The Cloud in Higher Education: Balancing the Benefits, Challenges and RisksDeborah Gelch | Chief Information Officer, Lasell College
Whether it is the public, private or hybrid cloud, the cloud is a reality and is being embraced in higher education. Over 65 percent of mission critical systems at Lasell College are hosted in the public cloud and each year this number is growing. The systems remaining on-premise are legacy systems and include our core student information and ERP systems. The inflexibility of these applications severely limits our ability to respond to flexible models of delivering education and mobile-first services to our students.
As we wait for the next generation of student information/ERP systems to become available, we should be prepared for the reality that these core systems will most certainly be in the cloud. Gartner suggests that by 2017 at least 75 percent of new and replacement student information systems in higher education globally will be SaaS or cloud-based.
As we embrace cloud strategies we should quantify the benefits, understand the challenges and mitigate the risk as well as shift our culture to adapt to these changes.
It would be naive to assume that a cloud strategy will result in dramatically lower IT costs, but if managed efficiently, it should at a minimum contain them over the long term. One of the first systems that colleges and universities transitioned to the cloud was email through Microsoft and Google. Since the shift to email hosting in the cloud, institutions have realized cost savings from a reduction in servers, storage, backup and spam filters. We have also added, at no additional cost, disaster recovery capability, e-discovery litigation support, file sharing and data compliance.
For smaller institutions with leanly staffed IT departments and limited resources, transitioning to the cloud permits the small team to expand capabilities by leveraging the resources of the cloud. For example, providing more robust disaster recovery, business continuity and security for critical systems was a backburner project for a small team that primarily focuses on day-to-day issues. Transitioning applications to cloud providers who have resources dedicated to these functions provides a lean IT staff with a framework for disaster recovery, business continuity, and security programs.
Improved Upgrading and Implementation
Cloud technologies are agile by nature and enable a small staff to respond quickly to evolving business requirements. The timeline for an implementation of an on-premise system could be from three months to up to a year. SaaS systems like Salesforce can be rolled out incrementally and in production within weeks. For example, after we launched Salesforce for our admissions staff we were able to respond to institutional needs to equip our development staff with a similar tool within eight weeks. After rolling out Salesforce for Admissions and Development, we are taking advantage of the new features that are continually being released and new functions are leveraged more quickly.
Defining What Services Should Move
When evaluating your portfolio of enterprise systems there is not a single cloud strategy. Some on-premise applications do not benefit from a move to the cloud as they are either internal, non-critical systems or already share a virtualized infrastructure. Because our resources are limited, in these cases it would make sense to preserve their status quo and focus on use cases that would benefit from a move to the cloud.
Licensing models for cloud-based systems are oftentimes as complex as the systems themselves. Software providers have developed licensing models that are all over the board. Some licenses are based on the number of users. Others depend on the type of access of the user requires (read, read/write, administrator). With budget pressures looming it is important to keep an eye on your license model, remove inactive users and limit underutilized accounts.
Moving to the cloud does not mean that the IT workload is reduced but it will change roles across campus and staff will need retooling to leverage the new infrastructure and systems. For example, power users embedded within departments will be able to pull more sophisticated reports and forms, and develop advanced workflows that were once only provided by central IT. The workload of IT will change as there is a shift from deep programming to configuration, integrations, and enabling mobile. Staff with this talent is hard to find, especially in remote areas, so it is critical to retool and empower existing staff.
Bigger They Are, Harder They Fall
Cloud providers are bigger targets for malicious attacks. Though most cloud vendors have more security staff, rigorous processes and auditing than a small IT department, they are targets for more sophisticated attacks. Larger cloud vendors have higher levels of security than the niche cloud providers. Read your contract closely and understand that protection they are providing as well as their Service Level Agreements (SLAs) analyzing what liabilities they are willing to take on so you can help your institution mitigate these risks.
Navigating the cloud while complying with regulatory requirements can be tricky. In a recent decision, the European courts ruled the Safe Harbor agreement, enabling the movement of Europeans’ data across the Atlantic, invalid. Colleges and Universities should pay close attention to the stewardship of international student data—even if this data is not in the cloud.
Recovery and Protection
As you transition your critical systems to the cloud make sure you fully read your contracts and understand the policies around backup and restoration, disaster recovery, data protection, and how you can transition your data to another system in the future. Don’t assume that your cloud provider is offering these services to the same degree as your own IT department. For example, Salesforce has a flat $10,000 fee to recover your data in the event that is permanently deleted or compromised during a data import. These details are in your contracts and someone in IT needs to read them carefully. If you are not satisfied with the services offered by your cloud provider, find a third-party vendor who will provide these services.
Transitioning to the cloud is inevitable for higher education institutions to respond to the new models of delivering on our mission. While the benefits of flexibility, cost savings, new capabilities and speed are real, there are new challenges and risks that need to be understood and mitigated. Most of these risks can be understood by paying close attention to the details of the cloud provider contract and keeping on top of the changes to the contract and agreements. It is also important to understand the service level agreements within these contracts as the cloud provider staff do not work directly for the institution and you can’t control their responsiveness. While we are waiting for the next generation of student information/ERP systems we should continue to embrace cloud strategies and augment the limitations of our core systems with these offerings.
Author Perspective: Administrator