Security in Cloud Computing as it Relates to E-learning
Security continues to be of primary concern as it relates to cloud-based e-learning in the greater context of cloud computing. From 2005 to 2011, security has been in the top four IT issues as published by Educause, a “nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology.” Although not making an official entry in the Educause top ten IT issues in 2012, security remains an integral component of the top ten. For example, both bring-your-own-device (BYOD) and developing cloud strategies are in the 2012 top ten and have security as a primary concern for implementation.
In August of 2010, Educause published 7 Things You Should Know About CLOUD SECURITY. Educause lists confidentiality, integrity and availability as the main security concerns when shifting to e-learning in the cloud. Nabil Sultan (2009) reviews several security, privacy and reliability fears regarding the use of cloud-computing in education. These concerns are echoed by John Powel (n.d). Michael Gregg (2010) from Global Knowledge, an online IT training organization, provides several cloud-computing concerns regarding security in a white paper. These concerns can be visualized in Figure 1.
In August of 2010, Educause published 7 Things You Should Know About CLOUD SECURITY. Educause lists confidentiality, integrity and availability as the main security concerns when shifting to e-learning in the cloud. Nabil Sultan (2009) reviews several security, privacy and reliability fears regarding the use of cloud-computing in education. These concerns are echoed by John Powel (n.d). Michael Gregg (2010) from Global Knowledge, an online IT training organization, provides several cloud-computing concerns regarding security in a white paper. These concerns can be visualized in Figure 1.
The Cloud Security Alliance (2010) has published a similar list but focuses on them more in the negative sense as threats. These are illustrated in Figure 2.
Government Regulation in Cloud Computing
One of the main security challenges facing institutions who want to incorporate e-learning cloud tools is government legislation and regulation regarding the use and storage of private information (Diaz, Golas and Gautsch, 2010). Since many LMSs require the input of student information to gain access and guarantee adequate authentication, hosting these LMSs on cloud servers poses a problem. In addition, many Web 2.0 tools integrated into the LMS also require personal profiles for access. Institutions must ensure that they receive informed consent for any information and that the information will never be accessed or used beyond the purpose for which it was collected. This often creates regulatory barriers which either prevent the use of many online social learning tools or “force” institutions and instructors to look the other way.
In British Columbia, for example, the Office of the Information and Privacy Commissioner (2012) has published a cloud computing guide for public bodies, including schools, hospitals, municipalities, etc. This guide is based on the BC Freedom of Information and Protection of Privacy Act, with the controversial part being Section 30 and 31. A similar law in the US called the Patriot Act, provides unrestricted access to any personal information held in the US. Since this is in contravention of law in BC, public bodies such as schools cannot ask their students to participate in e-learning activities that cause personal information to be held in the US. This severely restricts school’s ability to use these e-learning tools. Currently BCcampus 2011), an organization dealing with higher education (Klassen, 2011) in BC is lobbying the government to relax these laws and at the same time providing education to institutions and individuals on how to maximize online e-learning activities within th e constraints of the law. |
Section 30 of the BC Freedom of Information and Protection of Privacy ActProtection of personal information
30 A public body must protect personal information in its custody or under its control by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal. Storage and access must be in Canada 30.1 A public body must ensure that personal information in its custody or under its control is stored only in Canada and accessed only in Canada, unless one of the following applies: (a) if the individual the information is about has identified the information and has consented, in the prescribed manner, to it being stored in or accessed from, as applicable, another jurisdiction; (b) if it is stored in or accessed from another jurisdiction for the purpose of disclosure allowed under this Act; (c) if it was disclosed under section 33.1 (1) (i.1). |
References
BCcampus (2011) Privacy and Cloud-based Educational Technology Conference Final Reprot. Retrieved from http://www.bccampus.ca/assets/Content/Reports/Privacy-Conference-Report-April11-fomatted.pdf
Cloud Security Alliance. (2010) Top Threats to Cloud Computing V1.0. Retrieved from https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
Diaz, V, Golas, J, & Gautsch, S. (2010) Privacy Considerations in Cloud-Based Teaching and Learning Environments. Retrieved from Educause website: http://net.educause.edu/ir/library/pdf/ELI3024.pdf
Educause. (2010) 7 Things You Should Know About… CLOUD SECURITY. Retrieved from http://net.educause.edu/ir/library/pdf/EST1008.pdf
Grajek, S., 2011-2012 EDUCAUSE IT Issues Panel, & Pirani, J. A. (2012) Top-Ten IT Issues 2012. Retrieved from Educause website: http://net.educause.edu/ir/library/pdf/ERM1232.pdf
Gregg, M. (2010) 10 Security Concerns for Cloud Computing. Retrieved from Tech Republic website: http://images.globalknowledge.com/wwwimages/whitepaperpdf/WP_VI_10SecurityConcernsCloudComputing.pdf
Intel IT Center. (2012) Planning Guide – Cloud Security: Seven Steps for Building Security in the Cloud from the Ground Up. Retrieved from http://www.intel.com/content/dam/www/public/us/en/documents/guides/cloud-computing-security-planning-guide2.pdf
Klassen, V. (2011) Privacy and Cloud-Based Educational Technology in British Columbia: A Background Paper. Retrieved from BCcampus website: http://www.bccampus.ca/assets/Content/Whitepapers/Background-Paper-Privacy-and-Ed-Tech.pdf
Office of the Information and Privacy Commisioner for BC (2012) Cloud Computing Guidelines for Public Bodies. Retrieved from http://www.oipc.bc.ca/pdfs/public/CloudComputingGuidelines(February2012).pdf
Powell, J. (n.d) Cloud computing – what is it and what does it mean for education? Retrieved from http://erevolution.jiscinvolve.org/wp/files/2009/07/clouds-johnpowell.pdf
Sultan, N. (2009) Cloud Computing for Education: A New Dawn? International Journal of Information Management, 30, 109-116. Retrieved from http://ac.els-cdn.com/S0268401209001170/1-s2.0-S0268401209001170-main.pdf?_tid=64efc24c1b69acfc38965f6c7dc6f4ea&acdnat=1338666452_1a6293028ce9370d955334d251d06b0c
Cloud Security Alliance. (2010) Top Threats to Cloud Computing V1.0. Retrieved from https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
Diaz, V, Golas, J, & Gautsch, S. (2010) Privacy Considerations in Cloud-Based Teaching and Learning Environments. Retrieved from Educause website: http://net.educause.edu/ir/library/pdf/ELI3024.pdf
Educause. (2010) 7 Things You Should Know About… CLOUD SECURITY. Retrieved from http://net.educause.edu/ir/library/pdf/EST1008.pdf
Grajek, S., 2011-2012 EDUCAUSE IT Issues Panel, & Pirani, J. A. (2012) Top-Ten IT Issues 2012. Retrieved from Educause website: http://net.educause.edu/ir/library/pdf/ERM1232.pdf
Gregg, M. (2010) 10 Security Concerns for Cloud Computing. Retrieved from Tech Republic website: http://images.globalknowledge.com/wwwimages/whitepaperpdf/WP_VI_10SecurityConcernsCloudComputing.pdf
Intel IT Center. (2012) Planning Guide – Cloud Security: Seven Steps for Building Security in the Cloud from the Ground Up. Retrieved from http://www.intel.com/content/dam/www/public/us/en/documents/guides/cloud-computing-security-planning-guide2.pdf
Klassen, V. (2011) Privacy and Cloud-Based Educational Technology in British Columbia: A Background Paper. Retrieved from BCcampus website: http://www.bccampus.ca/assets/Content/Whitepapers/Background-Paper-Privacy-and-Ed-Tech.pdf
Office of the Information and Privacy Commisioner for BC (2012) Cloud Computing Guidelines for Public Bodies. Retrieved from http://www.oipc.bc.ca/pdfs/public/CloudComputingGuidelines(February2012).pdf
Powell, J. (n.d) Cloud computing – what is it and what does it mean for education? Retrieved from http://erevolution.jiscinvolve.org/wp/files/2009/07/clouds-johnpowell.pdf
Sultan, N. (2009) Cloud Computing for Education: A New Dawn? International Journal of Information Management, 30, 109-116. Retrieved from http://ac.els-cdn.com/S0268401209001170/1-s2.0-S0268401209001170-main.pdf?_tid=64efc24c1b69acfc38965f6c7dc6f4ea&acdnat=1338666452_1a6293028ce9370d955334d251d06b0c
HTML Comment Box is loading comments...
Click to set custom HTML