Scanning the headlines today, I came across this article about Oxford University turning off Google Docs.
Having made a friend at Oxford of a colleague in IT there, Tony Brett, I looked at my watch, recognized that it was noon for him, emailed him the link with a subject line: Tell Me More! To which Tony immediately replied with this more extended discussion of the technical security rational for the administrative decision.
Sounds about right to me. Based on this evidence, were I in the position to advise administration, or make the decision myself, I would do the same thing.
Shocking? It shouldn't be. The New York Times today has released a report from the technical security company Mandiant that is front-page news. If anyone does not appreciate the extent to which military hackers have been intruding on U.S. networks you either don't work in IT -- it has been going on as long as I have been in this job, constantly -- or you don't read the papers. And if you do read the papers, and still don't get it, allow me to pull the scales off of your eyes.
Not just from my experience, which dates back to the first month I was on the job. The then "Security Coordinator" and I visited our law school, home of the well-respected and extraordinary Legal Information Institute at Cornell. Chinese hackers had been long at work on the Institute's servers exploring technical vulnerabilities and sucking out information (which was kind of funny, because the magic of the site and the prescient vision of its founder, former Dean and Professor Peter Martin, was to put public domain material on line for free). Next stop was Cornell University Library, where Chinese nationals, sadly, once again, used proxy servers to suck out gigabytes of professional journals. I am hardly giving away school secrets. Ask virtually any CIO or director of security from a research university and they will tell you a similar story. (And our technical security has improved by leaps and bounds since then, more than ten years ago.)
No, not just from my experience in higher education information technology, but in my reading of our love affair with big Internet giants such as Google or Facebook. When they hit the market, the public, understandably enamored by new functionalities such as search and social networking that makes sense of the Internet to common users, infatuation made it seem as if they could do no wrong. Read just about any NYT Bits Column and you will know that these companies push the envelop of law and social norms to grow. Should it be any surprise that given their presence in the market they, too, are targets of hackers, not least, again, the Chinese military?
Here is the lesson for higher education: we were not immune to such attacks when we ran virtually all teaching, learning and research applications on our own infrastructure. Neither are the companies to which we have now turned. Oxford University has done a smart thing. We might learn from them. To justify our reliance on these companies in support of our missions, we must keep our eye on the ball of their vulnerabilities as if they were are own … because given cloud computing, in terms of our work, they are.