Some of the cloud's most attractive features are the ability to purchase resources on an as-needed basis and to avoid capital costs and internal operation expenses. A low price point and nimble accommodation of both quality and kind of demand also recommends it, as well as contracted upkeep and compliance with regulatory and technological standards. Delivery of those services occurring on and through the network most frequently with commercial, for-profit entities implicates outsourcing. "Greener," flexible, and transparent costs must be balanced against loss of on-site, local expertise; the freedom to collaborate with other information technology shops around the country if not the world; and the loss of control over the services that support the missions of higher education. Some might even argue that the overall dependency that outsourcing creates for higher education on commercial services is inimical to the role that higher education plays in American and global society as a principal source of free inquiry and pure innovation.

At a more granular level, most CIOs currently have concerns regarding information security and privacy, ranking these as the number one risks to emerge from an outsourcing cost/benefit analysis. As vendors recognize the need to provide services that meet or exceed the full spectrum of legal regulation and technical security requirements colleges and universities face, in particular the requirement to protect education records, entities will build those requirements and protections into their services. It is therefore all the more imperative that colleges and universities collaboratively create a consensus around a baseline set of standards to render outsourcing a viable choice and to create competition within the marketplace for those vendors most willing to tailor their services to the specific needs of higher education.

The collective experience of a number of universities that have contracted with Google for email services is an example. Technologists, attorneys, and IT policy personnel first observed that Google reused the same foundational contract for all of the schools with whom it was negotiating and that in early negotiations, Google was resistant to changing contract language. As a number of schools placed more pressure on Google to amend its language, particularly to address FERPA concerns in outsourced faculty and staff mail, Google became more willing to negotiate those terms and assume responsibility to maintain the privacy of those records in the same manner as is required of institutions. Indeed some institutions, including Cornell, insisted that the language regarding FERPA protections also be included in contracts for the sourcing of student mail, although an informal consensus of attorneys who work closely in this area do not believe that institutional liability for FERPA violations lies in student mail. Although a small example, this one with Google may be a positive sign that if and when colleges and universities place clear, consistent expectations on vendors, the market may induce vendors to work productively with our institutions.

See also:

• Legal and Policy Contractual Considerations
• What Is Cloud Computing?