  • Slow performance.
  • Unreliability of service.
  • Testing.
  • Non-critical use.
Lack of inter-operability
  • Likelihood of application lock-in.
  • Loss of integration & reuse of data.
  • Evaluation of integration and export capabilities.
Format changes
  • New formats may not be stable.
  • Plan for migration or use on a small-scale.
User issues
  • Gain feedback.
 Moreover, the UKOLN suggests that we also need to look at the risks of NOT using a particular service.  They suggests we consider:

Do I think cloud apps are useful? You bet, but we need to consider what we will be storing with whom, what the profit models of those service providers drives them to do, and what our risks are when using the services.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: