How Secure Is The Cloud?

Cloud computing has quickly become all encompassing, offering what is often a lower-cost and easier-to-use solution to many common IT problems. But the ever-expansive definition of the ‘Cloud’ is also leaving a gap of understanding when it comes to the best practices for improvement in the areas of security and privacy.

Security and privacy continue to be top-of-mind for many educators, yet there is little awareness of the risks involved in utilising Cloud service offerings – let alone answering the fundamental question of how secure is the cloud?

The key issue arises when you begin defining exactly what Cloud computing is, which is where you quickly realise that it is something completely different to everyone you ask. With so many vendors competing in this area it is a shame that marketing messages have continued to confuse even those with years of experience in the IT industry.

What I would like to present to you here, however, is the broadest meaning of the Cloud so that you can then form your own opinion and apply the best security and privacy principles to whatever technical solution you end up using.

In the most generic sense, ‘Cloud computing’ simply refers to outsourcing computing functions that you would otherwise have to manage, acquire or build yourself. The major benefit is usually that it will be cheaper to pay a subscription or annuity, rather than invest in substantial amounts of hardware or software to get started.

It is also worth noting that the genesis of Cloud computing was in the IT Enterprise sector and has since become somewhat diluted as a term adopted for representing almost anything cool or leading-edge in consumer and mainstream markets.

What this expansion has meant is that there are at least five key mainstream areas of technical functionality where the concept of Cloud computing has been applied.

Cloud storage and file hosting services – this is the ability to store files and data remotely, sometimes just for backup or archive purposes, and sometimes for everyday use where your files are synchronised to your computer or mobile device. Examples include Dropbox and Google Drive.

Web applications – this is one area that is almost taken for granted with so many free examples such as Facebook, Twitter and many others. With the web having become dynamic over the last 15 years, many ‘websites’ are now in fact Web applications – capable of presenting users with the functionality and performance of traditional desktop applications. Other examples include Yammer and Salesforce.

Webmail – similar to web applications, this refers to applications that are specifically designed to handle email, and often the security and privacy requirements are much more stringent because of what they need to protect. Examples include Gmail, Yahoo and Outlook.com.

Web hosting services – traditional web hosting services have existed on the internet since the beginning, allowing you to upload your website remotely and have it available 24/7. Ironically, the term ‘Cloud computing’ was applied to this category after the fact, but nonetheless is considered to be a valid use of the term. Examples include NetRegistry and GoDaddy.

Virtualisation – this is a technology that allows multiple ‘instances’ of an operating system to coexist on a single computer; it results in a much more effective use of computing resources. This technology is being used by schools or businesses that continue to maintain existing infrastructure in-house, and it is also available as a service offered remotely by various providers. Internet-based examples include Amazon EC2 and Microsoft Azure; whereas in-house solutions are represented by vendors such as VMWare or Citrix.

With the immensely heavy workload that most educators endure, I am going to presume that file hosting services such as Dropbox or Google Drive have added the best value and productivity when it comes to sharing or accessing files after hours.

With this most common use in mind, there are two sides to consider when such technologies are used in the education environment – first there is the end-user perspective, and then there is that of the educational institution itself.

Cloud Storage Security Issues For End-users

Cloud storage providers accept almost all of the responsibility for hosting files and ensuring they are available when needed, except for one thing – the security credentials used to access them.

The ubiquitous global access of files stored in the cloud comes at the cost of those files being available to an attacker in any other foreign location as well, so great care must be taken with keeping the credentials (usernames and passwords) secret and well secured at all times.

Reputable cloud providers will offer enhanced security features designed to restrict accounts being accessed by non-account owners. Such features are usually implemented by requiring you to enter an extra security value that could be sent to you via SMS, generated using a secure authentication token device or even displayed on a mobile app. You should activate all such features if available.

The internet is awash with ‘free’ cloud providers, and while on the surface some of them may seem acceptable for business purposes, some of them are not. I cannot stress enough the importance of ensuring that the tools and providers used are fit-for-purpose.

Case in point, in early 2012 the well-known internet file sharing site known as Megaupload was shut down when it was embroiled in a copyright infringement case. As a result, a business known as OhioSportsNet was greatly affected. It was using Megaupload to store its own files and video footage of high-school sports events – all of which was permanently lost.

If you are using ‘free’ cloud file storage, make sure you understand the risks involved, and if the files you intend to store are valuable, then invest the time and effort to ensure you have backups of that data elsewhere.

A lot can be said for the immense benefits that globalisation has provided to consumers economically, and this has been no more evident that on the internet. But you should be aware that in some cases the differences in laws and jurisdictions can present challenges if you are forced to react to an exceptional circumstance if using an internationally-based Cloud provider.

Dealing with an Australian-based company (including international providers that have local operations) tends to be the lower risk option for taking up Cloud-based services. Be wary of foreign and ‘free’ operators and ensure that you do your homework and seek advice.

Summary of tips for end-users:

Keep usernames and passwords secret; as you should already be doing.
Turn on extra features such as login notifications or two-step verifications.
Ensure you understand the value of your data and keep backups accordingly.
Give preference to locally-based providers for better legal protection.

Cloud Storage Security Issues For Educational Institutions

Educational institutions, not unlike businesses, are often faced with the problem of trying to implement stable and reliable IT systems and practices for adoption by employees in a world where consumer technologies and free alternatives are now competing.

It is understandable that time poor teachers are tempted to jump the gun to solve their own IT problems or implement technologies they are familiar with. However, it is important that educational institutions address this problem directly with a mix of dialogue and pragmatism.

The biggest risk is that of compliance with the recently reformed Privacy laws in Australia, especially Privacy Principle No. 8 which refers to “cross-border disclosure of personal information” – in particular, make sure that teachers do not take data storage matters into their own hands without the knowledge of the school.

The easiest risk mitigation for privacy compliance may well exist in the choice to use a locally-based Cloud provider, rather than one overseas – or at the very least to have a detailed understanding of the terms and conditions of Cloud storage suppliers to ensure they can comply.

Furthermore, it is critical that institutions only implement business-grade solutions offered by providers that have matching service level agreements (SLA) and protections against data loss. While ‘free’ or very low cost options may be tempting, the risk calculations never lie: you get what you pay for.

Managing staff accounts and access to a Cloud storage provider is also much simpler when using a service that allows a central administrator to create and remove access as needed – ensuring that staff turnover has little impact on the ability of the institution to effectively retain valuable data over time.

Finally, and as with the precautions needed by end-users, having an independent or third-party service that provides data backup or archiving is critical to insulating the entire institution from a catastrophic loss of data at the hands of a Cloud provider.

In the United States, when Hurricane Sandy hit New York State, some Cloud providers experienced outages lasting up to 23 days, so it is worthwhile ensuring that you have contingencies in place for unexpected natural disasters – do not assume that the Cloud is infallible.

Summary of tips for education institutions:

Enforce a policy to ensure only officially implemented Cloud providers are used.
Review compliance of third-party and international providers with Australian Privacy laws.
Consider using the services of a locally-based Cloud provider for ease of compliance.
Only use business grade offerings, not free or low cost, however tempting they may be.
Manage staff accounts, security and access centrally with your IT administrator.
Always consider a third-party backup or independent backup scenario.

So, how secure is the Cloud? Provided you take the right precautions at securing your access control, compliance and backups, usually a reputable Cloud provider will be able to easily surpass the availability and assurance that you would be able to achieve yourself.

Bio
Latest Posts

Michael McKinnon

Director, Commercial Services at Sense of Security

Michael McKinnon is Director, Commercial Services at Sense of Security. With more than 20 years’ experience in the industry, Michael is passionate about new and emerging technologies and is committed to educating the community on safe online practices. He is renowned for delivering informative and entertaining presentations on internet security, now and into the future, and on keeping children safe online.

Latest posts by Michael McKinnon (see all)

How Secure Is The Cloud? - July 9, 2014
Impact On Schools Of The Latest Threats To IT Security And Technology Trends - May 31, 2014

There are no comments

Add yours

You must be logged in to post a comment.

School website: Top 8 reasons why a school should have a website - Plugaweb on 28 Mar

The Changing Role And Purpose Of The School Website

[…] the new reality in the digital environment has compelled websites for schools to change in form. Mal Lee has identified two types of school

Is your school ready for an LMS? – The Data Design Continuum (DDC) – strideitforward on 17 Sep

Is your school ready for an LMS? – The Course Design Continuum (CDC)

[…] (A list of possible interactive activities is available in a companion article “Is your school ready for an LMS? – The Course Design Continuum

A Strategic Implementation of Contemporary Digital Technologies

BenQ Australia Launches the Next Generation Pro Series Interactive Flat Panel with World’s First Air Ioniser, Eyesafe® Certification and Advanced ClassroomCare

Let’s Get Serious About Remote Teaching

Reflecting on Remote Learning for Personalised Pedagogy

Technology For Inclusion With Diverse Learners

Sphero Ollie

School Stream

Scaling Flipped Learning Part 6: Parent Buy-In

Inside View On Interactive Technologies In The Classroom

NSW schools follow US as they adopt Google

Facebook – The Classroom Of The 21st Century

The Launch Of The WorldSTEM Challenge

Interactive Whiteboards And The Digitisation Of Music Resources

TOP 5 STEM TOYS OF 2017

Triple Loop Learning

Scaling Flipped Learning Part 2: Shifting Pedagogy

AstralVision Kindy Solution

Student Cyber Safety

Can Collaborative Lessons Be Successfully Delivered On-line?

From Test To Competence: Achieve What Matters Most

Personal Learning Environments

Leadership Perspectives On STEM In Australian Primary Schools

What Can Children And Educators Learn From Willy Wonka?

The Best Features Of Australian Education – Part One

Supporting our female STEM leaders of tomorrow

How I Learned To Stop Worrying And Love Educational Technology

Using Green Screens In The Classroom

The Global Rise of Flipped Learning and Why Flipping the Class is The Perfect Answer for Today’s Educational Climate

Document The Learning Journey Through Digital Portfolios

Modern Learning Professional Development

Epson EB-595Wi

Funding Education Technology Research: Tips For Writing Research Grant Proposals

Dustless Chalk To 3D Printing: eLearning In The Classroom – One Perspective (Part 2)

Dustless Chalk To 3D Printing: eLearning In The Classroom – One Perspective (Part 1)

Virtual Reality In The Classroom

Mineclass

Facebook and the e-lephant in the room – Are you still their teacher?

Is An Outdated Education System Failing Students?

5 Ways Any School Can Waste Money (And What to Do About It)

The Top Eight Things To Avoid in School Newsletters

Has The Phone Now Replaced The Laboratory?

How To Protect Your School From The Threat Of Ransomware

Battle 4 Chatz: An Example Of Games-Based Learning In The Classroom

STEAM By Design

Subject Introduction Videos – Is There Evidence To Warrant Them?

The Padagogy Wheel

Impact of ‘A’ in STEAM – Averting a National Crisis

Genius Hour in Your Classroom

Starting An Education Revolution: The Role of Innovation

The Modern Learner: How Learning And Teaching Are Changing

How AI technology is unlocking new opportunities for educators and pathways for learning

New BenQ MOBIUZ 34-inch Ultrawide Curved Gaming Monitor makes e-Gaming More Immersive.

Is your school ready for an LMS? – The Course Design Continuum (CDC)

The 20:20:60 Rule of eLearning Evolution

Is your school ready for an LMS? – The Data Design Continuum (DDC)

Why educational institutions need to monitor their complex infrastructures to provide superior student learning experiences

Let’s Get Serious About Remote Teaching

Why introducing innovative hardware and software rarely works long term in education.

Three ways to deal with the flood of data brought by remote learning

Managing Digital Transformation In Education

Back To School: Rethinking Security In Education

Three Lessons In Network Management For Every School

A Curriculum For A Socially Networked Society

Nepean Community College prepares Australian adults for a digital future with Parallels Desktop for Mac Business Edition

Making Technology Affordable At Mona Vale Public School

Coomera Anglican College Introduces New Interactive Flat Panels

Printlab Teacher’s Guide

That Time I Tried To Read The School Newsletter

How To Make Flipped Learning Easy

PD 14 Performance

PD 14 Touchbar

PD 14 Windows Apps

Parallels Desktop 14 Ink for Mac