Home' Campus Technology : July 2013 Contents CAMPUS TECHNOLOGY | July 2013
to contract customizations for certain services. If you're a
small school without a lot of clout, smaller vendors are more
likely to modify their contracts to win your business. This
option comes with a footnote, however: Even if the contract
terms are favorable, schools must ensure that the vendor
also has the resources to stay on top of security matters.
"If you're a large provider such as Blackboard, you're go-
ing to do everything in your power to make it as secure as
possible," Bathon notes. "My concerns would be around
a startup company being able to go above and beyond."
That's not to say schools should avoid smaller companies---
far from it. But IT and the legal team must do their due dili-
gence first. "It's something that needs to be addressed be-
fore you can move forward," advises Bathon.
2) The Middleman Dilemma
One of the most compelling selling points of cloud services
is 24/7 support, especially since many institutions now have
global presences with international students working at all
hours. Not surprisingly, says Chase, schools want service-
level agreements that provide for the maximum amount of
uptime. The gold standard of SLAs is known as five-nines,
or an uptime of 99.999 percent. Slap that in the contract
and you're good to go, right?
Unfortunately, cloud-service providers often act as middle-
men. They might contract with a separate company to run
the server farm that hosts their services. As a result, vendors
might push back against a contract demand for five-nines
uptime. For example, a company might say, "Amazon owns
the pipes and operates the servers. We'll give you what Ama-
zon gives us, but we can't give you any more than that."
If this sounds like a reasonable response, you're not an
attorney. While Amazon is a first-tier provider with a solid
reputation, it's not a school's obligation to police a vendor's
suppliers. According to Dow Lohnes' Chase, "Our answer
to the service provider might be, 'If your vendor is not work-
ing, that's your problem. But if your service isn't living up to
the terms of our agreement, we're going to come and look
to you to make it right.'" So adding a five-nines clause to the
contract just might be good sense.
3) Data Rights
A lot of colleges and universities are weighing whether they
can---or should---store sensitive student data in the cloud. If a
school decides to move forward, Chase recommends that any
contract include a confidentiality provision stating "it's [the uni-
versity's] data and even though it's technically in your posses-
sion, you shall not disclose it without our prior written consent."
Schools may want to go one step farther by also specifying
exactly where their data should be stored---an especially im-
portant consideration for FERPA- and HIPAA-related data.
In the early days of cloud services, customers discovered
that their data might be stashed anywhere on the globe.
Now all the big boys---Amazon, Microsoft, and Google---as
well as smaller companies allow customers to specify in
what region they want their data stored.
"If you say, 'We want to store data domestically with the
vendors our clients have worked with,' they can do that
without much heartburn," notes Chase.
4) Data Security
One of the most common arguments for shifting applica-
tions to the cloud is security: The largest cloud providers
have far more security resources than any individual univer-
sity, and consequently can provide better protection against
the most frequent security ailments. It's unlikely, for example,
that these companies are tucking misconfigured networked
servers into office closets, or taking customer data home
on a laptop or USB device. These were just some of the
causes of the data breaches that afflicted 87 institutions of
higher ed and university-affiliated health centers or hospitals
in 2012, as reported by the Privacy Rights Clearinghouse.
At the same time, don't believe that shifting data storage to
the cloud will solve all your security woes. In some ways, it's
like jumping from the fat into the fire. Cloud providers are in-
creasingly becoming the target of major hacker and denial of
service attacks, simply because that's where the data resides.
Plus, researchers are uncovering the existence of potential
Links Archive August 2013 June 2013 Navigation Previous Page Next Page