Security vs Seamlessness

A course management system is like a portal, no?

In the first place it’s a collection of tools. And then there are more tools which are plugged-in in such a way as to look to the user like just another in the collection of tools. An Instructor clicks on a Horizon Wimba Voice Tool -or whichever 3rd party tool in the slough of those using this paradigm-  the tool opens, the Instructor records, and remains unaware that their audio file is now stored, not at their institution, but on Horizon Wimba servers… transported across the Internet in a flash. But not such a short flash that it couldn’t be captured.

The system was designed to be seamless.

Yet, with concerns about FERPA-sensitve data and concerns about an institutions’ responsibilities toward their Students and Faculty, it is being suggested that the 3rd party tool should pop-up a message, an acceptance of risk and notification of off-site storage, that the Instructor sees and must click acceptance of prior to using the tool, and that students would see and accept awareness of, prior to using the tool.

This isn’t really security to me. It’s ‘cya’ for liability.

What are your thoughts?

Advertisements

One response to “Security vs Seamlessness

  1. We have to cover our assets in ways which continue to provide a seamless experience for our users. I think requiring and reviewing that offsite Data Centers provide SAS-70 Type II security documentation is the place to take this.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s