Securing BYOD for Schools

Bill Pickett, CIO, Glenelg Country School

Bill Pickett, CIO, Glenelg Country School

Many struggles have changed in the last 12 years in private K-12 Schools, and yet much has remained the same. BYOD, integration of technology into the classroom, better communications with families and management of networks systems remain important priorities. However, the environment has changed a great deal in the last few years. Technology departments no longer need to focus on creating custom systems; the market has matured a great deal and now provides off the shelf products that assist with a majority of these needs. The Bandwidth of networks is larger. Onboarding of BYOD devices is now fairly easy. School websites with integrated Learning Management Systems, online report cards and mass mailing capability readily exist. 

“While user education is important, it is becoming necessary to add endpoint threat analytics that detects and prevents malicious behavior”

Today, the diversity of products that come into the school environment creates the largest issues. The consumerization of the hardware industry has small technology departments working with extremely diverse equipment. The web based offerings for any product, i.e. blogging applications, offer an almost unlimited number of options. More and more software and hardware is being offered as a cloud based solution. More and more external influences are affecting the decisions of the CIO in ways they can’t begin to control. Today’s school CIO needs to build systems and partner with vendors that are extremely robust.

Schools must adapt their network security plans to accommodate their BYOD environment. We have segmented our wireless network into individual SSIDs to accommodate different equipment and access. Our wireless controller firewalls the wireless side of the network from the wired side. School owned equipment connects to entire domain, while faculty and student BYOD devices have limited access to printers and the Internet via the firewall filter. We have also expanded the number of access points in the school to accommodate the eventuality of every student having at least one internet connected device.

Most school networks have a limited number of applications and some storage. Implementing the cloud in most cases has been a relatively evolutionary decision. Our migration of Office 365 offered a way to move a great deal of storage and work offsite and provide our customers better access and more storage at no cost. Our website, like most small schools, is managed by someone else. As we looked to provide parents more access into the Student Information System (SIS), it made sense to integrate it with the website to unify the information flow. We have moved our nursing module into the cloud and also integrated it with our SIS. It provides parents a better experience and eliminates internal redundancy. Most of our application vendors offer cloud based products for any future system upgrades. Many of those will also integrate with our SIS. We are positioning ourselves to migrate major applications to the OEM’s cloud service in future and to take advantage of any cross platform data integration/single sign on that is offered. 

Network security remains a universal concern. Everyone has the typical software, hardware, and implementation models of security in place. Yet, we continually hear about security lapses and ransom ware payments in medium and large businesses. A recent article reported it takes over 200 days to detect a security breach. While user education is important, it is becoming necessary to add endpoint threat analytics that detects and prevents malicious behavior. Something is now necessary to sit behind the typical security systems and independently monitor user’s patterns and actions to prevent anything out of the ordinary.

It is equally important to have a security discussion with cloud vendors. Naturally, the conversation should be a review of their own internal security. Don’t’ assume a vendor does backups, has filtering software on their routers, or even anti-virus on every computer. Additionally, it is important that the data you give them to house is contractually yours; that you have unfettered access to it. One of the last things you want to deal with, if you cloud vendor goes bankrupt, is the bank holding and trying to sell you your own information. Your cloud vendor, more likely than not, has a backup site outside of the United States. You should not assume all the countries where your data is stored have laws in place to protect the privacy of your data You should also specify how your data will be returned to you in the event you want to move to a different vendor, or the vendor fails. You should specify a generic content model for the return of your data, i.e. CSV, Excel, or SQL. As an aside, you should also ensure that your contract with any software vendor is set up so that you will not have to switch vendor’s mid-school year. Something painfully learned.

Today, school CIOs are working to: Tailor the family experience and provide ubiquitous access to internet, resources, information, communications and their child’s student records; and to provide faculty, students, and staff with the information, knowledge, resources, access, information systems, and stability necessary for them to perform well. All this done in a way that complies with the various applicable laws and regulations, i.e. Cipa, Coppa, Hippa, PCI and provides minimally invasive security, at the lowest possible lifecycle cost, and is extremely respectful of everyone’s learning curve. It is a huge task but extremely rewarding and worth doing well. 

Weekly Brief

Top 10 LMS Solution Companies - 2020
Top 10 LMS Consulting/Services Companies - 2020

Read Also

Time to Invest in Readiness Commitments for the Future

Time to Invest in Readiness Commitments for the Future

Rob Lowden, Vice President and CIO, Indiana University Bloomington
Bridging the Gap with the Business Side of the Institution

Bridging the Gap with the Business Side of the Institution

Jim La Creta, Chief Information Officer, Brandeis University
The Value of Digital Transformation

The Value of Digital Transformation

Patricia Patria, Vice President for Information Technology and Chief Information Officer, Worcester Polytechnic Institute
Real, pervasive Digital transformation can happen in Higher education IT

Real, pervasive Digital transformation can happen in Higher education IT

Andrea Ballinger, Vice Provost & CIO, Oregon State University | University Information and Technology
Digital technology and the future of work

Digital technology and the future of work

Ernie Fernandez, Vice President and Chief Information Officer, University of Miami
Enhance Learning Experiences with Technology

Enhance Learning Experiences with Technology

LeRoy Butler, Chief Information Officer,Lewis University