Excerpted from the CoSN Compendium 2005
The newly-released CoSN Compendium 2005 offers expert advice and best practices on six key issues in education technology. The following are excerpts from "You Are Not Alone: Options for Data Management," by Karen Greenwood Henke of Nimble Press.
Excerpt: Just the Basics: From Local to Web-Based Options
In recent years, the widespread availability of networks and the flexibility of Web browsers have shifted the industry from a client-server model to a Web-based one. In the client-server model of computing, clients run applications locally, with the servers managing storage, printing functions, and network traffic. Because every client is independent, each must have all relevant applications installed, patched, and updated, and developers must create applications for the range of computing devices and platforms in use.
Web-based applications utilize Web browsers as a common interface to access servers where applications are hosted and processed. Users only need a computing device with a browser application and a network connection to use a range of tools.
Grade book programs offer one illustration of the evolution described above. Many grade book applications started as independent software designed for installation and use on an individual teacher's desktop. When networks became popular, grade book programs migrated to a client-server model. The data was stored on the school's server where teachers could access it and submit their grades, as long as they had the grade book installed on their own desktop or laptop computer. The newest generation of grade book programs offer a Web-based approach in which teachers, students, parents, and others use a Web browser and a secure network connection to access the grade book application housed on the server.
For security purposes, Web-based applications require users to log in before using an application. To prevent district personnel from having to log in separately for each data-related application, many districts are moving to portals that give users a single point of entry — and, therefore, a single login — to the different systems and applications they require for their work.
With the Web-based approach, it is possible for districts to house applications in-house or to work with an outside Application Service Provider (ASP). ASPs host software applications on their own servers, which are accessed by district users via the Internet. Rather than purchase an application and install it on district servers for local browser-based access, districts "subscribe" to the application. The ASP manages the applications and the required server resources, upgrades the application as needed, and offers support to the district.
When a school district uses an ASP, they have a choice about where to store data. The ASP may offer hosting services or the school district may host the data locally to retain control of it. Even if the choice is made to keep the data in-house, off-site storage may be used as a supplement for disaster recovery or during pilots to test the viability of a new system or technology. In addition, districts transitioning to new platforms may outsource those applications running on legacy mainframes to organizations with the resources to maintain and support the older systems.
Some Questions to Guide Your Thinking
Important security-related questions (for internal and external review):
- How will the data be encrypted?
- How are physical and network security being addressed?
- Who has access to the data center?
- Where are the servers located?
- How is access controlled?
- How frequently are third-party audits conducted to validate the security?
- What is the backup and disaster-recovery plan? When was it last revised?
- How quickly will systems come back up in case of disaster and in what order of priority?
- Do security procedures and policies match?
Additional questions for internal review:
- What are our core competencies?
- Where do we need the most control?
- What data functions could another organization do better?
- What are the roles and responsibilities for our staff?
- What is our professional development plan for keeping skills current?
- When was our last security audit?
- Have we implemented required changes?
- What are industry benchmarks for the cost of data management? How do we compare?
- Does our service-level agreement (SLA) measure technical service availability?
- Does our SLA also measure business service availability (functions, scale)?
- What is our wireless security plan?
- Are we ready for cell phones, handhelds, iPods, and other devices?
Additional questions for potential partners:
- How much data can you store and for how long?
- If the company changes ownership, what will happen to the data and how will the district be notified?
- What kind of expertise does the staff of your organization have?
- Who will be assigned to the district?
- Do your security policies and requirements match ours?
- Will our district's servers logically be separated from those of other organizations?
- What other charges do you anticipate besides the subscription cost?
- How frequently can we update data?
- What kind of technical support is provided?
- What are the terms of the service-level agreement?
- Does the system use common file formats for easy export (ASCII, XML, tab delimited)?
- What districts, similar to ours, can you offer as references?
- How do you handle wireless and remote access?
- What are your plans for supporting alternative devices such as cell phones and handhelds?