FAST FIVE for the week of October 13, 2013

News:

3D Distance Learning:

Nipissing University is now using 3D computer technology to support distance learning. By using 3D rendering software, a virtual Nipissing University campus has been created simulating the library, a portion of the main campus, and other areas of campus. The technology is designed to increase the interactivity of online learning. Several pilot projects are underway, including a virtual math drop-in centre. Nipissing in 3D

New Data Centre:

The University of British Columbia is migrating to its new University Data Centre (UDC). The old data centre has become too costly to maintain and will be shut down by mid-2015. In the new UDC, storage is consolidated and re-structured from several storage islands into one storage cluster. This new storage cluster provides the infrastructure with improved scalability, performance, fault tolerance, and manageability designed to meet current and future needs. The new UDC is also energy-efficient, provides updated hardware, and has an improved backup service. New UBC Data Centre

Student System Upgrade:

Simon Fraser University is upgrading its Peoplesoft student information system (SIMS). The upgrade has new features for staff, students, and faculty. Example of new features include: students have new interactive academic progress reports, faculty have a new advisor centre that centralizes information on graduate students, and staff have improved waitlist processes. SFU SIMS Upgrade

CryptoLocker Threat:

A number of Canadian universities have recently been hit by CryptoLocker ransom-ware. It arrives as an email attachment and attempts to extort money from the computer user. When your computer is infected with CryptoLocker, the program begins encrypting any files it can access. Once the files are encrypted it presents the user with a notice giving them a limited time to pay a ransom to get a key to decrypt and access to their files. Currently, infected users are instructed to pay $100 USD to get access to their files. Ransomware Threat

CEO Search:

Compute Canada is again announcing a search for a new President and Chief Executive Officer. The role is responsible for coordinating and promoting the shared use of High Performance Computing (HPC) across Canada. The CEO would lead the creation of a national HPC platform for research and integrate HPC resources across the country. Compute Canada

Responses to last week's question:

Last week the following question was posed: "Privacy laws in some provinces are quite stringent relevant to other provinces. Such legislation makes it difficult for institutions in these provinces to use foreign-based cloud computing and other hosted services. Do you feel this puts these institutions at a competitive disadvantage with the rest of Canada?"

Yes, I think that some privacy related legislation in some provinces puts them at a competitive disadvantage.

 

It is almost universally accepted that Cloud Computing is a more effective way of delivering computing capability (whether infrastructure, platform or software as a service). Some of those benefits come from scale and scale generally means procuring from a North American (read U.S.) provider. In many of those cases (especially SaaS) there is no comparable stand alone Canadian alternative. So mandating that no private data can leave a jurisdiction denies some Canadian organizations the opportunity to leverage those providers, lower their costs, and deliver services more flexibly. (And note that in some jurisdictions “foreign” means outside of the province, further curtailing economies of scale and limiting the likelihood of a Cloud service even being offered).

 

An increasing number of provinces are focusing more on data protection rather than data residency, and if privacy can be reasonably assured in a “foreign” data centre that is sufficient. I suggest that it is important to differentiate between sensitive data and private data, as there is a lot of the latter that does not qualify as the former, and to block any private data from leaving a jurisdiction rather than blocking some (e.g. health records) is throwing the baby out with the bath water. More liberal jurisdictions appear to conclude that Cloud service providers are highly motivated to protect the privacy of all their clients’ data, and often more capable of doing so than organizations who manage their own data are, and that adequate provisions inherent in a subscription agreement are more effective and more relevant than jurisdictional boundaries. Pragmatism is a welcome approach to balancing the tradeoff between the reality of improved and more cost effective service (and indeed privacy protection) for the many against the hypothetical worst case scenarios of the few and the certainty of inefficiency and additional cost that comes with that.

 

Alastair McKeating, Regional Manager, Adaptive Planning

Despite British Columbia having quite stringent privacy legislation, some BC educational institutions have moved to foreign cloud services. Sometimes deliberately and sometimes unwittingly, they have placed personal and private data outside of Canada. By doing so, they introduce several risks to their organizations that are not present in other jurisdictions. Although they do not face immediate penalties, there are longer term risks implicit in these decisions that may place them at a competitive disadvantage in the future. 

For example, BC privacy laws are based on a complaint driven process, which means the government will not stop anyone from moving to any cloud based services. But the government can take action if they receive a complaint. Because of this model some educational institutions have been able to move to U.S.-based cloud email several years ago and have not been shut down. Despite this success, they face an ongoing concern that a complaint could shutdown the service. There is always the potential risk that if their union sees this as outsourcing, they may choose to lodge a formal complaint.

In other cases, higher ed institutions mitigate the risk through an authorization form to be signed by anyone whose personally identifiable information is entered into the system. The challenge with this approach is that a user may choose to decline consent. If they decline, do you support dissenters with a different system (and likely negating any cost savings), or choose to not support them at all?

Mark Roman