A good forecast for successful cloud purchases

At this point in time, I would guess that every organization has at least some experience using the cloud.  But often, as IT leaders, we are often either bypassed or an afterthought, when other departments and leaders can purchase and turn up a cloud service, quicker than you can say purchase order.  Yet not having IT involved in cloud decisions can certainly negatively impact an organization.  Cloud purchasers often forget to ask about user and data management, and integration with existing systems.  An adopted  cloud system which does not play well with other systems, which has its own separate user repository, or for which security is an afterthought, can quickly turn into an nightmare for IT or for the adopters who did not know what questions to ask the provider.

Just the other day I was speaking with a small cloud provider, who had pretty good answers for most of my questions, but what was unsaid was the fact that this was the equivalent of a mom and pop cloud provider, which was most likely one car accident away from dissolution of the cloud company.  That could pose a big risk for our organization, especially if this was a critical cloud service.

An IT director in Schertz, Texas, Myles Clauser, recently shared a list of questions to ask cloud providers, before deciding if their service is right for your organization.  This is a pretty tough set of questions and you may be willing to accept a variety of answers, depending on what the particular service is, nonetheless this is a great set of questions to help vet the rapidly expanding list of cloud services:

Questions and considerations for using cloud providers:

1.       Ownership of all data must be spelled out. Many cloud providers specify that using their services means relinquishing ownership of the data.

2.       What format is the data stored in at the host site?

3.       Where is the live data actually stored? Where are the backups stored? (Are all sites within the continental US?)

4.       Is it encrypted – either in transport or in storage. This includes backups.

5.       Is there any possibility for vendor staff to review / copy / duplicate the data (with the exception of routine backups) without our knowledge?

6.       Is the data / information we contemplate storing in the “cloud” subject to any relevant Federal, State or other privacy requirements or agreements already in place? (i.e.: PCI compliance, HPPA, FIPS, CJIS, etc.) If so what documentation can the vendor supply that ensures that their storage and delivery systems comply with those requirements?

7.       Are there any limitations regarding access to the data – i.e.: are we notified in advance of planned downtimes, etc.

8.       Are there any QOS provisions in the agreement – i.e.: the data will be available 24/7, 7 days / week with a guaranteed minimum response time from their system based on agreed-upon criteria.

9.       If we delete data from a system what proof do we get that the data has been removed from backup systems, disaster recovery sites, etc.?

10.   What formats can we use to retrieve any and all data – i.e.: what utilities exist that will allow us to archive data in industry-standard formats for later retrieval by City staff without having to work through or with the vendor’s proprietary format.

11.   Since this is a web-based system can the vendor provide certification that their systems are updated regularly? This includes patches, antivirus systems, backend databases, web interfaces, etc.

12.   How often does the vendor perform security audits on their systems and when was the last one done? Can we see the results?

13.   What is their policy regarding informing us if a data breach occurs? Are they liable to us for any damages, remediation costs, etc.?

14.   If the vendor is contacted by an outside party (i.e.: subpoenas, open records requests, etc.) to provide information contained in one of our documents, how do they respond? If we are required to hold data for litigation purposes do they have a mechanism / system in place to do so or are we on our own?

15.  What provisions have been made to protect our data if the vendor closes its doors or is sold

This blog entry is cross posted with the great folks at SchoolCIO

Tweet

E-Rate: The Sequel?

E-Rate: The Sequel?

While many educators have been enjoying the relative relaxation of summer vacation, there has been a flurry of activity in DC around the federal program known as E-Rate. 

E-Rate has served as a catalyst for school technology growth to power research, communication and online learning, since its inception in 1997.  E-Rate has provided schools with funding for powerful networks, which have become pervasive, and crucial to the functioning of the education process.  School networks are now a crucial utility to schools, much like electricity.  But networks need to change; much like the electrical wiring at schools has needed to be increased from the days where all that was plugged in was a filmstrip projector.  The uses of networks in education are expanding daily and the numbers of devices and users on them is climbing rapidly, with the advent of 1 to 1 and BYOD programs, bolstered by a host of online learning initiatives.

Several groups, such as CoSN (the Consortium for School Networking), have been advocating on schools’ and educators’ behalf and have been pushing the FCC to revisit E-Rate funding, which has been largely static, despite a massive increase in needs.  Just over a month ago, there appeared to be progress, with President Obama’s announcement of the ConnectED initiative.   And just this past week, the FCC voted to overhaul the E-Rate program. 

A true technology leader, Sheryl Abshire, Chief Technology Officer at Calcasieu Parish Public Schools, testified before the FCC saying, “E-Rate needs to move beyond assessing whether a classroom or library has an Internet connection to determining whether that connection’s speed meets the needs of users who seek to access and use the most up-to-date digital content, courses, resources, services and tools.”   We could not have asked for a better advocate on our behalf and it appears the FCC listened.

So now the rest of us need to help out; The next step for all of us is to provide comments on the new proposals as the FCC provides details on the proposed programs, so be sure to keep an eye on the FCC’s site.  

Tweet

The Technology Quick Fix

After the marathon season of conferences and presentations, I have succumbed to an unexpected mid-summer illness.  Maybe this was a random occurrence or my body’s way of letting me know you have been pushing too hard too fast for a while.

All the presentations I have given and the conferences, meetings, and seminars I have attended speak to my need to learn and share with others, as well as the need for those of us in the technology world to try to get some feeling that we are somehow keeping up with the monumental shifts that technology is bringing to education and elsewhere.  I have learned a lot and then again I have learned that there are a host of great tools and technologies out there, and they are getting better every day.  But I have also never been so clearly a believer that, as these technologies improve, they will somehow transform an under-performing school or teacher into the best of their breed. 

The more I see great presentations on new technologies, systems, and devices, the more I worry that these are often bought as a quick fix for low performance, bad leadership, or other struggles that school systems and teachers face.

Yes many of these incredible technologies have great promise – but as school IT leaders we must always be willing to have some tough conversations with those we work with about making sure that these technologies are brought in not as a fix for bad teaching or leadership, but as a way to make great teachers and even better teacher.  This is really that only way that these technologies can really help schools excel in the long term.

Tweet