Monday, July 1, 2013

IT Security in K12 – Looking at the 2013-14 School Year

As many primary schools look forward to the end of the current school year, and develop priorities for what needs to be addressed during the summer lull, many districts are finding that it’s time to take a new look at computer or IT security. The impact of new mobile technologies, the cloud, and a new generation of threats has changed the landscape.

Yet, it’s a very broad topic and there are potentially far more issues to deal with than there is time to resolve them. And not all EdTech security activities have the same value to the district. So choosing the best activities to spend time on is a clearly critical. In this blog I’ll list some of what I think the most important things that might be put in place this summer, so that they’re ready to roll out come August/September.

One of the things that I think K12 can do that mimics what we see in larger organizations is to have a written policy of what is allowable use of technology within the school or on the school network. This goes for personal as well as school owned devices. Having students and their parents sign the policy will make sure that it’s at least been read by one of them. The key is not to use this policy as a club to beat wayward users, but to set expectations of what the technology should be used for. It should also be regularly reviewed by EdTech, administration, teachers, students, and parents for changes/modifications. You may even get lucky and find a parent with some expertise in this area that can help you complete the first version that much more quickly.

One of the most important changes in the security suites that we often load on school computers is the movement from installed software to cloud based services that do automatic updating, checking, and administration. For a small monthly fee, the EdTech staff no longer has to spend scarce time and resources doing manual evaluation of the security installed on each PC. The cloud services not only insure that the security tools are running, but automatically update them for the latest viruses and malware. This allows EdTech professionals to focus on more important tasks and projects.

This may seem overly technical, but what this entails is putting software on the servers that will only allow the applications that you have chosen to run. Rather than other security products that try to outlaw or “blacklist” all the malware, whitelisting is simply making a list of what is allowed to run, and denying everything else. This can be done on PCs too, but it’s difficult to keep updated. On servers it’s a very useful security tool that requires little administration. There are a number of vendors that offer whitelisting tools, and most have educational discounts.

So that’s the three things that I think are good steps toward a more secure district that can easily be implemented over the course of the summer. Of course, there are other steps you may take, and if you think they could help us all, please post it in the comments.


View the original article here

No comments:

Post a Comment