statcounter tracker
Education - Site Home - MSDN Blogs
The Australian Education Blog
Ray Fleming's take on what's interesting in Education IT in Australia

  • Education

    Is my data safe in the cloud? Part Two – CSA STAR


    Cloud Security Alliance logoYesterday, I wrote the first part of “Is my data safe in the cloud?”, looking at the work we’d been doing with the Cloud Security Alliance STAR (Security, Trust & Assurance Registry) project – which is an industry-wide initiative to make it possible to compare security practices across cloud services.

    One of the outputs of the project is a standardised list of questions about cloud security practices which are designed to mirror the typical questions that might be asked in an RFP document. And then each of the cloud suppliers is asked to publish self-assessments of the answers to these standard questions.

    Cloud security assessment questions

    The standard sections in the self assessment cover 100 different cloud service requirements:

    • Compliance – 8 areas
    • Data Governance – 8 areas
    • Facility Security – 8 areas
    • Human Resources Security – 3 areas
    • Information Security – 34 areas
    • Legal – 2 areas
    • Operations Management – 4 areas
    • Risk Management – 5 areas
    • Release Management – 5 areas
    • Resiliency – 8 areas
    • Security Architecture – 15 areas

    Sample cloud requirements

    Each section contains a series of individual requirements, which combine to form a very comprehensive list. Here’s some examples of the kind of requirements specified in the CSA requirements documents:

    CO-03 Compliance - Third Party Audits
    Third party service providers shall demonstrate compliance with information security and confidentiality, service definitions and delivery level agreements included in third party contracts. Third party reports, records and services shall undergo audit and review, at planned intervals, to govern and maintain compliance with the service delivery agreements.

    CO-06 Compliance - Intellectual Property
    Policy, process and procedure shall be established and implemented to safeguard intellectual property and the use of proprietary software within the legislative jurisdiction and contractual constraints governing the organization.

    DG-04 Data Governance - Retention Policy
    Policies and procedures for data retention and storage shall be established and backup or redundancy mechanisms implemented to ensure compliance with regulatory, statutory, contractual or business requirements. Testing the recovery of disk or tape backups must be implemented at planned intervals.

    DG-05 Data Governance - Secure Disposal
    Policies and procedures shall be established and mechanisms implemented for the secure disposal and complete removal of data from all storage media, ensuring data is not recoverable by any computer forensic means

    FS-02 Facility Security - User Access
    Physical access to information assets and functions by users and support personnel shall be restricted.

    HR-01 Human Resources Security - Background Screening
    Pursuant to local laws, regulations, ethics and contractual constraints all employment candidates, contractors and third parties will be subject to background verification proportional to the data classification to be accessed, the business requirements and acceptable risk.

    IS-15 Information Security - Segregation of Duties
    Policies, process and procedures shall be implemented to enforce and assure proper segregation of duties. In those events where user-role conflict of interest constraint exists, technical controls shall be in place to mitigate any risks arising from unauthorized or unintentional modification or misuse of the organization's information assets.

    Microsoft CSA STAR self-assessments

    There have been self assessments published on the Cloud Security Alliance’s website for three key Microsoft cloud services, driven by customers asking for information and assurances about the security practices and security controls that different cloud service provider’s use.   This information helps you better understand whether those services meet or exceed your organisation’s compliance obligations and internal standards.  The self-assessments for Office 365, Windows Azure, and Microsoft Dynamics CRM in the CSA’s STAR registry provides cloud customers with the visibility and transparency they are looking for, in a way that is based on standards (ISO 27001) and CSA best practices. The Microsoft Dynamics CRM document, for example, runs to 50 pages, with detailed responses for each of the 100 requirements. Which means that for each of these services you can see the list of answers for each of the detailed requirements:

    How can you use the Cloud assessment documents?

    There are three main ways I see that these documents, and the programme, can help educational organisations in Australia:

    1. If you are going to use cloud services, the requirements make a great starting place for your own RFP documents, as it provides a set of key requirements based on existing international standards (such as ISO 27001).
    2. If you want to see how Microsoft’s cloud services provide security at a physical, organisational and strategic level, the documents provide clear answers for each requirement
    3. Lastly, if you want to do an effective comparative risk assessment between on-premise and cloud services, you could use exactly the same requirements framework to assess your own data security. (for a quick check, read the sample list of requirements above, and self-evaluate your own datacentre and services against it)

    Learn MoreSee all of the STAR self-assessments here
    Learn more about the CSA STAR programme here

  • Education

    Is my data safe in the cloud? Part One – CSA STAR


    If you are putting, or considering putting, your data into the cloud, then you’ll have thought about security considerations. But the way that you think about cloud data security may be very different from the way that you consider the same issues when it comes to data held on your own servers and computers.

    Visiting a school once, we had a discussion about how secure data would be in a cloud data centre, and as we walked out past reception the Principal pointed out the desktop computer that had all of their student data on it – sitting right in the middle of a desk in the school reception office – within arm’s reach of anybody walking into the school. But, because they could see the computer with the data on it, they felt that it was much more secure than in somebody else’s datacentre.

    The challenge with discussing cloud data security, especially in education, is that we are often dealing with the reality of perception ie that it’s often not about the real situation, but about the situation that people perceive to be real.

    Although there are some frameworks for comparing relative risk between in-house and cloud data services, it’s still tricky today to do a proper comparison of data security between on-premise or cloud services, and between different cloud services. For example, it can be challenging getting information on the security practices used by cloud providers, and it can be challenging to use the information to compare and contrast the different services offered by these providers. There are at least a couple of factors making this type of comparison harder than it should be:

    1. There is no industry standard set of questions that cloud service evaluators can use to ask cloud providers about the security practices they use to manage their services.
    2. There is no industry standard format for cloud providers to provide answers to questions about the security practices they use to operate their service offerings eg different cloud providers might answer the same question in very different ways making comparing and contrasting them difficult

    Which means that organisations evaluating cloud services often have to create their own evaluation criteria.  Some organisations have spent considerable time, resources and budget on developing their own evaluation criteria, or have paid consulting companies to do this for them. Of course, the duplication of effort is inefficient and expensive for both cloud evaluators and the cloud providers who are forced to interpret and respond to a myriad of different requests for information.

    There is an industry initiative, the Cloud Security Alliance “Security, Trust & Assurance Registry” (STAR), which is designed to make it possible to compare security practices used to manage cloud services. The Microsoft Trustworthy Computing group has been working with the STAR programme to create standard Q&A’s to answer security questions about cloud services. The idea is to work across the industry, so that you can easily get answers to the standard questions across different cloud platforms.

    For an overview, Tim Rains and Kellie Ann Chainier have recorded a short video of what’s happening:


    For the back story behind this, there’s a series of short videos on Cloud Fundamentals:

    Tomorrow, I’ll point you towards some of the information we’ve published on the different Microsoft cloud services.

  • Education

    The largest education cloud customer starts using Live@edu


    PR AnnouncementLast week we announced that the All India Council for Technical Education (AICTE) has chosen the Microsoft Live@edu cloud-based email for their 7,000,000 students. The staggering scale of the AICTE – with 10,000 technical colleges, and half a million staff, on top of their 7 million students makes it Microsoft’s largest cloud customer ever. The implementation has already started, and will be finished in three months. It started with the roll out of Live@edu and then will deploy Office 365 for education, to add SharePoint Online and Lync instant communications for users.

    AICTE is the governing body for technical education in India, and manages and certifies technical colleges and institutes right across the country. As the Chairman of AICTE, Dr S S Mantha, said:

      Microsoft’s cloud platform will make for a truly progressive ecosystem and contribute to the country’s technical education by providing a better communication and collaboration platform for institutes and students  

    This project is significant because of the size of the implementation (much bigger than the previous ‘biggest’ deployment, of 700,000 students in Kentucky Department of Education, and also because the AICTE reviewed solutions from Microsoft, IBM and Google as part of taking their decision.

    Learn MoreRead the full announcement about AICTE using Live@edu

  • Education

    Training opportunity - Developing Windows 8 software


    A reminder - there’s going to be a lot of interest in new applications to run in the Windows 8 Metro interface. If you’ve installed and started playing with Windows 8, like me, you probably really, really want to start running more Metro apps.

    Developing Windows 8 AppsNick Hodge, our resident Windows 8 evangelist (and self-described ‘Professional Geek’) is organising a series of Windows 8 Developer Camps in Australia, and giving over his weekends for the next few months to make them a success. And he’s travelling the country (no really, he’s going to Darwin, Hobart and Adelaide, on top of the usual suspects).

    The events are all free – run by developers for developers – and the promise is that you’ll learn the skills for developing Metro style apps, and put the skills into practice on the day. Nick will be lining up the coffee, food and wireless, so all you need to bring is your laptop, with the Windows 8 Consumer Preview installed. And of course, free doesn’t extend to your bus/train ticket to the training.

    You have to register to get a place – and I’d recommend doing that soon, as I reckon places will be snapped up by developers pretty quickly (because this is open to anybody in Australia, not just partners). I reckon I might sign up for a place too, so that I can migrate my Windows Phone app to Windows 8).

    Although the workshop isn’t specifically about developing Windows 8 applications for education, every single thing that you learn about will be relevant to developing applications for education.

    The first one, in Melbourne, has been and gone, so you need to get your skates on if you want to attend any of the others:

    When and where we’re running the Windows 8 Developer Camps





    Saturday, 14 April



    Saturday, 28 April



    Saturday, 12 May



    Saturday, 19 May



    Saturday, 26 May



    Saturday, 2 June



    Saturday, 16 June


    Why you should be developing Windows 8 applications for education

    If you’ve read this far, you might be wondering why you, or your colleagues, might want to spend a day learning about developing Windows 8 applications for education. Here’s my list of 3 key reasons:

    • The earlier you have an application in the Windows 8 marketplace, the more exposure you are going to get. Today the marketplace has a limited number of applications, so new ones are getting a high profile.
    • Our Education account teams are currently installing Windows 8 onto their laptops and starting to demonstrate it to their customers. If you create an education specific app, I reckon you’re going to get them demonstrating your software to a lot of our early adopter customers in the next few months.
    • You’re demonstrating your innovation, to innovative customers (the people installing Windows 8 right now are the leading edge innovators)

    Learn MoreEven if you can't get to the workshops, do you know about the MSDN Windows 8 Metro App Development Centre?

  • Education

    Forget ‘Business Intelligence’ and start thinking about solving a business problem


    Yesterday, when I wrote about buying business systems for education, at the back of my mind were a number of business intelligence projects I’ve come across. What I’ve seen is that when a business intelligence project runs out of control, and starts to be ‘all things to all people’, it changes into the kind of project which never gets delivered (but is always ‘just around the corner’).

    One of our partners, CALUMO, have a very clever business intelligence system for education. And their real strength comes from the business problems it solves for their education customers. Although I’ve heard people occasionally talking about it as a Business Intelligence (BI) solution, I’ve more frequently heard users talking about the business solution it gives – like student load planning, or budgeting, or financial reporting. Last month I read one of their small case study articles, looking at how the University of Canberra use the system to produce their annual report. The business benefit is that they can update their report with real-time data, as changes are made in other systems, rather than having to retrospectively go back and edit the report. So it means that if you post a journal change in your finance system, your annual report is up to date within minutes.

    But the CALUMO software isn’t a specific “Annual Report Writing” software package – instead it’s a clever Business Intelligence solution which allows the university to keep their annual report up to date. In the same way that they use the same system for their student load planning. Again, they don’t think of it as their BI system, but as their student load planning system.

    That mindset is just one of the ways that I’ve seen a progression in successful IT projects across education – it’s staying focused on the end-user business problem, and solving them, one problem at a time. It’s easy to expand the scope once you’ve solved one problem – there are always plenty waiting to be solved. And the approach seems to be much more successful than trying to solve all of the problems in one single leap – because the end user with the business problem often seems to have to wait a very long time for their solution.image

    Learn MoreYou can read more about the case study (with a great tutorial video that shows how report updates can be automated) in Warwick Leitch’s CALUMO blog

  • Education

    Buying business systems for education


    I’ve been involved in a few conversations recently about business systems with a number of education customers. And there’s a recurring question through these conversations, which is:

    Should a university/TAFE/school buy a system for its technical capabilities, or for the business problem it solves?

    Take Business Intelligence as an example. Should you look for the all-singing, all-dancing answer to everything (ie the one that solves the 300 pages of use-case produced in a typical tender), or should you buy a solution to solve a specific business problem (eg something that reduces your budget cycle by 50%; or reduces your cost of producing your annual report by 30%).

    What I’ve noticed with the first approach is that the procurement cycle takes a very long time – because writing the specifications takes a while (and lots of meetings right across the university) – and then implementation can take even longer – often because you are trying to solve lots of problems all in one go. In fact, in some cases the procurement and implementation can take so long that the original requirement has completely changed by the time that something is built. Or the delay has a real financial cost to the institution bigger than the investment (I once was involved in a project where all sides agreed savings in implementation meant the payback period for the investment was seven days – and yet it took 9 months to do the procurement)

    I’ve seen this happen for lots of different business systems* – business intelligence systems; Customer Relationship Management systems; learning management systems – across lots of different education organisations.

    So what can you do about it?

    • Stay focused on solving the business problem, rather than switching to buying a solution for it’s technical capabilities alone
      And I say that in the full knowledge that will make life difficult for us, as we often default to talking about technical capabilities too!
    • Don’t get carried away with solving everything in one go – because scope creep can really delay projects badly
    • Find a partner that shares a mindset about agile development, rather than the historical waterfall method
      ie rather than spending a year writing a specification, spend that year delivering the system, because these days it can be just as quick (or quicker) to configure a system and write the code, as writing a specification document on paper

    This is only my personal opinion, but it’s based on decades of watching educational ICT systems and procurement, and realising that projects that seem to grow in size during procurement, and then promise to solve all the existing and potential business problems at the end, never actually seem to deliver what people want or expect.


    * Let’s hope it’s just a coincidence that there’s a correlation between the existence of an acronym (BI, CRM, LMS) and the length of implementation.

  • Education

    Using Microsoft Office Accessibility Checker to create resources that all students can use


    I heard on the radio yesterday that 12% of students in New South Wales have some form of special needs that requires support from the education system. Which means that in every classroom there;s likely to be three or four students that may need additional support and more accessible resources. Given the commitment by the education system to provide support for these students (here in New South Wales, accessibility is a key consideration with IT, and the policy is to ensure that specifications for the development of new IT systems to include access considerations), I thought I’d write a reminder that the Office applications have a built in Accessibility Checker – so that teachers can quickly check that documents they are publishing are accessible – and make simple changes to ensure that all of their students can access teaching resources, homework assignments etc

    Word 2010, Excel 2010, and PowerPoint 2010 all include the Accessibility Checker. By finding areas that might be challenging for users with disabilities to view or use, and by providing a task pane to review those areas, Accessibility Checker can help fix potential problems with content before it’s shared. (It’s in the File Menu, under ‘Info’)

    If Accessibility Checker finds an issue, the task pane identifies why the content might be inaccessible. It also classifies the identified issue as an error, a warning, or a tip.

    • imageError: Content that makes a file very difficult or impossible for people with disabilities to understand

    • Warning: Content that in most, but not all, cases makes a file difficult for people with disabilities to understand.

    • Tip: Content that people with disabilities can understand but that could be better organized or presented in a way that would maximize their experience.

    After each issues is selected, you then see instructions on how to repair or revise it.

    Learn MoreRead more about the Microsoft Office Accessibility Checker.

    For more detail read the
    complete listing of the issues addressed by Accessibility Checker

  • Education

    Microsoft Australia Partner Conference 2012 dates and venue


    APC 2012 DatesWe’ve just released the dates for the Microsoft Australia Partner Conference 2012, which is going to be on 4th to 6th September, and this year we’re going to Brisbane. We haven’t yet published the agenda, or the website for APC bookings, so keep an eye out here for that in the future. But for the moment, put the dates in your diary.

    With such a big year of product announcements and industry changes, then there’s no doubt that there will be lots of key news at the conference, and plenty of opportunities to explore new product and service opportunities.

    Why should Education partners send their sales team to APC?

    For education partners, there will be lots of significant reasons to attend that will help you to be more effective in your sales and marketing over the next year. For example, in 2011:

    • Every one of our key Education Account Managers attended the conference, and dozens of partners arranged 1:1 briefings with the team, helping them to understand key customers and the ways that we can work together in sales opportunities.
    • The two Education sessions on the second day of the conference were rated as amongst the top five sessions out of the 100+ delivered at the conference, and contained a really deep dive into the education market, and our strategies for the year ahead
    • We announced the Education Partner of the Year, and connected with many of the other finalists to help them to spread the message about their innovative solutions

    If you have any doubts about convincing colleagues of the value of your business and extended team attending the APC 2012, then maybe have a read of the detail from the education breakout sessions – and the information that we covered. I wrote it all up in a series of nine APC blog posts here:

    Last year we got some really good feedback from Education partners to the way that we had managed to increase the value of the conference for Education Partners, and this year we know we’ve got a lot to live up to, based on your feedback. So you can be sure that if you’re investing in the time to attend, we’re going to make sure that we invest in making it as valuable as possible.

  • Education

    Three steps to create talking books for students with Word


    To improve accessibility for students, did you know that you can create talking books for students with visual and learning disabilities, using Microsoft Word? The system using a worldwide standard for creating accessible digital resources, called DAISY (the Digital Accessible Information System). And there are just three steps for you or teachers to easily create a talking book in DAISY format:

    Step One: Download the DAISY add-in for Microsoft Word

    Download and install the Save as DAISY add-in from Open XML to DAISY XML Translator (also known as DAISY Translator). The DAISY Translator folder is now in your Start menu, with the Instruction Manual and the Getting Started tutorial, and the Accessibility tab is on your Word 2010 ribbon. (Tutorial video on Step One is here)

    Step Two: Create a digital talking textbook

    imageAfter you have installed the DAISY Translator, you see a SaveAsDAISY option on the Accessibility tab in Word 2010. All you need to do is click on the option, and choose from one of the four DAISY formats. (Tutorial video on Step Two is here)

    Step Three: Listen to your new talking book

    To listen to a DAISY file, you need a DAISY-compatible software playback tool or software reader installed on your computer. You can find several tools, many of which are free, on the DAISY Consortium software playback tools website. (Step Three tutorial video here)

    Learn MoreSee the other blog posts about Accessibility in education

  • Education

    Hosting Moodle in the Cloud - why now?


    Moodle logoIt’s been a bit of a ‘big news week’ in the Moodle community this week. On Monday, it was announced that Blackboard had bought two of the world’s top 5 Moodle partners – MoodleRooms and NetSpot. NetSpot is Australia’s largest Moodle partner, and has been the partner of choice for many of the Australian universities who have chosen to stop using Blackboard and instead switch to using Moodle. So the acquisition news was a bit of a surprise to many. Hence why hosting Moodle in the Cloud is a interesting topic right now.

    I’ve written about Moodle quite a few times on this blog (you can see all the Moodle-related blog posts here), but a colleague was asked by a customer this week about other hosting options for Moodle – and asked me for a summary of the Microsoft integration with Moodle. After I’d written it for him, I thought it might actually be something everybody might be interested in. So here’s my short summary of options for integrating a Moodle LMS to the cloud with Microsoft, and existing integration between Moodle and Microsoft technologies:

    • Integrate Moodle to Microsoft’s cloud email services
    • Integrate Moodle with SharePoint
    • Save files directly to Moodle from Office
    • Host Moodle on Windows Server
    • Host Moodle on Microsoft’s Cloud servers, in Windows Azure

    And here’s the ‘How To’ info…

      Integrate Moodle to Microsoft’s cloud email services

      This can be done with Live@edu on Moodle 1.9 and Moodle 2.x 
      In the last few months, about a third of new Moodle installs have been 2.x, whereas over half of the installed base is Moodle 1.9

      There's more info here on this option

      Integrate Moodle with SharePoint

      This can be done with Moodle 1.9 currently, although I know some work is being done in the Moodle & SharePoint community to release the code for this on Moodle 2.x

      There’s more detail why in the article, ‘Why Moodle is better on SharePoint’, but the key reasons are:

      • Users can edit files directly within Moodle – rather than having to download, edit and re-upload
      • Document versions are possible – so you can work on drafts and ‘release’ courses and materials
      • You can search your Moodle and SharePoint datastores at the same time
      • Users can use Office Web Apps to edit, view and save files
      • Documents can be checked in and out by users
      • Using SharePoint Workspaces gives you offline access
      • SharePoint adds workflows to Moodle

      There's more info here on this

      Save files directly to Moodle from Microsoft Office

      If, like the majority of users, you are using Moodle 1.9 or before, you can use the Office Add-in for Moodle to allow your students and staff to open and save files directly into your Moodle system – rather than having to save to their local hard disk and then upload afterwards. You can find out more about the Office Add-in for Moodle here

      Host Moodle on Windows Server

      This can be done with both Moodle 1.9 and Moodle 2.x – and there’s a simple download pack that’s been created as part of the Microsoft Web App Gallery project. There's more info here on this

      Host Moodle on Microsoft’s Cloud servers, in Windows Azure

      The reason to do this is to allow you to setup and run a Moodle LMS without having to run your own servers (or commit any capital budget). It also means that you can scale up your project as required, rather than having to over-specify a system when you don’t know how much take-up to expect. It can be done for Moodle 1.9 and 2.x

      There’s more info on hosting Moodle in the cloud on Windows Azure here

      Learn MoreFind all Moodle posts on this blog

    Page 39 of 77 (769 items) «3738394041»