Skip to content
ADVERTISEMENT
Sign In
  • Sections
    • News
    • Advice
    • The Review
  • Topics
    • Data
    • Diversity, Equity, & Inclusion
    • Finance & Operations
    • International
    • Leadership & Governance
    • Teaching & Learning
    • Scholarship & Research
    • Student Success
    • Technology
    • Transitions
    • The Workplace
  • Magazine
    • Current Issue
    • Special Issues
    • Podcast: College Matters from The Chronicle
  • Newsletters
  • Events
    • Virtual Events
    • Chronicle On-The-Road
    • Professional Development
  • Ask Chron
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Professional Development
    • Career Resources
    • Virtual Career Fair
  • More
  • Sections
    • News
    • Advice
    • The Review
  • Topics
    • Data
    • Diversity, Equity, & Inclusion
    • Finance & Operations
    • International
    • Leadership & Governance
    • Teaching & Learning
    • Scholarship & Research
    • Student Success
    • Technology
    • Transitions
    • The Workplace
  • Magazine
    • Current Issue
    • Special Issues
    • Podcast: College Matters from The Chronicle
  • Newsletters
  • Events
    • Virtual Events
    • Chronicle On-The-Road
    • Professional Development
  • Ask Chron
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Professional Development
    • Career Resources
    • Virtual Career Fair
    Upcoming Events:
    College Advising
    Serving Higher Ed
    Chronicle Festival 2025
Sign In
News

Embracing the Cloud: Caveat Professor

By Michael Corn May 8, 2011
Embracing the Cloud: Caveat Professor 1
James Yang for The Chronicle

It has become a dominant meme to describe the role of information technology in higher education as transformative. We’ve all done it, myself included. My work as chief privacy and security officer at a large public university has, however, given me pause to ask if our posture toward risk prevents us from fully embracing technology at a moment of profound change.

To continue reading for FREE, please sign in.

Sign In

Or subscribe now to read with unlimited access for as low as $10/month.

Don’t have an account? Sign up now.

A free account provides you access to a limited number of free articles each month, plus newsletters, job postings, salary data, and exclusive store discounts.

Sign Up

It has become a dominant meme to describe the role of information technology in higher education as transformative. We’ve all done it, myself included. My work as chief privacy and security officer at a large public university has, however, given me pause to ask if our posture toward risk prevents us from fully embracing technology at a moment of profound change.

There’s no doubt that technology has radically transformed many, if not most, of our administrative processes. During my years at the University of Illinois at Urbana-Champaign, we’ve moved from paper-based processes to electronic workflows, Web portals and document repositories, and now mobile-device apps. How many of us, on either the academic or administrative side, can even imagine how we functioned before the advent of Google Apps, Skype, Dropbox, or arXiv.org.?


IN THE RIGHT COLUMN: More on The Digital Campus
BROWSE THE FULL ISSUE: News, Commentary, and Data
BUY A COPY: Digital and Print Editions at the Chronicle Store


And technology marches on, faster than ever. Yet those of us with strategic responsibilities struggle to balance our institutional obligations and aversion to risk with the cold reality of the modern digital marketplace. In the eyes of our faculty and technologically savvy staff members, our internal-technology services must seem like dinosaurs—and not the cool, multicolored velociraptor of late, but the ponderous, stop-action brontosaurus of our youth. Consequently, faculty members are accepting major personal and institutional risk by using such third-party services without any institutional endorsement or support. How we provide those services requires a nuanced view of risk and goes to the heart of our willingness to trust our own faculty and staff members.

One can imagine a future in which the “where” of data storage is “everywhere,” with a host of loosely coupled applications providing us services through any number of apps or interfaces. This is the world many of our users already live in. The technologically savvy among us recognize that hard physical, virtual, and legal boundaries actually demark this world of aggressively competitive commercial entities. Our students, faculty, and staff often do not.

Using applications built in the cloud—Dropbox, Google Docs, and Mozy, for example, which allow on-demand access to highly distributed and scalable Internet services—people on our campuses manage their friendships; business relationships; bank accounts, travel plans, and investments; and the collection of photos, videos, and other souvenirs of a life lived. Most recently, we’ve seen these same applications help topple entire governments.

But can we embrace the cloud? Can the faculty member who wears our institution’s name in her title and e-mail address, to whom we’ve entrusted the academic and research mission of the institution, be trusted to reach into the cloud and pluck what she believes is the optimal tool to achieve her pedagogical aims and use it? Unfortunately, no. Many faculty and staff members simply use whatever service they choose, but they often do not have the knowledge or experience needed to evaluate those choices. And those who do try to work through the institution soon find themselves mired in bureaucracy.

For those not involved in this process, let me briefly describe what happens when a professor at Illinois approaches me about using a cloud service for teaching. First we review the company’s terms of service. Of course, we also ask the company for any information it can provide on its internal data security and privacy practices. Our purchasing unit rewrites the agreement to include all of the state-required procurement language; we also add our standard contract language on data security.

All of this information is fed into some sort of risk assessment of varying degrees of formality, depending on the situation, and, frankly, the urgency. That leads to yet another round of modifications to the agreement, negotiations with the company, and, finally, if successful, circulation for signatures. After which we usually exhume the corpse of the long-deceased faculty member and give him approval to use the service in his class.

We go through this process not from misguided love of bureaucracy, but because our institutions know of no other way to manage risk. That is, we have failed to transform ourselves so we can thrive and compete in the 21st century.

Not only must we re-evaluate our attitude toward risk, but also our analysis of risk needs a paradigm shift. Particularly in the domain of information technology, we believe that control leads to minimized risk. By controlling an application (or a server or a network), a security officer can respond decisively when something goes wrong.

But our faculty and staff are increasingly voting with their feet—they’re more interested in the elegance, portability, and integration of commercial offerings, despite the inability to control how those programs change over time. By insisting on remaining with homegrown solutions, we are failing to fall in lockstep with those we support.

ADVERTISEMENT

Data security? Of course there are plenty of fly-by-night operations with terrible security practices. However, as the infrastructure market has matured (one of the generally unrecognized benefits of cloud services), more and more small companies can provide assurances of data security that would shame many of us even at large research-intensive institutions.

If higher education is to break free of the ossified practices of the past, we must find ways to transfer risk acceptance into the faculty domain—that is, to enable faculty to accept risk. Such a transformation is beyond the ability of the IT department alone—it will require our campus officials, faculty senates, registrars, and research and compliance officers working together to deeply understand both the risks and the benefits. I am not advocating a cavalier approach to the issues, but rather one that is deliberative and nuanced.

Here are a few of the characteristics we would expect to find in an ideal environment:

Greater transparency. Students deserve to be informed how their records and interactions with faculty and staff members are handled. We should be ashamed that Google is more transparent about how it uses our data than we are with our students.

ADVERTISEMENT

Accessibility for those with special needs. Technology must be accessible to staff members and students who, for disability, safety, or privacy reasons, need special accommodations.

Better guidance. Professors would learn how to evaluate new tools and technologies through additional training. Winning a Nobel Prize doesn’t prepare one to recognize that an online service tramples on its users’ privacy.

More accountability. Embracing the freedom to accept risk means accepting responsibility for our actions. This is undoubtedly the most critical and difficult issue to resolve.

Every time a student uses an Internet-based service can be seen as an opportunity to educate. For instance, faculty members could provide students with a standardized outline of what services will be used during a course, along with potential privacy risks and available protections. Surely such information could be included in course catalogs. Students would then be able to make informed decisions about needing accommodations or simply opting out. In some cases, students could be provided with opaque identifiers: identifying information that is known to the institution but is seen as anonymous avatars by the outside world.

ADVERTISEMENT

Campus information-technology groups might need greater agility to respond to emerging technologies, including commercial offerings, and to help a much larger group of faculty members understand the risks of using these services.

All of this takes commitment and work, and accepting risk makes us personally and institutionally uncomfortable. But our colleges exist solely to advance the boundaries of human knowledge, and it’s difficult to imagine any better place to challenge our sense of comfort.

We welcome your thoughts and questions about this article. Please email the editors or submit a letter for publication.
Tags
Technology
Share
  • Twitter
  • LinkedIn
  • Facebook
  • Email
ADVERTISEMENT
ADVERTISEMENT

More News

Vector illustration of large open scissors  with several workers in seats dangling by white lines
Iced Out
Duke Administrators Accused of Bypassing Shared-Governance Process in Offering Buyouts
Illustration showing money being funnelled into the top of a microscope.
'A New Era'
Higher-Ed Associations Pitch an Alternative to Trump’s Cap on Research Funding
Illustration showing classical columns of various heights, each turning into a stack of coins
Endowment funds
The Nation’s Wealthiest Small Colleges Just Won a Big Tax Exemption
WASHINGTON, DISTICT OF COLUMBIA, UNITED STATES - 2025/04/14: A Pro-Palestinian demonstrator holding a sign with Release Mahmud Khalil written on it, stands in front of the ICE building while joining in a protest. Pro-Palestinian demonstrators rally in front of the ICE building, demanding freedom for Mahmoud Khalil and all those targeted for speaking out against genocide in Palestine. Protesters demand an end to U.S. complicity and solidarity with the resistance in Gaza. (Photo by Probal Rashid/LightRocket via Getty Images)
Campus Activism
An Anonymous Group’s List of Purported Critics of Israel Helped Steer a U.S. Crackdown on Student Activists

From The Review

John T. Scopes as he stood before the judges stand and was sentenced, July 2025.
The Review | Essay
100 Years Ago, the Scopes Monkey Trial Discovered Academic Freedom
By John K. Wilson
Vector illustration of a suited man with a pair of scissors for a tie and an American flag button on his lapel.
The Review | Opinion
A Damaging Endowment Tax Crosses the Finish Line
By Phillip Levine
University of Virginia President Jim Ryan keeps his emotions in check during a news conference, Monday, Nov. 14, 2022 in Charlottesville. Va. Authorities say three people have been killed and two others were wounded in a shooting at the University of Virginia and a student is in custody. (AP Photo/Steve Helber)
The Review | Opinion
Jim Ryan’s Resignation Is a Warning
By Robert Zaretsky

Upcoming Events

07-31-Turbulent-Workday_assets v2_Plain.png
Keeping Your Institution Moving Forward in Turbulent Times
Ascendium_Housing_Plain.png
What It Really Takes to Serve Students’ Basic Needs: Housing
Lead With Insight
  • Explore Content
    • Latest News
    • Newsletters
    • Letters
    • Free Reports and Guides
    • Professional Development
    • Events
    • Chronicle Store
    • Chronicle Intelligence
    • Jobs in Higher Education
    • Post a Job
  • Know The Chronicle
    • About Us
    • Vision, Mission, Values
    • DEI at The Chronicle
    • Write for Us
    • Work at The Chronicle
    • Our Reporting Process
    • Advertise With Us
    • Brand Studio
    • Accessibility Statement
  • Account and Access
    • Manage Your Account
    • Manage Newsletters
    • Individual Subscriptions
    • Group and Institutional Access
    • Subscription & Account FAQ
  • Get Support
    • Contact Us
    • Reprints & Permissions
    • User Agreement
    • Terms and Conditions
    • Privacy Policy
    • California Privacy Policy
    • Do Not Sell My Personal Information
1255 23rd Street, N.W. Washington, D.C. 20037
© 2025 The Chronicle of Higher Education
The Chronicle of Higher Education is academe’s most trusted resource for independent journalism, career development, and forward-looking intelligence. Our readers lead, teach, learn, and innovate with insights from The Chronicle.
Follow Us
  • twitter
  • instagram
  • youtube
  • facebook
  • linkedin