Tag: cloud

ANME South West Meeting

It was great to lead the ANME southwest meeting on Tuesday last week at the amazing offices of CoreToCloud.   There aren’t many IT companies that I know of that can claim to have the address “The Castle” but CoreToCloud call it home.  Now as is the case with me and travel, the travel to this event wasn’t without issue with the M5 being closed following a sad and tragic loss of life.   And so my day started off with a good period of time in a car park, or at least that’s how the road seemed to me, before getting to the event later than planned, with a later kick off for the meeting as a result.

As always the key aim of ANME meetings is to provide a network for school IT professionals to share thoughts, ideas and issues and this meeting provided for that.    There were two great presentations from ANME members firstly looking at how apprentices can be a key part of IT staffing, and how to ensure apprentices are properly developed to become an effective part of a school IT team.    This presentation was made all the more powerful through the contributions of a current school IT staff member who was an apprentice but now runs a school site.    Now I myself have seen the benefits of apprentice students being supported however I also understand the time required to do this.   The issue of time for training of apprentices and other new, possibly young staff, often gets me thinking of the Richard Branson quote regarding the cost of training people up and them leaving when compared with the cost of not training someone up and them staying.   But it does also raise the usual challenge of the finite nature of time when compared with the frenetic nature of IT roles in schools.

The event also included a few cyber security presentations from IT vendors with tools around detecting and isolating ransomware, from a data point of view rather than an endpoint based detection point of view, and on automated penetration testing.   These presentations were very useful in providing IT staff with possible solutions they can consider as part of a layered approach to cyber security.   Sadly, as is often the case, one of the challenges here continues to be that of budget and also of recognition as to the potential risk.     How do you convince those with budgetary power of spending money, which could be spent directly and immediately on teaching and learning, on preventing a possible, future cyber incident, which may then impact on teaching and learning plus school operation. 

The second of the ANME member presentations was on going cloud and was one I identified with, including discussion of the sudden surge towards the cloud as associated with remote learning being brought in during the pandemic.    The presentation touched on the challenges of change management as well as on resource management.  It also presented how internal charging for IT services in a multi-school trust might be a useful vehicle in establishing the value of IT staff involvement and services.    I was particularly interested in the discussion of professional development and professional education for IT staff in schools, as this is something I consider to be important but also something which can be difficult in terms of finding appropriate training content, cost of content and also finding the relevant time to allow it to occur.   I have myself allocated time in the past for staff to do this  however found it difficult to protect this time.  This is definitely something I need to revisit in the future, possibly looking to allocate time but allow for staff members to arrange it themselves but with some sort of line management process to ensure the time is used and that the outcomes are meaningful and add value.

The ANME meetings continue to be a valuable space for IT staff in schools to get together and share what works, the challenges and also the things that don’t work.  I continue to believe that in a world of fast paced tech change and increasing use of tech in schools, and in classrooms, there are no school leaders, technology leaders or other staff in schools who can handle things on their own.   It is therefore critical to network and to share.   As I often say, “the smartest person in the room is the room” (David Weinberger), so the more people we can get in the room, including the ANME meeting room, the smarter we all are collectively.   

I cant wait until the new ANME South West meeting, and I hope that it sees yet more new faces joining and sharing their thoughts and ideas.

Moving to the cloud

The cloud?

In what is my third post looking at aspects of IT Strategy I thought I would write a little about moving to the cloud.   I note that the ISC Digital group recommends schools move to using Office 365 or G-Suite, both of which are cloud based services, as part of their bursars 6 pack advice.

There has a long been worries about security and control over cloud-based solutions.   My feeling is that largely these concerns have decreased with time and as cloud services have matured.  Additionally, understanding of cloud services has developed however I note recently a conversation in relation to a school which hosted its data locally and was building its own solutions for reasons of data security, so the concerns haven’t gone away.    In discussing cloud services, I love the idea of the cloud simply equating to “someone else’s computer”.   This description works for me.  In using cloud services for your solutions you are simply replacing your on-site servers with servers someone else owns, located somewhere out on the internet.   The question though in using cloud services is one of asking whether the someone else you are using can offer something you cannot and whether or not you trust them.

Looking at G-Suite and Office 365 as cloud hosted productivity suites I can see a number of things which are being offered which aren’t available in a locally hosted solution.    Both Microsoft and Google have significant technical support teams plus resiliency and redundancy capabilities way beyond what is possible with a schools IT support staff and on-prem solutions.   They are able to collate threat intelligence from vast numbers of systems and users to help protect all those using their services.      They offer a consistent revenue based costing model rather than the capital heavy costing model associated with on-premise data centres and servers, plus they offer easy scalability in terms of adding users, storage, services, etc.

As with most things this isn’t however a one-sided argument and there are other considerations which need to be taken into account.   The need for internet access is one of the key considerations as if your internet connectivity is unreliable or if your bandwidth is limited then deciding on cloud hosting is likely to be a bad idea.    Access to data may be another concern, as with locally hosted solutions you will have full unfettered access to the databases containing your data whereas in the cloud you may have limited access, through APIs for example, or may have no access other than that provided by a solutions user interface.    Sharing of data may be a concern as your third party, such as Google or Microsoft in the above case, will have access to your data so we must consider how much we trust them to not misuse this access.    Another consideration might be in relation to solutions which don’t need internet access, only requiring local network access, which therefore may be safer kept locally hosted.   It isn’t simply a case of just jumping to the cloud, there are considerations and concerns which need to be weighed up.

One of the main concerns in relation to cloud services is the terms and conditions and understanding your rights and responsibilities under these terms.   The terms and conditions should identify the overall approach to security which a vendor takes including how they may or may not share data, what happens should you cease using the vendor, their approach to breach and vulnerability notification, and any provision allowing for you to audit a vendors activities. Now I am not going to write much on this here as I will share some thoughts on this specific issue in a future post where I can explore it in more detail.  What is key however is the need to carefully check the terms and conditions especially in relation to complying with your data protection/GDPR obligations and also in relation to business continuity and disaster recovery.    It is important to take a risk based approach and weigh up the benefits and potential risks and assure yourself and your organisation that risks are acceptable and that benefits are worth any risk.

I continue to view the use of cloud based solutions or the use of the cloud to host an organisations own solutions positively.   I can see lots of advantages and benefits.  I also so more and more of our systems, data and services moving to the cloud in the coming years however I am also conscious that the cloud is not a silver bullet and is not necessarily appropriate for all situations.   We need to consider moving to the cloud or cloud based solutions carefully.   That said, I am not sure how that is different from normal behaviour as any change or introduction of new solutions should be considered carefully with a view to advantages, drawbacks and risk management.