enterprisesecuritymag

Higher Education Challenges: Big Data; Cloud Computing; Information Security

By Elias G. Eldayrie, VP & CIO, University of Florida

Elias G. Eldayrie, VP & CIO, University of FloridaElias G. Eldayrie, VP & CIO, University of Florida

Big Data Integral to University Missions

While universities mine data to tailor student advising and educational experiences, there are other vitally important higher education issues involved. As big data becomes increasingly important in the business world, employers are seeking individuals skilled in finding, understanding and visualizing data to create complete information landscapes for strategic business decisions and directions. To meet this demand, universities must have the resources and infrastructure to support the education of students for these roles, both as undergraduates and in graduate programs.

Big Data resources at the university are also important for recruiting and retaining top faculty. Faculty across a variety of disciplines involved in research will come and stay at your institution only if they have fast access and the best tools to work with data, store data, and share data with other researchers. All this must be accomplished, while not only providing the computing power and access to Big Data, but minimizing risk and ensuring security.

Cloud Computing & Pedagogy

While all three categories of Cloud Computing, are important in higher education this discussion focuses on Software as a Service (SaaS). Cloud software can assist faculty in utilizing best practices associated with pedagogy in both online courses and in the blended classroom. The changing environment in education is continuously moving towards greater reliance on technology for engagement and delivery methods requiring speed, agility, variety and reliability.

Utilizing an online service, a small number of faculty members or even a single faculty member, may be able to test a new service without a large investment in hardware, software or human resources that would usually be required with a local installation. Very often all that is required is a credit card payment for a few months of service without commitment, and the service can be brought to full functionality almost immediately. If the service proves to be not as valuable when used as originally thought, it can be immediately discontinued without penalty and minimal or no loss of investment.

Multiple services or a large variety of educational applications can be subscribed to simultaneously, usually without the need to meet a threshold to justify investment because there is reduced initial monetary or resource investment. A service can be subscribed to for just one course or for the entire campus. This also allows multiple needs to be addressed simultaneously without requiring prioritizing which requests can be fulfilled and those that cannot or must be delayed. However the ease of use brings higher risk if all services are not vetted and controlled, and directly impact security and privacy and significantly increasing the work load these areas.

Security, Privacy and Legal

The ease of access to software as a cloud service brings increased risk, and escalates the work required by information security, privacy and legal units as more services are requested and require vetting. An established process for vetting services is necessary to review the increasing numbers of services being requested and meet needs of the users, the institution, creating efficiencies and maintain consistency.

The process may include information security, privacy office, purchasing office and the legal office, depending on the circumstances of the particular service being reviewed. If the process is onerous for the user or takes too long to complete in the mind of the user, compliance may be negatively impacted to unacceptable levels. The campus must also be educated for the need for institutional vetting, so users do not rely on the fact that a service is being used at another university when it has not been vetted for use at your institution, where different circumstances may exist. Developing a campus wide cloud strategy will assist the institution in selecting the right sourcing and solutions and provide guidance for faculty, staff and students on the use of cloud services such as free storage offered to the public.

“The changing environment in education is continuously moving towards greater reliance on technology for engagement and delivery methods requiring speed, agility, variety and reliability”

Vetting a particular service should also apply to a large number of use situations as prudently and safely possible, with approval of campus wide usage in as many cases as feasible. To approve a service for a single use case or a very narrow set of circumstances usually results in increased user confusion and rapidly becomes an overwhelming task for those units playing a part in the vetting proves when requests for use of the same software multiply quickly.

Universities with medical centers and hospitals have additional security constraints including the responsibility of adhering to the U.S. Health Insurance Portability and Accountability Act of 1996, and in instances have the requirement of a HIPAA Business Associate Agreement (BAA), a contract between a HIPAA covered university and a HIPAA business associate. The contract protects Personal Health Information (PHI) in accordance with HIPAA guidelines. Universities must negotiate BAAs with each individual service company, and this process can not only be very time consuming and frustrating, but also sometimes unsuccessful.

Meeting institutional needs and enabling the success of both Big Data and cloud services in higher education requires an acceptable balance between security and access. This can only be achieved by understanding the needs of users across the institution and creating strategies, policies, guidelines and processes that create a resource rich, low risk environment. Rising to these challenges will ensure success as we move forward with the varieties of technologies being embraced by higher education today and tomorrow.

Read Also

Cloud Security Grows Up

Cloud Security Grows Up

Kevin Winter, VP & CIO and Brian Javonillo, Senior Associate, Booz Allen Hamilton
Is There Auditible Security in the Cloud?

Is There Auditible Security in the Cloud?

Preston Williams III, Senior Partner and CIO, GBC Global Services
Balance Must be Created Between Applications And Managing Security

Balance Must be Created Between Applications And Managing Security

Phil Bertolini, CIO& Deputy County Executive, Oakland County