Cloudy With a Chance of Data

Recently, a lot of people have been talking about cloud computing and asking what it means to store student information in the cloud.  Unfortunately, confusion and misunderstanding can sometimes cloud the issue (pun intended).  In order to understand the potential risks and opportunities, we should take a minute to understand what it actually means to put data “in the cloud”.

Online systems are powered by computers called servers.  In the past, servers were generally located in the same physical vicinity as the people using them. Email servers were stored somewhere near the office where the users worked; student information system servers were stored somewhere in the school or district where the students attended. As demand for online tools increased and tolerance for “down time” decreased, the requirements for storing (or hosting) web servers became increasingly complex.

Row of web servers

Row of web servers in a large data center.

Fortunately, as network speeds have increased, data can travel faster and web servers no longer need to be stored in close physical proximity to the users in order to have access to the data. This allows the creation of remote hosting centers that can be designed specifically to meet the requirements of storing web servers for schools and districts. Since servers for multiple schools and districts can be stored in the same data center, the cost to each district could be reduced even while adding features (cooling, power, backups, physical security, etc.).  The concept of hosting web servers in shared data centers became known as “cloud storage”. Server rooms needed special cooling systems, backup generators, and redundant internet connections. In addition as more and more data began to be stored digitally, increased physical security was needed to guard against unauthorized access to the server room.  Meeting these demands added an enormous burden to district IT budgets – not to mention increased space requirements in buildings that were already overcrowded.

It is important to note that the co-location of servers for multiple schools in a single data center is not the same as comingling the student information into a single database. This may be the most widely misunderstood concept about storing student data in the cloud. Think about how email works. An email account is hosted in a remote “cloud” data center along with thousands of other email accounts. But just because our email accounts “live” in the same data center does not mean that I can read someone else’s email or vice versa.  Along the same lines, organizations that provide cloud data solutions for schools would not be able to amass a single database of student data or allow unauthorized individuals to access that data without violating privacy laws and the terms of contracts with school districts on which they depend.

Whenever student data is being stored—whether on paper, on servers in the back room of a school building, or “in the cloud”—security, privacy and other legal and operational issues must always be addressed. While specially–built data centers can offer additional physical and digital protections for student data, appropriate credentialing requirements, audit trails, and access controls must always be in place. In addition, state or federal laws, such as the Family Educational Rights and Privacy Act (FERPA) may apply. Check out this blog post by our Chief Privacy Officer for answers to common questions about privacy in the cloud.

We encourage parents and students who want more information on how their schools employ cloud computing to contact their schools directly. It’s important for everyone to stay informed about how data is being protected and how student data is being used to improve the learning experience.

Richard Culatta is the Deputy Director of the Office of Educational Technology at the U.S. Department of Education. 

1 Comment

  1. Great and timely post Richard. On this point: “organizations that provide cloud data solutions for schools would not be able to amass a single database of student data without violating privacy laws” We could use some additional clarification/examples.

    Thanks!

Comments are closed.