1. Are You Working in the Cloud or Using Cloud Computing? K. Virginia HembyBusiness Communication & Entrepreneurship Dept.Middle TN State University, Murfreesboro, TNRobert E. “Skip” Grubb, Jr.Director, Criminal Justice TechnologyColumbia State Community College, Columbia, TN Hemby & Grubb 2011 NBEA Annual Convention 1 OS, Storage, Apps iGoogle, Firefox
3. Cloud Computing…Working on the Internet? Hemby & Grubb 2011 NBEA Annual Convention 3 After a fashion, yes . . . BUT adding the word computing expands the definition to mean “Internet-based computing, whereby shared resources, software, and information are provided to computers and other devices on demand, like the electricity grid” (Wikipedia, 2011).
4. The Economics of Cloud Computing Significant savings for capital expenditures (hardware, software, personnel, and space) Savings on maintenance, licensing agreements, and energy costs Student work does not reside on individual computers, USBs, or CDs as ALL applications and data are stored in the cloud No more downloads REQUIREMENTS: Cheap access device (laptop, iPad, iPod, smartphone) A web browser Broadband in the schools with select wireless hotspots Most students already possess some type of access device so school districts need ONLY fill the gaps—not replace existing access devices Hemby & Grubb 2011 NBEA Annual Convention 4
5. Cloud-Based Systems for School Districts Mean….. No worries about students’ lost, stolen, crunched, or fried computers No hard drive malfunctions to manage No lost computing files or data No CD-drive breakage or bad track reads No Operating System reboots No “blue screen of death” No black screens with strange and scary code No endless uploads, downloads, upgrades, or storage No stacks of app boxes taking up space in school offices or closets Hemby & Grubb 2011 NBEA Annual Convention 5
6. The Yin of Cloud Computing CLOUD STORAGE Off-site, web-based system called storage as a service (StaaS); aka “taking data into the cloud” CLOUD-BASED APPLICATIONS A program that is accessed via the Internet; the software is hosted and powered by the service provider; aka Software as a Service (SaaS) “. . . Cloud computing could serve as the strategic component that has been missing in K-12 (and post-secondary) technology efforts—a way to deliver more and better services” (Kuglin, 11/17/2010, in Wancheck, N., Education in the Cloud: 5 Questions with John Kuglin, THE Journal). Hemby & Grubb 2011 NBEA Annual Convention 6
8. CLOUD STORAGE LiveMesh (Windows Live Mesh in 2011) http://www.dropbox.com 2 GB free space File storage solution Solution for sharing files in folders that other people need to modify http://www.mesh.com 5 GB free space Microsoft cloud computing storage solution More of a web application designed for file storage Requires use of SilverLight technology (makes necessity of another download to get things up and running) Hemby & Grubb 2011 NBEA Annual Convention 8 DropBox
9. Cloud Storage (Continued) Box.net http://www.box.net 5 GB free space Mobile app access Mozy http://mozy.com 2 GB free space Works with a desktop program to sync your files to the web Works with both PC and Mac Restore and access capabilities Hemby & Grubb 2011 NBEA Annual Convention 9
10. Cloud Storage (Continued) MyOtherDrive http://www.myotherdrive.com 2 GB free space Drag and drop upload (from your desktop, Internet browser, or other applications Automated or manual backup syncplicity http://www.syncplicity.com 2 GB free space Real-time backup and instant restore Share files with friends or collaborate with one-click file-sharing Sync files across PCs, Macs, file servers, and Google Docs Hemby & Grubb 2011 NBEA Annual Convention 10
11. Cloud Storage (Continued) ActiveCloud http://www.activecloud.pocketwatchllc.com/ Remove barriers between the Cloud and your iPad or iPhone Copy and paste files between local and cloud-based storage services Send files to others via email Hemby & Grubb 2011 NBEA Annual Convention 11
12. K-12 Web-Based Tools for Collaboration, File Sharing, and Online Storage School Web Lockers eBackpack http://www.schoolweblockers.com Digital Lockers - Personal file storage Homework drop boxes - get and turn-in homework Message Boards - School-wide/District-wide Discussions Teacher Talk - Class Discussions Teacher Blogs Calendars - Public and Private calendars http://www.ebackpack.com Create classes / groups and easily share content Electronically submit files to staff. Secure homework drop boxes Collaborative discussion ePortfolios Hemby & Grubb 2011 NBEA Annual Convention 12
14. GOOGLE APPS (Samples for Educators) Google Apps Marketplace Aviary Design Suite for Education (set of free tools and templates for creating multimedia projects) Rcampus ePortfolio Builder and Assessment System Easy Bib (automatic bibliography composer) Digication e-Portfolio (allows students to showcase work online) EduTone Connector for Moodle (trial version of utility that facilitates single sign-on authentication through Google Apps) Hemby & Grubb 2011 NBEA Annual Convention 14
21. Hemby & Grubb 2011 NBEA Annual Convention 19 “. . . Looking at peer institutions, we found that there’s probably not a school out there that doesn’t spend 90 percent of its IT budget on the first day of the year, on recurring licenses and upgrades—leaving no money to do anything else. It has become more and more obvious to us that moving even 10 to 20 services to the cloud can save the time and budget needed to work more effectively on the innovative solutions that are so important to our institutions” (Sheard, 9/22/2010, Cloud Computing in Education: A Practitioner’s Viewpoint, Campus Technology).
22. The Yang of Cloud Computing “Research from (ISC)2 finds while most organizations are embracing mobile technologies, social media, and cloud computing, their security staff are not upgrading skills and policies to insure adequate protection.” Goodchild, J. (2011 ). Security Departments Not Prepared for New Technologies. http://www.csoonline.com Security Departments Not Prepared for New Technologies Hemby & Grubb 2011 NBEA Annual Convention 20
23. Security Departments Not Prepared for New Technologies “The adoption of cloud computing is also posing a threat, the survey finds. Among 10,000 information security professionals [sic], 73 percent said that cloud computing requires new skills for security professionals. When asked what new skills would be required for cloud computing, half of the participants identified contract negotiation skills as one of their top three requirements. This selection trailed the desire to develop a detailed understanding of cloud computing chosen by 93 percent, as well as the desire for enhanced technical knowledge chosen by 81 percent of participants” (Goodchild, 2011) Hemby & Grubb 2011 NBEA Annual Convention 21
24. Get Off Of My Cloud “The single biggest objection to cloud computing, however, is whether or not data can be truly safe in the cloud.” How do you authenticate in the cloud? Who is responsible for the data? Where are services being hosted? Where and how are they being backed up? Clayton, N. (2011, February 15). Get Off Of My Cloud. The Wall Street Journal http://online.wsj.com Hemby & Grubb 2011 NBEA Annual Convention 22
25. 7 Dangers in the Cloud Abuse and nefarious use of cloud services Insecure interfaces and APIs Malicious insiders Shared technology issues Data loss or leakage Account or service hijacking Unknown risk profile Swidler, A. (2010, December). Campus Technology. Hemby & Grubb 2011 NBEA Annual Convention 23
26. Memory Scraping Malware Goes After Encrypted Private Information “Security researchers at the SANS Institute say pervasive memory scrapping is one of the most dangerous attack methods that hackers will use in the coming year. In such an attack, hackers gain administrative privileges for a file system in order to access personally identifiable information and other sensitive data, even if it is encrypted.” Messmer, E. (2011, February 22). Memory scraping malware goes after encrypted private information. Network World. http://www.networkworld.com Hemby & Grubb 2011 NBEA Annual Convention 24
27. Trusted Online Identities Plan Hinges on Collaboration The National Strategy for Trusted Identities in Cyberspace (NSTIC) aims “to create an identity ecosystem that will increase the availability of flexible, voluntary, and user friendly online identity authentication.” “The success of NSTIC is dependent on the collaboration between stakeholders in the public and private sectors . . . “ Jackson, W. (2011, February 16). Trusted online identities plan hinges on collaboration. Government Computer News. http://gcn.com Hemby & Grubb 2011 NBEA Annual Convention 25
28. NeoLoad Load Tests Software for Web Apps Adds Testing from the Cloud NeoLoad can detect problems such as memory leaks, bottle necks, poor network configuration, and software configuration issues before they occur in production and cause slow application performance or service interruptions. It simulates real world conditions that affect application performance. The new version includes on-demand load testing from the cloud and supports the latest web application technologies. NeoLoad enables organizations to test a web application’s entire delivery chain, including firewalls and routers, from different parts of the world. Meyer, L. (2011, March 3). THE Journal. Hemby & Grubb 2011 NBEA Annual Convention 26
29. Can ‘encrypted blobs’ Help With Secure Cloud Computing? “Can cloud-based computing be made more secure in the future using what crypto geeks call ‘fully homomorphic encryption’ to send data as ‘encrypted blobs’ that can be understood and subject to processing without having to actually de-crypt them first to see the plaintext.” “. . . the idea is to create ‘encrypted blobs’ that don’t need to be decrypted and still allow for many practical applications by being combined with and processed by other ‘encrypted blobs.’” Messmer, E. (2011, February 4). Can encrypted blobs help with secure cloud computing? Networkworld http://www.networkworld.com Hemby & Grubb 2011 NBEA Annual Convention 27
30. “DARPA Seeks Security Expertise from a Nontraditional Source: The Hacker Community” Defense Advanced Research Projects Agency The Defense Department plans to fund independent security researchers and experimental projects in a bid to invigorate the federal government’s “unsustainable approach to cybersecurity.” The program called Cyber Fast Track will reward security research done within “a matter of months and at a small price tag.” Hemby & Grubb 2011 NBEA Annual Convention 28
31. DARPA CONTINUED DARPA research in environments the agency had access to found that defensive applications took up to 10 million lines of code, compared to 125 lines of code found in 9,000 samples of malware. Lines of code are an indication of the exploitable surface area of a system and the cost required to maintain and protect it. An IBM metric suggests that for every 1,000 lines of code, 1 to 5 bugs are introduced. Lim, D. (2011, February 4). Nextgov Technology and the Business of Government http://www.nextgov.com Hemby & Grubb 2011 NBEA Annual Convention 29
32. Checklist for Evaluating Cloud-Based Initiatives Contracts Audit Controls Integration Points Policies and Procedures Follow the Data Information Management. (2009, July-August). Hemby & Grubb 2011 NBEA Annual Convention 30
33. Choosing a Provider Insist on being allowed a live test of the product Know what steps to take to re-create your data at another location Find out what happens if your data does not come back Know your exit strategy Make sure your operating system is supported THE Journal (2010, September), p. 24 Hemby & Grubb 2011 NBEA Annual Convention 31