vikpaw (27th April 2013)
I totally understand why you feel that way when I have heard about the shambles of alot of companies in the public sector. The Sony case is an interesting one because they did the hard stuff right for the most part and did the easy stuff wrong. However a cloud based MIS if setup in the right way should not be vulnerable in that way. However nothing is impossible and other things could take the service down. Sony was a high target for many reasons including PCI, political issues, corporate espionage and many others. An MIS system is not such a target however this does not mean security should not be taken seriously.This is just so wrong. The common problem schools have is to do with the suppliers and their management, either of the infrastructure or of the software. Look at Progresso. Look at historical problems with ParentPay, ParentMail, Capita's hosting in Norfolk (or was it Kent?) - there is a pretty big list of suppliers getting it wrong and customers just having to sit there suffering. There are some real disasters waiting to happen. Sony isn't some small company without the means or (one would hope) the in house expertise to do proper security - yet even they can stuff it up big time for their customers. What makes you so sure your company is better than the lowest common denominator of "only human"? How could it be!
In my opinion schools should always speak to other schools and ask them what there experience has been. I know as a company we spend almost nothing on marketing the only public thing we do is the Bett show. We get over 90% of our school as recommendations from other schools and that is how we are growing. It is ensured our standards are high because we are building our business upon having a reputation for having the best product(including reliability in this because it can be the best product in the world but if you cant get to it it's useless) and support.
Again you are totally correct humans are normally the main cause of security issues. This is why it is important companies train there staff about security most major attacks these days are on the back of social engineering, if you can stop this and flag this behavior you are going to be more secure as a company. The other issue is mis configuration or ineffective setup. This can usually be picked up by good pen testing not just running an automated scan, or putting a WAF on and thinking you are safe makes me cringe everytime. Especially as you can get though PCI DSS with known security flaws if you have a WAF. A company SHOULD have better resources to mitigate these threats than a school.
Again my advice is really drill down into the company that is supplying your MIS ask them every question that is important to you. They should go out of there way to help you at this stage if not that will probably give an insight into there aftercare. Also they should be more than willing to do this as when they buy stuff they should be doing the same thing. After a few conversations you will soon be able to see what there knowledge and services are like. Again talk to other schools see what they are saying. Personally it is pretty rare I buy something in my personal or professional life without reading or getting reviews on that product.You can also have a cage full of monkeys who know next to nothing about the set-up or particularly your data. And of course you won't know that because the supplier sales folks aren't showing pictures of the cage on their power points. MIS suppliers don't have a monopoly on employing knowledgeable professionals. Sometimes it seems they don't even do very well at it.
A good MIS will do that the advantage of a web based one is 100% reliability with redundancy. At the end of the day that is what you are paying for and that is what should be delivered. If a motherboard goes in a server fail-over should happen and as a school you should never notice. You get that included I have never seen a school system with multimaster servers im sure there is one out there but they are few and far between. You do an update on your school server it goes down you have no MIS till you fix it. If a cloud based system breaks the plus is its somebody elses problem the negative is you have no control over that. However we are back to square one is it a company you can trust.Some do. Some don't. The question might be which provides the best value to the school. A good MIS system will sit at the centre of a schools management services and provide long term intelligence to the schools teachers and senior management. It is a key/core asset. Companies that outsource their core assets and function often end up paying a heavy price. First the companies that now provide the core services can't help noticing they have their customer by the dingle dangles and if the sales manager wants to hit their bonus, they can always just squeeze a bit. Second, when the service companies do have problems, the health of your business is now tied directly to theirs. You outsourced your expertise but in the process assumed all the operating risk of your own company *and* another, completely alien one. I personally think that is a pretty dumb move. Why would you want to do that?
The smaller cloud based MIS providers are probably all outsourcing hosting, building a data center cost millions so smaller companies just cant afford it. Some are probably doing it better than others. with hosting you normally get what you pay for, from support up time guarantees, disaster plans (including nuclear strikes), support, auditing ability. I would never go with a data center that I couldn't visit and check things are being done well. Again its interrogating the company making sure you are going to get a good service from them. Also when it is business critical using multi vendors and risk assessing those vendors. Also making sure you are left flexible if you get bad service or unsustainable price hikes being able to move without it effecting your customers.
All your points you raise are valid ones and ones I would be asking if I was buying an MIS personally. I would also be looking for schools that are using the product that are similure to the school I was buying an MIS for in size, type and structure.
vikpaw (27th April 2013)
In sticking well clear... I'm feeling the love from here!
I am sensing you have been burned recently by MIS Software?
@PhilNeal I agree totally (shock horror!), but only with a system that is setup in such a way to allow a systemic issue affect all its customers. In this topic, SIMS' isolation is a huge advantage. However if you have such a scenario in mind from the off, you design resilience and redundancy and facilities for separation into the product. At worse a single school has temporary issues without impacting on all the others.
If datacenter A dies, datacenter B is still online and available. (BTW if datacenter dies with all the international banks and finance institutions inside... On a personal level I will be very concerned for my livelihood!)
Just some tips for your cloud offering soon Phil
(I'm kidding of course, friendly banter!)
We have just embarked on a project to replace our current product. Our target go-live date is Sept 2015. We have a good opportunity to look carefully at what we actually want from a system, let our needs drive the selection and critically assess how the supplier offerings meet those requirements. I've no doubt you will be hearing from us soon.
Sounds like you have an excellent and well planned out project going forward,
I wish you luck and if I am standing in front of you I will do my best to impress
Trying to steer back to topic, though the discussion is very interesting.
@KK20 - i may have missed it somewhere, apologies if i have, do you have portals / access for the parents ? Is this something you want, and intend to push your smart reports into? I can imagine ease of doing that will be a factor.
Also in terms of data reporting / access - iSAMS have a massive API with a dedicated interface (they showed me at BETT), and that is totally cloud based (correct me if i'm wrong..), so you could be the one hosting, or it could be offsite (co-located etc. as above), but you should still be able to automate the data pulls you want rather than needing direct access. Presumably they showed you this when you specified your requirements.
We are an independent school and use iSAMS and have done for a couple of years. Moved from CMIS when progresso was rearing it's head and was under the premise that if staff had to get used to a new product then they should get used to one that does what they need. Very happy with iSAMS overall. Support is brilliant and the system is easy to use. We host it ourselves. Feel free to get in touch if you want to discuss further and if you are local we are more than happy for you to visit.
Our portal is lacking at the moment. I am half way through pushing an automatic sanitised intranet derived dataset directly to moodle. Parents will need to use their child logons unfortunately as I don't want to go creating extra accounts for parents. Since the project is already planned, designed and being implemented/tested it wont be scrapped and moved to an MIS. That being said, even if I did use a similar approach to iSAMS portal, it means I need to scrap the reports etc which simply wont happen. After the iSAMS demo I was reasonably impressed but even the mighty iSAMS has some issues in our eyes (migration is the major hurdle with iSAMS - i.e. we need to do it ourselves effectively. A quoted 10 week migration is (quite frankly) not acceptable. Even crappy E1 managed it in 3 days apparently. Doublefirst quoted 5 although that included a couple of days onsite so effectively 3+2.
There are currently 1 users browsing this thread. (0 members and 1 guests)