Monday, 28 November 2016

“Closed Cloud” in Independent Schools


In my last article, I talked about cloud computing in independent schools, the differences between public cloud and private cloud, and some of the concerns independent schools had about data protection in relation to public cloud solutions.

Due to these concerns, I am seeing increasing numbers of schools looking to adopt private cloud or indeed "closed cloud" solutions where all data remains in school. So today I thought it would be useful to elaborate on "closed cloud": how it works, what benefits it offers independent schools and how it compares with other types of cloud technology.

Closed cloud uses the same technologies that public and private cloud providers use, but the vital difference is that rather than being hosted at a cloud provider's data centre somewhere in the world, the whole system is physically located in school.

As with private cloud, this necessitates dedicated hardware and thus is more expensive than public cloud. However it has the benefit over both public and private cloud of providing complete assurance around data protection, since all data remains in school at all times. There is also much less reliance on a third party, as although a provider will typically be running and maintaining the system on the school’s behalf, they are not actually hosting the data and therefore should there be a falling out, or indeed a firm ceases trading, there is no vulnerability to the school in terms of their data.

In terms of functionality, a closed cloud solution offered similar benefits to private cloud, including:

  • The ability to securely access all the school’s systems from any location, whether that be from different classrooms within the school, from home or elsewhere, with a uniform desktop being presented wherever you sign-on.
  • The ability to use any device, (desktop, laptop or tablet) to access the system. This can facilitate safe and effective use of "bring your own device" (BYOD), since the device is effectively just providing a "window" into the cloud system – there is no data held on it. It also means should a PC fail, it is simply a question of plugging in a replacement, with no software or data to worry about installing.
  • The ability to quickly and easily install security updates and new software releases, since in this scenario they only need to be deployed to the "master" desktop image(s) on the closed cloud server, rather than needing deployment to every computer on the network.
  • The ability to secure the desktop environment and avoid the introduction of unauthorised software, viruses, spyware and other malware.

So how do the economics of closed cloud stack up?

By the nature of it, closed cloud will necessarily be more expensive than public or private cloud, but interestingly it is still significantly cheaper than a traditional in-house school network.

Why is that? Well there are significantly reduced PC hardware costs since in this arrangement the specification of the end user device is not important as all processing is happening at the server side. This increases the lifespan of PC devices, or allows for low-cost alternatives such as thin clients or BYOD. Additionally there is a significant and ongoing ICT cost saving in the support, management and maintenance of the network.

I have put together cost comparisons for several schools on a traditional in-house IT infrastructure versus a closed cloud solution, and it has been really interesting to understand how the existing ICT budget can be redeployed to provide a solution with far more functionality, that also yields a significant and ongoing ICT cost saving. Not normally two things that go hand-in-hand when it comes to ICT!

I don't want to bore everyone here with lots of facts and figures, but if any bursar or headteacher would like to see some cost comparisons, drop me an email and I will gladly send you over some indicative figures.

I hope this article and my previous one have given you a flavour of what public, private and closed cloud solutions can offer for independent schools. If you have questions, or want to explore cloud solutions for independent schools in greater depth, please do not hesitate to contact me on 0330 002 0045 or email schools@entrustit.co.uk

Monday, 14 November 2016

Cloud Computing in Independent Schools



It's true, the network does seem to get the blame for many things!

But if technology providers are to be believed, all our woes will soon be over, thanks to the advent of the “Cloud”.

This is a subject I get asked about a lot when I visit schools, so I wanted to put pen to paper to try and clarify what it's all about, as I know there is a great deal of confusion.

Cloud computing is a huge subject, but at its simplest it delivers software & data to any internet connected device; from datacentres owned by a service provider. Data will be synchronised across all devices that a user may use to connect and changes are immediately applied giving a “fully mobile” experience. Assuming you have the right level of internet connectivity, the experience will be almost indistinguishable from a traditional system – and of course it matters not if you lose or break the device because there’s nothing really stored on it that cannot be accessed from somewhere else.

Before I get bombarded by emails from the true experts among you, I realise this is a gross simplification. However I think it summarises nicely the key aspects of a cloud environment for an independent school.

The benefits of this kind of arrangement include:

• Systems can generally be accessed from anywhere, using any device. This facilitates remote working, easy sharing of data and Bring Your Own Device (BYOD).

• The hardware, software and security of the cloud system is maintained and managed by the service provider, removing a huge burden of work, worry and cost from the school.

• Remote storage of the data makes disaster recovery and resilience much simpler to achieve. Backup almost ceases to matter – although you have to be careful of the geography of your cloud partner (on which, more later).

• Such systems tend to be licensed on a "per user, per month" basis, thereby removing large CapEx spends on replacement server equipment and making costly disk and SAN upgrades a thing of the past.

There are however a number of different types of cloud and it is very important that schools understand the differences between them and the benefits and risks associated with each before making any decision to migrate to the cloud.

Public Cloud

With public cloud, the provider stores data in a network of computers, which potentially may be located anywhere in the world, with server use and storage pooled among clients. This model reaps huge economies of scale for the providers, and as such they are able to offer comparatively low monthly subscription costs. Well-known examples of public cloud would include Microsoft Office 365 and Google Apps for Education (GAFE).

Private Cloud

With the private cloud model, the same benefits are delivered as with public cloud, but on a "private" basis, with separate resources being dedicated to each client at the cloud provider’s data centre. This provides greater security and control over data, including assurances over exactly where the data is held. Being a more individual service, private cloud can also offer a much more tailored experience for schools, encompassing not just data storage and the common Microsoft applications, but a full desktop of all their education software. However, as this model does not allow providers to leverage the economies of scale in the same way as public cloud, it is necessarily more expensive.

Due Diligence and Data Protection

It is important to realise with any cloud implementation that, although you are transferring control of your data to a third party, you still remain legally responsible for protecting that data. As such it is vital to carry out due diligence to ensure you are happy with the level of security, availability and legal compliance the provider offers. This should include looking at their Service Level Agreements around availability, compliance with security standards such as ISO27001, and examining their T’s &C’s to ensure you are clear where your data is going to be held (including not just “live” data but also copies for backup and disaster recovery).

On this latter point, the data protection act requires that personal data may not be transferred out of the EEA unless the territory to which it is sent ensures an adequate level of protection. Given the US dominance of public cloud provision, it is transfers to and from the US that are most likely to affect a UK customer.

Last October the EU-US Safe Harbour agreement that enabled data transfers between the EU and the US to comply with Data Protection laws was overturned. Its successor (the EU-US Privacy Shield) only came into effect in July and is already being contested in courts in Ireland and France. To keep European business flowing the large public providers (Microsoft Azure, Google, Amazon) have attempted to embed EU data protection laws in their contracts for EU citizens. However, if we learned one thing from Snowden, it is that the US Government considers all data processed by a US business to be “fair game” – wherever the ultimate user may be from. So even if the cloud provider is well intentioned toward protecting its EU client base; there is no guarantee that the US courts or government will agree.

What does this all mean for an independent school?

Caution should remain in place when using public cloud services. There are some excellent applications available for education and you should take full advantage, however, try and resist public cloud based messaging solutions (email etc) unless they guarantee EU only data processing & be careful about what data you share using public cloud tools. At the end of the day, school data will always remain the responsibility of the school, and therefore it is for the school to assess safeguarding risks.

Cloud technologies can be a fantastic tool to embed ICT into school life, however, many schools remain sufficiently concerned over data geography to adopt private cloud solutions, or indeed “closed cloud” solutions where all data remains in school. The latter is a topic in its own right which I shall be exploring in a future article.

In the meantime, should any Bursar like my advice on data storage solutions that will leave their school fully compliant in this regard, or indeed any other ICT related issue, please do not hesitate to contact me on 0330 002 0045 or email schools@entrustit.co.uk