[Re: Risks of using "free" public blogs and/or wikis for class activities]

[Anna Kircher <anna.kircher () HUMBOLDT EDU>]

I guess I have a different perspective on this.  As a matter of fact, I've
wondered for a long time why we go to all the trouble and expense of
maintaining blog servers and wiki servers when there are perfectly good
public versions available.

The big-name public blogs (LiveJournal, Blogger, Yahoo, MSN Spaces) are
already familiar to our students, have acceptable use policies with strict
terms, can be configured to control who can see the blog and who can post
comments to the blog, and rarely have the sorts of failures that result in
the total loss of data.

Would I conduct sensitive university business on a public blog?  No.  But
just as many of us are now giving genuine consideration to outsourcing
student email, I think we have to start considering new paradigms for
sorting through other categories of information storage that could be
outsourced from what should rightly stay on our university servers.  The
cost implications are significant, and the diversion of our time and
energy is huge.

And I would bet there's more of this going on amongst faculty than we
realize ... by faculty who already have personal blogs, know how to use
them, and aren't waiting for campuses to catch up with technology that's
been around for eight years.  I suspect it would it would be a more
fruitful use of our time to develop FAQs or Best Practices for using
public blogs than trying to limit their use.

Just my $.02.

Anna Kircher, CIO
Humboldt State University


> I have a couple of thoughts on this.
>
> 1)    Data exposure - This is a common problem amongst colleges and
> universities (C&U), even with their own services. I frequently hear of C&U
> who have exposed personal student and employee data because an instructor
> put the information on their own publicly available web or FTP server.
> That said, the information is easier to find if it is only contained
> within your network and not across the Internet.
>
> 2)    Legal discovery - Let's say you receive complaints against a student or
> instructor for comments made on a 3rd party service. What do you do? Sure
> it isn't your server, but they were acting as a student or employee of
> your school. What if it goes to court? You could look really bad because
> the school didn't support the needs of the instructor or because the
> school didn't know what the instructor or students were saying on a
> "school endorsed" server.
>
> I am in the process (have been for a while) of creating and enforcing
> policies to prevent  such issues.  I recommend you do the same.
>
> --
> Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
> Network Security System Administrator
> Ozarks Technical Community College
>
>
> -----Original Message-----
> From: "Clifford Collins" <Collinsc () FRANKLIN EDU>
> To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
> Sent: 6/22/07 2:14 PM
> Subject: [SECURITY] Risks of using "free" public blogs and/or wikis for
> class activities
>
> A faculty member on our campus recently approached our IT group to have a
> blog and/or wiki set up to support her classes next month. This request
> was out of the blue and didn't go through normal channels (department
> head, planning committees, etc).
>
> IT's response was that some thought, planning and a server were necessary
> to do it right and therefore more time would be needed to provide a
> supportable solution. Now the faculty member is saying she will just use
> one of the many "free" ones on the Internet.
>
> I'm interested in people's view of any risks or other down-sides to such
> an approach. Pointers to papers, analysis and whatnot would be appreciated
> as well. Your thoughts?
>
>
> Clifford A. Collins
> Network Security Administrator
> Franklin University
> 201 South Grant Avenue
> Columbus, Ohio 43215
> "Security is a process, not a product"




--
Anna Kircher
Chief Information Officer
Humboldt State University
One Harpst Street
Arcata, CA  95521