For some institutions, data security remains a lingering concern when considering a transition to cloud-based services. Student privacy, in particular, requires careful and secure data handling to meet the requirements of the Family Educational Rights and Privacy Act (FERPA).
Most of this concern centers on cloud-based student information systems. However, experts point out that when institutions support a move to the cloud with the right policies, such a move generally increases security over the most sensitive data.
“We have not found a single higher education-focused app with a data leak,” says Jeff Alderson, principal analyst for enterprise software at Eduventures.
Additional measures that CDW recommends include encrypting transmitted and sensitive data; managing access, authentication and identity for cloud-based applications; requiring password changes every 90 days; certifying the security measures taken by the cloud vendor; and holding annual security training for individuals.
Keep in mind, too, that FERPA applies even when a staff member or instructor is taking advantage of a free trial of a cloud-based service, a practice Alderson refers to as “rogue IT.” Monitoring downloads and conducting regular surveys of faculty and students can help alert IT departments to potential headaches in the realm of privacy. Alderson also recommends that CIOs conduct awareness campaigns, aimed at faculty members, to help them understand the potential risks of putting data in the cloud outside of the enterprise framework.
Institutions that remain concerned about security in the cloud can look for products that carry FedRAMP or Internet 2 NET+ certifications, Alderson says. Both certifications ensure a high standard of security in the cloud and can offer additional peace of mind to universities accustomed to managing their own local data centers.