Higher Ed CIO Challenges 3 – Cloud Computing Services

The third Higher Education CIO challenge focuses on cloud computing services.

These offerings allow higher education CIOs to radically re-think their enterprise architectures.  “In the 2011 CIO agenda, 64% of higher education CIOs expected to move more than 50% of their infrastructures into the cloud before year-end 2015.” (Lowendahl, 2012, p. 1)    As IT budgets continue to come under pressure, there are money and time savings that cloud computing services offer.

Gartner defines Cloud Computing as “a style of computing where scalable and elastic IT-related capabilities are provided as service to customers, using Internet technologies.” (Lowendahl, Harris, & Bonig, 2012, p. 5)

NIST provides an excellent guide to understanding the complexities of Cloud Computing.   They provide three Service Models (National Institute of Standards and Technology, 2011, pp. 2-3):

  • Software as a Service (SAAS) – the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure
  • Platform as a Service (PAAS) – the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider
  • Infrastructure as a Service (IAAS) – the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.

These three service models help frame the CIO’s strategic planning and enterprise architecture when considering cloud computing as an option for delivery of IT services.  NIST also to provides definitions of cloud deployment models (National Institute of Standards and Technology, 2011, p. 3):

  • Private Cloud – the cloud infrastructure is provisioned fore exclusive use by a single organization comprising multiple consumers (e.g. business units).
  • Community Cloud – the cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g. mission, security requirements, policy, and compliance considerations).
  • Public Cloud – the cloud infrastructure is provisioned for open use by the general public.
  • Hybrid Cloud – the cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g. cloud bursting for load balancing between clouds).

The first cloud services in education were application service providers (ASPs) (Wikipedia, 2012) providing computing services to small institutions to run their Learning Management systems.  (Lowendahl, 2012, p. 3)   The Gartner report provides more information about plans to use Cloud Services by higher education CIOs from 2011 to 2012. (Lowendahl, 2012, p. 4)

  • SAAS –  increase of 33% – the majority of this is free email for student services
  • PAAS – increase of 183%
  • IAAS – increase of 167%

There are very significant increased adoption in all three cloud computing service types.  CIOs need to consider this trend as an opportunity to engage in a strategic conversation with their executives and their IT staff.  Formal strategies should be developed to articulate how much of the IT architecture and business architecture will move to cloud services and the impacts on the people in higher education institutions.  CIOs should engage in active vendor management and build up system integration capabilities in their IT organizations.  System integration will be important to link institutionally hosted services with cloud computing services.

There are risks too, especially from privacy and intellectual property rights issues. (Lowendahl, 2012, p. 1)  In Canada, the US Patriot Act and provincial privacy laws are particularly restrictive regarding personal identifiable information (PII) to organizations seeking to leverage cloud based services.   In British Columbia, the legislation is called “Freedom of Information and Protection of Privacy Act” (FIPPA).

“In addition to the requirement for public bodies to protect personal information no matter where it is, FIPPA also requires public bodies to ensure that, subject to three exceptions listed in s. 30.1 of FIPPA, personal information is only stored in and accessed from inside Canada. This presents an issue for public bodies because currently, many companies that offer cloud computing store information outside of Canada.” (Office of the Information & Privacy Commissioner of BC, 2012, p. 3)

The management plan also addresses Risk Management issues for Cloud Services approaches.   Key areas for risk management are:
  • Security – specifically network security and data leakage when storing data outside the internal IT architecture
  • Productivity – potential lost productivity if cloud services become unavailable
  • Legal and Compliance – ensuring compliance to privacy and copyright laws
  • Support and Maintenance Costs – monitoring costs of cloud services is essential especially in a “pay-per-use” model as costs can quickly escalate with increased usage
  • Risks – employees and students may not be able to do their work (in a timely manner) if the cloud service or the network connection to the service fails

All of these risks must be considered and planned for either in the creation of policy and the development of technology/security solutions that leverage Cloud Computing services.

 

Lowendahl, J.-M. (2012, Mar 6). A Quick Look at Cloud Computing in Higher Education, 2012 – Gartner. Stamford, CT, USA.

Lowendahl, J.-M., Harris, M., & Bonig, R. (2012, Feb 23). Agenda for Higher Education, 2012 – Gartner. Stamford, CT, USA.

National Institute of Standards and Technology. (2011, Sep). 800-145 The NIST Definition of Cloud Computing. Retrieved from National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

Office of the Information & Privacy Commissioner of BC. (2012, Feb). Cloud Computing Guidelines for Public Bodies. Retrieved from Office of the Information & Privacy Commissioner of BC: http://www.oipc.bc.ca/pdfs/public/CloudComputingGuidelines(February2012).pdf

Wikipedia. (2012, May 17). Application Service Provider. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Application_service_provider