Cloud Computing?

How many of your students are hanging out with their friends on Facebook and other social networking sites? Are they meeting new people, enjoying themselves and developing useful, new collaborative skills?

Facebook is one example of dynamic new Web 2.0 cloud computing — using software applications supplied by others through the Internet as services. Often referred to as Software as a Service or SaaS, cloud computing reduces capital expenses because the supplier provides the heavy-duty equipment, the software applications and upgrades both of them as necessary.

Incidentally, don’t get hung up on the terms “Web 2.0” and “cloud.” “Web 2.0” refers not to a new version of the Internet but to the software application concept of SaaS.

The term “cloud,” used in this context, is a metaphor for the Internet, a cloud of hundreds of millions of computers all connected together. In schematic drawings describing systems, engineers refer to the Internet by drawing a billowy cloud. That’s where the term came from.

In cloud computing, a browser sends data off into the cloud. It eventually gets to Yahoo or Facebook or one or another SaaS site where hundreds or even thousands of computers share it, save it, slice it, dice it and send some result back to the user.

The point is, don’t overthink the cloud. The term aims to communicate simplicity for users. The cloud does the work. Users simply send instructions.

As a cloud user, you can use a regular desktop computer or an economical slimmed down computer, called a thin client. Thin clients do not have disk drives and need no more software than an up-to-date Web browser. The browser connects to the cloud through the Web. Once up in the cloud, the user selects the software applications he or she wants to use and goes to work. Data stays on disk drives within the cloud. It is a simple and economical approach to computing. It is catching on in the commercial world and in the academic world of colleges and universities.

So far, however, the K-12 world hasn’t signed on — too many risks.

Don’t Get Hacked
School districts can put administrative and business applications up in the cloud, while using cloud applications to foster collaborative learning among students. Because clouds use Web 2.0 technology, the applications offer the same kind of comfortable, collaborative, shared experiences as social networking sites like Facebook.

Then again, maybe you shouldn’t put dynamic Web 2.0 cloud technology to work in the classroom. The security risks can be great, at least for the time being.

“Security is a primary concern with cloud computing,” says Sean Ahrens, CPP, CSC, a project manager with the Security Consulting and Design Services Group at Schirmer Engineering in Chicago. “You offload your data to a vendor and then rely on their security to protect your data.”

While many cloud users believe that vendors do have adequate security, plenty of companies with good IT security have found their most sensitive files hacked and copied. A cloud computing company with clients from all walks of corporate life might make an irresistible target for a cyber criminal. Large cloud computing groups may also be subject to hacker attacks. Not more than a month ago, cloud computing giant Google had to defend against hackers attacking its systems in China.

“If you know the range of IP addresses being used in a cloud system, you can carry out a distributed denial of service (DOS) attack,” Ahrens says. “A distributed attack uses multiple computers to attack one site at the same time. There is no way for the site to respond, and when the Internet Service Provider recognizes the problem, the only alternative is to shut the site down.”

Technical Problems to Consider
Ahrens voices a number of technical concerns about cloud computing as well. For instance, he cautions those considering the cloud to investigate bandwidth allowances for each supported group. 

“If you have 5,000 people from a number of organizations working with apps on the server, there will be a slowdown,” he says.

Ahrens also views the possibility of a cloud infrastructure failure with trepidation. “What if you have stored essential services or data up there and the pipeline you have chosen goes down?” he asks. “If you are relying on a cloud, you will need redundant pipelines to maintain service.

“You also need to satisfy yourself that if there is any data loss, the vendor will be able to draw on back up files to restore any losses.

Law in the Cloud
Add to all of this the requirements of federal, state and local laws. Some federal regulations deal with protecting students from inappropriate material, while others aim to secure protected health information (PHI) and protected personal information (PPI) about individual students, faculty and staff.

Take the federal Children’s Internet Protection Act (CIPA), for instance. Under CIPA, schools receiving discounts through the government’s E-Rate program must certify that they have developed and enforce policies that block or filter pornographic pictures carried on the Internet. The law also requires schools to monitor the online activities of monitors to ensure that they do not access inappropriate materials; that they are safe in using e-mail, chat rooms and other computer communications; that they do not participate in hacking and other unlawful activities; and that the disclosure of personal information about minors is prevented.

Conventional Web operations allow network management applications to filter out requests for unacceptable Websites. Not so the cloud. Data residing on a disk drive up in the cloud might have come from many different sites, some acceptable and some not. Conventional filters won’t filter out pieces of a Website.

To be sure, vendors are developing solutions for these problems. Companies such as San Diego-based Websense and Web Titan of Galway, Ireland, have developed filters tailored to the tough demands of Web 2.0 cloud sites.

Websense, for example, has designed a new kind of firewall, called a security gateway. It will inspect Web 2.0 sites and traffic based on more than 100 protocols. The company claims that its security gateway determines in real time whether a Website contains content that is safe for students. If some of the content poses problems, the gateway can block only that content, allowing other content free passage.

Such tools seem worth investigating. Even so, considering the potential liabilities, Ahrens suggest having such claims checked by qualified third parties.

“I think a school would need to consider all of this when negotiating a contract for cloud services,” Ahrens says. “How will the cloud provider support security requirements mandated by CIPA, PHI and PPI regulations? If you must comply with regulations while operating in the cloud, you may want some third party to audit the cloud’s operations to ensure compliance and to avoid liability problems.”

So before you take off into the cloud, spend some time investigating the cloud — from a vantage point that is down-to-earth.