For all of the success of Google Apps for Education, its adoption is not always met with completely open arms. Even for those districts or schools that are using Google Apps, the process of moving everything to Google Apps often requires overcoming concerns about the privacy of student data.

The Bennington-Rutland Supervisory Union in Vermont, which provides leadership and support for nine different school districts, is a case in point. BRSU has embraced technology in education, and cloud computing in general. The district was an early adopter of Google Apps for Education.

Nonetheless, access security concerns remained. And as the district implemented additional SaaS applications to support its teachers and staff, they had to address those concerns.

Dan French, the superintendent of BRSU, has found that using myOneLogin Secure Single Sign-On for its teachers and staff alleviates these concerns. myOneLogin provides strong authentication that is easy to deploy, with a single sign-on to all of the schools’ web applications, including Google Apps.

Adding myOneLogin, with its strong authentication capabilities, was key to encouraging the broader use of Google Apps and other cloud applications.  Says French, “With myOneLogin, I feel better about access security for sensitive data in Google Apps. I can be more aggressive about encouraging the further use of Google Apps now that access is locked down with myOneLogin.”

You can read about their deployment on the Google Apps Marketplace at http://solutionsmarketplace.blogspot.com/2010/05/tricipher-and-bennington-rutland.html

It used to be so simple – you talked to your children about the big items like sex or drinking. The talks weren’t easy, but at least the topics were predictable.

Now parents have to talk to their kids about a whole raft of new issues – including what’s appropriate to post on Twitter or Facebook, and not sharing passwords with friends.

St. Michael’s RC school in the UK uses myOneLogin to protect access to its Google Apps accounts with strong authentication.  You can find the story at http://www.myonelogin.com/Downloads/St_Michaels_Story.pdf.  As a parent, one of the things I love about the story is this: as a by-product of moving to Google Apps for students and staff alike, St. Michael’s is teaching the kids about protecting access to their accounts.

Everyone uses strong authentication at St. Michael’s. The students use a basic second factor to access their Google Apps accounts – knowledge-based questions. But the staff uses stronger second factors, including VeriSign VIP Access for Mobile, which generates temporary one-time passwords on smart phones.  The VIP support has the ‘cool’ factor, as it uses smart phones to generate “secret codes” that self-destruct in only seconds.

Damien Kelly, Head of e-Learning at the school, says that he shows the kids the one-time password from his phone when he logs in, because he knows it will expire in a few moments. A simple login become a teaching moment and he’s emphasizing, time and again, the importance of protecting access to online accounts.  That’s an education that can serve the students well in the future.

It’s the time of the year to make predictions and top 10 lists for the coming year. So, we’re going to make an easy one – SaaS will continue to gain widespread adoption from business of all sizes. And Google Apps in particular will continue to make headway – although we suspect that a bevy of innovative competitors will make themselves known as well.

We’re not really sticking our necks out here.  Gartner put Cloud Computing at the top of its ‘Top 10 Strategic Technologies for 2010‘ list. Everyone is calling for 2010 to be the year of SaaS and cloud computing – except for those who particularly enjoy being naysayers.

In talking to customers, we are finding that one major obstacle in the road to SaaS is the concern about security.  In general, we think that companies like Google and Salesforce can probably do a better job securing and protecting their data than the average organization. They have resources to apply to the problem, and their businesses depend on their ability to secure customer data.

So most of the security concerns are probably overstated. However, access security is something that falls outside of the SaaS solution, and is in general the weakest point. 2009 saw several password-based attacks. Twitter was the target of several high-profile attacks – most recently, someone apparently exploited poor password procedures for the service hosting Twitter’s DNS to redirect users to a malicious site. Ouch.

So, if 2010 is the year SaaS becomes mainstream, it must also be the year that businesses everywhere get serious about protecting SaaS access with strong authentication. We hope that’s true – that this year we start shutting down the password-based attacks against businesses and everyone can feel a little more secure using SaaS applications to run their businesses.

Happy New Year to all.

If you needed further evidence that Google Apps is getting good traction in the enterprise, you can find it in the growing ecosystem of enterprise applications targeting Google Apps.

Network World’s recent article, 10 Google Apps Add-Ons for the Enterprise, highlights a few of the growing list of applications that enterprises are using with Google Apps – with myOneLogin heading up the list.

In addition to the strong authentication provided by myOneLogin, the applications covered in this article tackle business-specific tasks like e-discovery, business process workflows, and enterprise content management.

As the ecosystem around SaaS applications like Google Apps continues to grow, the reasons not to adopt SaaS for business applications will dwindle.

The 451 Group (www.451group.com) recently published a report about the TriCipher partnership with VeriSign for myOneLogin and Google Apps.

The report, titled “TriCipher, VeriSign team to lower security anxieties about Google Apps authentication,” gets to the larger issue of trusted identity in the cloud.

Here’s an excerpt:

“The partnership highlights TriCipher’s migration upstream from authentication and SSO as a service to identity proofing and providing third-party verification of identity assertions to lower the risk of cloud-based application access.” Steve Coplan, The 451 Group

To which we say, yes – it is all about lowering the risks of cloud-based computing, particularly for business/government use.

There’s a lot of fear, uncertainty and doubt about doing business in the cloud – witness the great discussion about the City of Los Angeles considering moving to Google Apps for email. Some of this doubt is sown by vendors of traditional, on-premise email solutions.

Most of the fear and concern is unfounded – along most metrics, applications like Google Apps are going to be much more secure than what businesses are doing today. Google has tremendous economies of scale to support really great physical, logical and data security. The web-based model helps, too.  If data lives on the servers, it’s not on laptops that people leave around in taxis.

There are some risks—mostly around user authentication—but we know what they are, and Google has done all it can to address them by providing SSO with SAML interfaces.  myOneLogin makes it easy to take advantage of those interfaces and lock down the ‘last mile’ of access to the cloud.

There’s a lot more to be anxious about in this world, let’s worry about the risks we are not addressing instead.