First, let me say that I have great respect for the work done by the New Media Consortium (NMC) in the Horizon Project. The Horizon Reports produced by NMC fill a very important niche in preparing educators & institutions at the K-12 and Post Secondary levels for new and emergent technologies that will impact teaching & learning. I assigned the K-12 2009 & 2010 reports to my pre-service teachers as required reading in my Educational Technology courses the past few years. I believe that the Horizon Reports provide a critical compass for those interested in technologies that can be leveraged for education–helping with planning, identifying new technologies and tools, highlighting emerging better & best practices with newer technologies.
Which is why I was a bit surprised that in the assessment of cloud computing and cloud tools, the 2011 K-12 Horizon Report seems to have overlooked a key aspect in determining your data/content vulnerabilities in cloud applications: identifying the profit model of the service you are using. “Why is this important?” you might ask. Well, we don’t have to look further than Facebook and Google to see what the ramifications are regarding a cloud service’s profit model. Facebook is, and continues to be, a company deriving profit from exposing user data. The recent wrangling between Facebook and users regarding who had the rights to images uploaded by users–whether Facebook could sell images users uploaded–is a prime example. Though it could be argued that the End User License Agreements (EULA) or Terms of Service (ToS) for services like Facebook would cover these situations, EULAs or ToSs that reserve the right to change the terms without prior notice or any notice can be extremely problematic. Many cloud services who see their profit model in your uploaded content will include terms in EULAs or ToSs that state that any content you upload to the service becomes the property of that service and may be used & repurposed, repackaged, for the company’s own use, resale, & promotions. (This is one reason I’m always particular about the presentation sharing platforms I’ll post my content on–no matter what one conference organizers may support. )Is it surprising then that Facebook has over 140 discrete privacy settings? In contrast, Google’s model is to look at your user habits and sell prime cyber advertising real estate to companies interested in your demographic. Which is more intrusive? With which model is your data more vulnerable?
The report also seemed to gloss over the issues surrounding use of cloud applications when it simply states:
While the many advantages of the cloud are easy todetail, there are cautions as well. Unlike traditional software packages that are installed on a local computer, can be easily backed up, and are available as long as the operating system supports them, cloud-based applications are online services and require a persistent Internet connection. Entrusting work and data to the cloud is a commitment of trust that the service provider will continue to be there, even in the face of the changing market and other conditions. Nonetheless, the economics of cloud computing are increasingly compelling. For many institutions, cloud computing offers a cost-effective solution to the problem of how to provide services, data storage, and computing power to a growing number of Internet users without investing capital in physical machines that need to be maintained and supported. (Horizon Report 2011 K-12 p. 11)
For any teacher, school, district, institution, etc. considering using cloud services and applications, you need to know that you are committing a valuable resource into someone else’s keeping. Here are a couple of decision making tools and frameworks to help you decide if the benefits outweigh the risks. The University of Oxford has a “Checklist for assessing third-party IT services” that is a handy tool to help teachers, schools and school districts assess whether to use a cloud based service or application. The key consideration points are:
|Loss of service||
|Lack of inter-operability||
- loss of credibility
- failure to provide useful services to users
- failure to learn
- about strengths and weakness of such services which will undermine the advisory role
- failure to exploit successful services
- conflict with resource demands for other areas of work
- where costs to run things “in-house” equals funding diverted from other projects, so it must be weighed against costs of the third-party service (UKOLN, 2006, “Risks of Not Using the Services”, Institutional Web Management Workshop 2006: Quality Matters Risk Assessment)
Do I think cloud apps are useful? You bet, but we need to consider what we will be storing with whom, what the profit models of those service providers drives them to do, and what our risks are when using the services.