On Thursday I am presenting at BETT13 on “Making the Cloud work for you”, with a subtitle of “institutional risk and governance”.

My presentation is here: http://slidesha.re/11OHwoK

These are my notes for those slides, which are a mix of a case study of learning and teaching a De Montfort University and an approach to personal/institutional risk.

SLIDE 3: thinking about the pedagogic development of cloud-based technologies has amplified issues around the following [risks].

1. How does the use of cloud-based technologies affect how an institution maintains a level of curriculum control or control of curriculum change-management processes? Control might be required for quality assurance, curriculum transparency or accountability. Where academic autonomy and the use of technologies in the curriculum is devolved, how do cloud-based technologies affect ad hoc curriculum design/delivery, as opposed to strategic control. How do staff digital/technical literacies affect this approach? What are the implications where staff are operating beyond a hosted/in-house LMS?
2. How do institutions support/nurture in-house skills development? Do they focus on what is of quality or is distinctive or is interesting, and then outsource or migrate that which is deemed boring (depending on risks to data etc.)?
3. How do institutions analyse and prepare for elasticity of demand and new service-provision, where technologies or techniques are in the cloud? How d they focus on developing technologies that will enable emerging and future web applications?

SLIDE 4: this is DMU’s Core/Arranged/Recommended/Recognised technology model. This is defined as follows:

Core: integrated corporate systems, including the Blackboard VLE, the staff/student portal, library management systems, MS Lync, streaming media (the DMU video server), dropbox facilities like Zend, and the DMU Commons (our.dmu), are available to students/staff to use with the devices and services of their choosing, and extended through tools that the institution arranges, recommends or recognises.

Arranged: accounts are created on key plug-ins or extensions beyond the core, like plagiarism detection tools (Turnitin), external blogs and wikis, like Campus Pack, and synchronous classrooms (WizIQ, WebEx).

Recommended: recommendations are made with supporting training materials, for connecting key, web-based tools into the core/arranged mix. This might include using RSS to bring in content from Twitter, SlideShare, iTunes or YouTube, or supporting SKYPE.

Recognised: the institution is aware that students and staff are experimenting with other technologies and maintains a horizon-scanning brief, until and unless a critical mass of users require the recommendation of specific tools.

SLIDES 6-11: whether or not one buys into the critiques of how neoliberal policy is opening-up higher education, it is clear that HE is seen as a marketised space into which services can be sold. Lipman defined this as a $2.5 trillion market in education that is restructuring the reality of education and training. This has ramifications for those who work in institutions that are, at least in-part, publically/charitably-funded, governed and regulated. How value is defined in that restructured space, beyond the rule of money, needs to be assessed, including which services will be outsourced to the cloud and why. This is more important because, as Macquarie Capital Equities Research House argues, the market for cloud-based solutions is growing and becoming more aggressively competitive. Witness Google’s Knowledge Graph and the application of big data/semantic web to web-based service development. The rate of profit is critical here in how it affects the restructuring of businesses that operate “the cloud” and which will be looking for new markets, and for those universities which are being recalibrated through HE policy as businesses and which need to extract value from their operations. UK Government policy, the pronouncements of UK Vice-Chancellors like Malcolm Gilles, and reports from think-tanks like Educause create a cultural space inside civic society that helps to reframe educational policy around deterministic uses of technology.

SLIDE 12: Stakeholders inside universities might reflect on how technology is deployed inside hegemonic, fiscal “realities”. These include the following.

• The drive for public-private partnerships, or private finance initiatives that drive efficiencies, value-for-money etc.. This underpins ideas of service re-engineering, outsourcing of services to lower-wage/cost spaces, and consultancy for new services. This is about disciplining labour and extracting surplus value from outsourced services.
• The generation of discourses of efficiency/productivity that are rooted though analytics, big data, the reduced circulation time of information-based commodities, changes in production through outsourcing, and workload/workforce monitoring.
• The legitimation of further innovation and R&D, through discourses of value-for-money, commercial efficiency, business process re-engineering (c.f. European Vision 2020; HEFCE 2012).
• The need to maintain technological innovation, in order to stay one step ahead of competitors. This connects to Marx’s idea of the moral depreciation of technologies/machines, and the need for constant innovation/value-creation.

Each of these pressures act on universities, and catalyse the need to consider cloud-based migration.

SLIDES 14-17: the second big risk is to users and institutions of placing data in the Cloud, especially where that data is stored on services hosted by a corporation based in the USA, or where hardware is physically located in the USA. The Electronic Frontier Foundation and the Center for Democracy and Technology have both raised concerns over the Justice Department’s use of courts in the USA to subpoena access to data that has left a user’s device and is stored in “the cloud”.

SLIDE 18: universities might wish to consider the following cases, which affect the storage of corporate assets (research data, personal information, communications, assessments and evaluations etc.) in the cloud.

• Twitter: the EFF/American Civil Liberties Union reported on the U.S. Department of Justice’s subpoena to Twitter for Icelandic MP Birgitta Jonsdottir’s tweets regarding Wikileaks. The Salon reported:

The information demanded by the DOJ is sweeping in scope. It includes all mailing addresses and billing information known for the user, all connection records and session times, all IP addresses used to access Twitter, all known email accounts, as well as the “means and source of payment,” including banking records and credit cards. It seeks all of that information for the period beginning November 1, 2009, through the present.

• LinkedIn: opens-up attempts to crack a service, and to enable hackers to aggregate data for future cracking of other services, for instance by confirming guesses about passwords. This enables the comparison of hacked data against pre-computed versions and broadens “guessable” data. How does this affect the recommended technologies that staff/students use? In June 2012, ComputerWorld noted:

More than 60% of the unique hashed passwords that were accessed by hackers from a LinkedIn password database and posted online this week have already been cracked, according to security firm Sophos.

• Facebook, Google and Twitter: there is now an obligation to identify “trolls”, and internet companies will have to surrender the details of those posting libellous messages. How does this affect staff and student professional development/identities?
• Leveson: Jeremy Hunt’s private Gmail account, which was used to conduct official business was subject to Freedom of Information, according to the Information Commissioner.

This raises issues of: cloud-based service availability and resilience; confidentiality/privacy and personal/institutional data; copyright/copyleft/content distribution; data security/back-ups control/deletion.

SLIDES 19 and 20 demonstrate how important it is to protect critical assets or data from providers and to think about service resilience, even when dealing with a behemoth like Amazon Web Services which has suffered outages.

SLIDE 21: demonstrates just how ubiquitous cloud services are, and how deeply interconnected they are to broader geographies of transnational finance capital and corporate governance. Thinking through what transnational corporate governance means for your institutional data/services/technologies is critical.

SLIDES 22-23: some final governance issues for institutions and their staff.

• Risk-management operates at a range of scales: does it matter if someone accesses your stuff? [c.f. Dropbox; subject to FoI] If so, canyou build Chinese walls or local alternatives?
• What about corporate governance, including access to services that are marketised? [e.g. the recent Google-Verizon issue, which flagged the possibility of a two-speed internet, especially for multimedia distribution/consumption. See also the potential costs of accessing data in a marketised HE space.]
• Does it matter if the academic who is responsible for the curriculum/assessment that is managed in the Cloud, in non-institutional services gets hit by a bus? [What should be managed in-house or hosted via a contract?]
• Do we understand that data is being transferred into a service and that we have responsibilities? [T&Cs; Intellectual Property; protected characteristics; indemnities for libel].
• How do we work-up the digital literacies of our staff/students in these spaces?