Educause Security Discussion mailing list archives
[Re: Risks of using "free" public blogs and/or wikis for class activities]
From: Anna Kircher <anna.kircher () HUMBOLDT EDU>
Date: Sun, 24 Jun 2007 16:26:31 -0700
I guess I have a different perspective on this. As a matter of fact, I've wondered for a long time why we go to all the trouble and expense of maintaining blog servers and wiki servers when there are perfectly good public versions available. The big-name public blogs (LiveJournal, Blogger, Yahoo, MSN Spaces) are already familiar to our students, have acceptable use policies with strict terms, can be configured to control who can see the blog and who can post comments to the blog, and rarely have the sorts of failures that result in the total loss of data. Would I conduct sensitive university business on a public blog? No. But just as many of us are now giving genuine consideration to outsourcing student email, I think we have to start considering new paradigms for sorting through other categories of information storage that could be outsourced from what should rightly stay on our university servers. The cost implications are significant, and the diversion of our time and energy is huge. And I would bet there's more of this going on amongst faculty than we realize ... by faculty who already have personal blogs, know how to use them, and aren't waiting for campuses to catch up with technology that's been around for eight years. I suspect it would it would be a more fruitful use of our time to develop FAQs or Best Practices for using public blogs than trying to limit their use. Just my $.02. Anna Kircher, CIO Humboldt State University
I have a couple of thoughts on this. 1) Data exposure - This is a common problem amongst colleges and universities (C&U), even with their own services. I frequently hear of C&U who have exposed personal student and employee data because an instructor put the information on their own publicly available web or FTP server. That said, the information is easier to find if it is only contained within your network and not across the Internet. 2) Legal discovery - Let's say you receive complaints against a student or instructor for comments made on a 3rd party service. What do you do? Sure it isn't your server, but they were acting as a student or employee of your school. What if it goes to court? You could look really bad because the school didn't support the needs of the instructor or because the school didn't know what the instructor or students were saying on a "school endorsed" server. I am in the process (have been for a while) of creating and enforcing policies to prevent such issues. I recommend you do the same. -- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security System Administrator Ozarks Technical Community College -----Original Message----- From: "Clifford Collins" <Collinsc () FRANKLIN EDU> To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Sent: 6/22/07 2:14 PM Subject: [SECURITY] Risks of using "free" public blogs and/or wikis for class activities A faculty member on our campus recently approached our IT group to have a blog and/or wiki set up to support her classes next month. This request was out of the blue and didn't go through normal channels (department head, planning committees, etc). IT's response was that some thought, planning and a server were necessary to do it right and therefore more time would be needed to provide a supportable solution. Now the faculty member is saying she will just use one of the many "free" ones on the Internet. I'm interested in people's view of any risks or other down-sides to such an approach. Pointers to papers, analysis and whatnot would be appreciated as well. Your thoughts? Clifford A. Collins Network Security Administrator Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product"
-- Anna Kircher Chief Information Officer Humboldt State University One Harpst Street Arcata, CA 95521
Current thread:
- [Re: Risks of using "free" public blogs and/or wikis for class activities] Anna Kircher (Jun 24)