Category Archives: cloud

School Technology Strategy Part 2: Cloud

In my previous post of this series I looked at the first and most important part of technology provision in schools: access. Without access, none of the potential learning associated with technology will take place. My conclusion was that although not all technology is or can be mobile, when constructing their technology strategy, school leaders should assume personally owned, mobile technology is the answer unless it clearly isn’t. They should assume this because the data demonstrates that mobile technology adoption is rapidly increasing because it offers a consistent, personal experience and availability at the point of need. Ask any mobile ‘phone owner. This leads to high utilisation and more opportunities for learning. These are important attributes in successfully embedding technology within new pedagogies and curricula as well as for extending learning beyond the school into informal and social environments.

The second part of my blog on school technology strategy is the ‘doing’ or ‘action’ part. This means schools’ core mission. This could be something like: “To provide the opportunity for all students to learn and strive for excellence.” [taken from Washington Elementary School’s web site]. The emphasis here is on learning, not technology. Technology is simply a tool and/or the subject of learning. For the purposes of this blog post, I will not explore technology as a subject, but rather I will focus on it as a tool. In this context, technology might:

  1. Qualitatively enrich or enhance learning and/or teaching
  2. Improve efficiency thereby releasing more time for learning and/or teaching

In developing a technology strategy for schools, school leaders must explore a range of options in both these categories in order to decide how they invest their budget. This means addressing two challenges:

  1. Prioritise investment of the technology budget to optimise learning
  2. Achieve best value through procurement efficiency and technical effectiveness

These two very simple steps hide a great deal of complexity but in separating them out, we begin to see where school leaders should lead and where they should follow. That is to say, school leaders are expected to have an opinion about how they wish to prioritise their resources to optimise learning outcomes in their organisations. That’s their job. It’s not (necessarily) their job to work out how technology can or will do this and then to procure and implement appropriate solutions. That’s probably best left to educational technology experts. There is a twofold and thorny problem here which may be characterised as “the blind leading the blind” or “the one eyed man is king in the land of the blind.” One face of the problem is school leaders who were not raised as digital natives and for whom technology is at best opaque and at worst an issue rather than an opportunity. The other face of the problem is that the so called ‘experts’ who tend to be either well meaning amateurs or individuals with vested interests. This is an unholy alliance in which neither party has much of an incentive to challenge the other.

So to whom should school leaders be listening when it comes to translating their organisational learning aspirations into learning outcomes through technology? Out of 28,000 teachers who qualified in 2010, just three individuals had a computer-related degree. Teachers are experts in learning and teaching, not technology strategy. Network Managers and ICT Technicians have a very clear vested interest in maintaining or expanding their roles rather than seeking out the most effective technology solutions. If it’s not them, then perhaps it’s a trusted partner organisation or a technically minded Governor. In my experience of the former, companies will sell what they have and a lack of competition leads to complacency. With regard to the latter, it’s rare to find Governors who understand and are sympathetic to technology in the context of education as their experience is usually derived from the corporate space. I’m not trying to discredit the positive motivation of any of these individuals. I know their hearts are generally in the right place. Nevertheless, in an average secondary school an annual technology budget is in excess of a quarter of a million pounds and good value means more learning. It is not something to treat lightly.

So my contention is that there’s very often a gaping hole where one would hope and expect to see an experienced education technology strategist without a vested interest. Bectatried to fill this space for schools in the UK and certainly they provided much needed advice, guidance and some procurement efficiency whilst they existed. However, they also fell into the trap of technology for technology’s sake. For example, some of their procurement frameworks for school products and services were so detailed that they drove unnecessary product and service complexity in the market. Complex products don’t get used unless they add real value. This is exactly the situation for many MLE and VLE products which languish in schools, receiving minimal usage and simply ticking the ICT box. Steve Jobs understood this well. Technology is only good if it’s used. Of course Local Authorities and other organisations such as NAACE and BESA have tried to plug the hole in various ways and there’s no doubt they do good work. The issue I see is that their impact is inconsistent because many schools are islands and, as such, they are isolated.

This sounds like it’s become a pitch for employing an educational technology strategist however that’s not the point of this post. I’m attempting to paint a generalised picture of schools’ ICT in the UK as over-complex, significantly behind the curve in terms of technology innovation and woefully inauthentic in terms of the experience it provides of the 21st Century digital world we’re trying to prepare our young people to thrive in. I’m suggesting that there should be less ‘complex and expensive’ technology and more ‘simple, fast and exciting’ technology. Schools cannot afford to do everything.

I have already blogged about leading technology and the cloud technology paradigm in education. Both these posts are broadly built around the concept of the 80/20 rule. That is, 80% of the results of any endeavour take 20% of the time and 20% of the cost. The majority of time and money is spent in trying to achieve the last 20%. In practice, most schools and users are utilising their software and hardware at substantially less than 80% by any measure. This means a high level of investment and a low level of utilisation; the worst possible solution.

The reason that the cloud paradigm is rapidly gaining traction in businesses is that businesses are very sensitive to utilisation and efficiency as these directly impact their profitability. The same argument should apply in schools. By increasing utilisation and aiming to deliver solutions that don’t deliver in excess of 80% of requirements, schools will dramatically increase the value they deliver. I worked with a very large number of schools during the UK’s Building Schools for the Future (BSF) programme and one regrettable feature of the project was the waste of money that arose from attempting to reinvent 100% personalised solutions for every project. Schools tend to believe they are all different from each other. In my experience they are 20% different and 80% the same. Recognising this fact drives a different approach to the provision of technology. I respect and enjoy the vocational passion of educators but I do not think that this passion necessarily helps them to make wise investment decisions.

If one aims to meet 80% of a school’s technology requirements for 80% of the time, the optimal technology paradigm will almost certainly shift from the traditional on-premise, client/server model to an out-sourced, centrally hosted (or cloud) model. To date, the evidence seems to support the principle that cloud technology delivers more for less in schools by reducing the on-premise investment in technology (both hardware and people). The rapid advancement in web technology is such that even a pure web model may deliver 80% of a school’s technology requirements without considering other cloud technologies such as thin client and virtualisation. However a Web 2.0 model is almost certainly going to be a more authentic experience for most young people and it is in this sense that cloud technology delivers more for less.

The benefits of moving to a predominantly cloud technology paradigm are outlined below and summarised in the diagram:

  • Less day to day management
  • Less local infrastructure, resources and energy required
  • Quick and easy to deploy, update and scale
  • Available on many devices and operating systems
  • Available any time, anywhere
  • Consistent experience from any learning location
  • Stronger links between home and school
  • More budget for content, analytics and training

There will of course still be a requirement for investment in on-premise, school technology but only for the delivery of specialist requirements such as CAD or high-end video editing. As with my blog post on mobile, the message for school leaders developing their technology strategy is not: “Everything in the cloud”. It is: “Think cloud first.” The actual answer is almost certainly a hybrid solution but a hybrid that favours a significant proportion of delivery via cloud technology.

Personal Data Protection in the Cloud

A few weeks ago I was contacted by a student asking me to complete a questionnaire on cloud security issues as part of a dissertation for her degree. At the time I thought I should probably post my answers here but I was overtaken by events (or in plain speak, I plain forgot).

However, I was reminded this morning by an article published yesterday on the very same topic. The article is built around a joint statement issued by European Commission Vice-President Viviane Reding and US Secretary of Commerce John Bryson on the 19th March. The statement frames a high level conference on Privacy and Protection of Personal Data, held simultaneously in Washington and Brussels and, in their words, “represents an important opportunity to deepen our transatlantic dialogue on commercial data privacy issues.” This is an excerpt from the statement:

“The European Union is following new privacy developments in the United States closely. Both parties are committed to working together and with other international partners to create mutual recognition frameworks that protect privacy. Both parties consider that standards in the area of personal data protection should facilitate the free flow of information, goods and services across borders. Both parties recognize that while regulatory regimes may differ between the U.S. and Europe, the common principles at the heart of both systems, now re-affirmed by the developments in the U.S., provide a basis for advancing their dialog to resolve shared privacy challenges. This mutual interest shows there is added value for the enhanced E.U.-U.S. dialogue launched with today’s data protection conference.”

The thrust of the student’s questioning was that the uptake of cloud technology was being slowed by businesses’ concerns about data security and privacy. I’m not so sure that’s at the heart of the issue as you can probably tell from my answers:

Question: Despite its promises very few businesses have actually moved their operations to the Cloud. Why has the real application of Cloud computing not yet reached momentum among businesses?

Answer: I think the premise of the question is wrong, i.e. that very few businesses have moved operations to the cloud. To explain what I mean, we need to agree terms first. Cloud just means stuff hosted off premises. Web is cloud. Virtualisation is cloud. Streaming is cloud. If cloud means stuff hosted off premises, then a critical limiting factor is the pipe between the client and the host. Even with diversely routed connectivity, this is a business risk in terms of resilience and performance. Business risks need to be balanced against costs and benefits. The second issue for cloud services is that it is more difficult to integrate disparate systems – potentially from different vendors – to meet business specific requirements. There are not yet standards that facilitate this type of integration between cloud vendors (although discussions are in progress). The combination of issues I describe means that cloud services are not suitable for all business functions, business types and business sizes. For example, some businesses may be willing to sacrifice performance and resilience to achieve lower price or greater agility. A business whose main channel is the Web may already have the internal processes and culture to embrace more cloud services. When I said the premise of the question was wrong, I meant that I think most companies do take cloud services, albeit in a limited way. It’s true that most businesses haven’t embraced cloud for the full scope of their technology requirement but I’m not sure this is possible for most businesses given the present limitations of the technology. So really what we’re talking about is a hybrid scenario with a progressive shift to cloud services as bandwidth costs reduce, standards for integration emerge and the business case, taking account of the risks, gradually shifts in favour of cloud. This is part of the picture. There are also cultural and practical issues in terms of change management. On premises IT departments have traditionally kept a tight control over their networks and data. Releasing control is difficult for them. It’s only when competition becomes extreme that the old paradigms become unsettled and eventually unseated. I’ve deliberately left the wider data security issue out of this response because there are lots more questions about it later!

Question: A study by LSE has revealed that the top two issues on the way to adopting the Cloud are fears of data security and privacy and -data being offshored. In your opinion have these two issues been the main concern for your users/clients?

Answer: I have some sympathy with this view although when issues are complex, respondents often migrate to shrink-wrapped answers. My view is that the issues of data security and privacy are the go-to issues for cloud ditherers. They’re a form of displacement behaviour. In my experience, it’s rare that data security and privacy are truly critical factors in the decision to use (or not) a cloud service. They are of course critically important issues, but as a technology, ‘cloud’ usually has reasonable answers, at least relative to the security and privacy challenges that already exist due to human and system frailty. My experience is that the objection regarding data security and privacy is often the first provided objection but that a little digging usually reveals a more complex set of concerns, some technical, some practical and some cultural.

Question: Steve Ballmer, CEO of Microsoft believes that security is a personal responsibility of everyone in the chain (– employees, managers, end users). How important is human factor in ensuring security on all levels? 

Answer: Steve Ballmer’s comment highlights the absurdity of the data protection and privacy issue in the context of most businesses. That is to say, people are most commonly the weakest link in the security chain, closely followed by the systems and processes they devise. For example, in schools across the land you’ll still find passwords and user names written on post-it notes attached to the monitors of administrators with access to sensitive data about pupils. In the next breath, they will resist a cloud technology solution because they’re not sure where the data is located. There’s a significant lack of perspective about the relative significance of the human factor in most security breaches.

Question: Do you believe security is a two way responsibility for both users and providers?

Answer: In order to create a secure technology chain, people, processes and technology need to work together in a seamless way. This means reciprocal responsibilities between users and providers.

Question: Cloud providers are increasingly trying to convince users that because of their heavy investments in hardware, software and staff, security in the Cloud may be better? Would you say that security on average is better in the Cloud comparing to the in-house security?

Answer: For small and medium sized businesses in particular I’d say that this is true as long as you believe the cloud provider have robust and resilient systems themselves. The reality of most SMEs is that pressure to compete and grow creates budgetary pressure and that privacy and security are easy victims of this pressure. We still see many businesses which do not store and control data effectively and where staff are inadequately trained in the security systems. Aggregating demand through cloud removes part of this problem from the premises and frees up resources to focus on the ‘edge’ issues, i.e. people (and their systems).

Question: What legislation are you currently guided by in the Cloud industry? Do you believe it is sufficient enough for users’ security?

Answer: The UK’s Data Protection Act 1998, the US Patriot Act and the European Union’s Data Privacy Directive all have something to say on this issue. In truth they’re all out of date in the context of cloud and there are various reviews of the legislation happening at present in order to stimulate the cloud industry. One of the issues is at what point permission is required from the data subject. At the moment, the legal view is that the data subject may need to provide permission even if a non-EU company stores data temporarily on an EU device, e.g. through a cookie as part of a social networking service. Moving personal data outside the EU therefore presents potential issues. Currently some cloud companies have circumvented this problem by basing data centres in the EU, e.g. Microsoft. Others have resisted making absolute statements about data location (such as Google) because their data is so widely replicated (data sharding) around their system for the very purposes of resilience, redundancy and security. So the legal landscape is somewhat at odds with the technical landscape.

Question: Some scholars have suggested we create an auditing board/authority to monitor activities of the providers. Do you think it is a good idea?

Answer: Issues of data security and privacy are very important issues. It may not seem so until something goes wrong and you are directly affected. Luckily most of us never experience the effects of a meaningful breach of our personal data. We may be irritated by it, for example if our credit card information is hijacked. However, there is a system of restitution in place and so it’s usually an irritation rather than a catastrophe. However identity theft (as another example) is potentially a very significant issue and one that is growing. So, in order to build confidence in the cloud, there inevitably needs to be some regulation and control. In the same way as integration standards between cloud providers will enhance take-up of cloud technologies, so regulation and legal harmonisation will enhance confidence and take-up.

Question: What are your predictions for Cloud computing security in the future?

Answer: As I said earlier, I think the shift to cloud is underway for most businesses. Whether it is as simple as web-based email or a web store front, or as complex as an entire company built on cloud computing, businesses are on the journey. To paraphrase Anais Nin, cloud adoption progresses when the risk it takes to remain tight in the bud is more painful than the risk it takes to blossom. Cloud leverages scale to deliver more for less. If it really does this well, then the business ecosystem will naturally select it. In my view, security and privacy are real issues that need to be tackled. The cloud providers are the guardians of valuable personal assets: our personal data. They are the data ‘banks’. Data is a valuable asset and therefore as vulnerable to abuse as the banking and financial systems. I would argue therefore that we need consistent and robust regulation and legislation in order to protect our interests. It is clear from the banking crisis that the trust and best intentions rarely work out well for the individual. My prediction would be that ‘big data’ and the ‘cloud’ will be a very important trend over the coming decades and that a robust legal and regulatory framework will emerge, along with standards for multi-vendor cloud integration.

So that’s my take. What would your answers have been?

2012 and beyond (part 4)

Here we go again with my edu-speak interpretation of the next  flock of predictions from Techmarketview. Flock? What is the collective noun for predictions? I checked here but it’s not yet listed although I did like “an annoyance of mobile phones.” Perhaps I could propose “an inaccuracy of predictions.” Anyway, I digress. This time Phil Codling picks out the headlines for the UK infrastructure services market. My comments in blue…1. Cloud-based infrastructure services will grow at double digit rates – But where cloud is replacing an existing service, it’s a more-for-less substitution that is shrinking the overall market. 2012 is another year of clients putting costs first.

Cloud is a paradigm shift in technology that represents a partial displacement of existing spend. The effect of cloud is to improve utilisation and efficiency while driving down management overheads. Sometimes though, on-premise is the right answer. Optimising the blend of off and on-premise infrastructure will be the evolutionary trend of 2012 and beyond. A consequence of moving off-premise is an increasing requirement for high quality bandwidth. Taken in the round, we may be seeing a redistribution of budget spend rather than an absolute decrease in 2012 but as scale bites, the overall cost-base should be driven down leading to lower prices. What is clear is that the economic climate is helping to drive the speed of transition to cloud services in business and this trend is beginning to emerge in the education sector too. Technology delivery in education, particularly in K12 is often highly inefficient with inadequate local technical support. Cloud infrastructure and services offer schools a real chance to shift their focus away from managing technology to managing learning while at the same time reducing IT budget, if not immediately, then certainly over time. Bring it on!

2. Public cloud won’t make it to the mainstream – Private cloud remains the preferred option in 2012. Small businesses and niche/non-critical applications provide the exceptions to this rule.

A public cloud is one in which a service provider makes resources such as storage and applications, available to the general public over the Internet. The term ‘public cloud’ arose to differentiate between this standard model and the private cloud, which is a proprietary network or data centre that uses cloud computing technologies, such as virtualisation. A private cloud is managed by the organisation it serves. A blended model, the hybrid cloud, is a combination of cloud services managed by both internal and external providers. In fact it is this latter category that will, I think, emerge as relevant to education in 2012 and beyond. Scale is all important here and clearly it is SMEs and education-equivalent organisations that benefit from public clouds because private isn’t really an option. However, larger educational aggregations such as the Regional Broadband Consortia (for example SWGfL) do provide the scale for private clouds. Thus education organisations will probably find themselves in a blended environment.

3. Bring Your Own Technology becomes a market opportunity – Forward-thinking players will seize the chance to help CIOs turn BYOT [Bring Your Own Technology] into a positive for their organisation. Meanwhile the technology in question will include a major new entrant, as Amazon “Fires up” competition in the tablet space.

I’ve already blogged on BYOT and I make no secret of the fact that I believe education is ripe for this trend. The benefits of personally owned tech, for the organisation and the individual, are numerous and profound. Addressing the issue of equal access in education is the challenge. The mention of the Amazon Fire tablet does however give me an opportunity to evangelise about a parallel trend that I think is just around the corner: eTextbooks. Having a 14 year old daughter as I do, I know how many textbooks she lugs around the place. Not only that, but her teenage brain is adept at forgetting most things, including textbooks, at crucial moments, such as the day before an exam. One of the huge benefits of personally owned technology would be anywhere, anytime access to eTextbooks. I find it astounding that it has not taken off. Not only would eTextbooks offer a better quality of experience including multimedia assets and links to extended or remedial resources, but they would be available whenever and wherever a learner required them. It would be possible for teachers and learners to annotate them and otherwise add value. As electronic documents they could also be subject to the range of social tools, such as reviews and rating. Imagine as well being able to measure how a young person used their textbook. That data would be extremely valuable in identifying patterns and trends for understanding learning and timely interventions. The list goes on and on. Yet it hasn’t happened. Perhaps 2012 is the year…

There were a couple of other predictions too but they were very tech-infrastructure-sector-specific and I couldn’t see how I could add any edu-value. So there you have it for this instalment.