Category: Editorial

How Education Leaders Can Address Cyber Security Issues

By Dror Liwer, co-founder and CISO of Coronet.

Dror Liwer

At a time when schools systems are collecting more data than ever and implementing new technology to improve their classrooms, education leaders must act to better secure the personal information of their students, staff and stakeholders. Unfortunately, instead of bolstering security, reports are showing that the education industry ranks dead last in cyber security, pointing to low awareness, limited budgets and a lack of expertise, making many schools easy targets for cyber criminals.

The growing threat against schools

Educational data is a valuable black-market commodity because student records often contain information such as birth dates, addresses, Social Security numbers and, in some cases, financial records. In fact, since 2016, K-12 institutions have been hit with more than 400 cyber security incidents, and in 2018 alone, there were 122 publicly-disclosed cyber security incidents impacting schools in 38 states, according to the K-12 Cybersecurity 2018 Year in Review report.

Additionally, in December 2018, a hacker stole the personal details for more than 500,000 staff and students from the San Diego Unified School District. And just a few weeks ago, Louisiana Governor John Bel Edwards issued a statewide emergency declaration in response to a cybersecurity incident that affected several school districts. That same month, Watertown city school district in New York was hit with a severe attack that prevented employees from logging into accounts or accessing files. The bottom line is, based on the treasure-trove of data educational organizations have access to, coupled with a lack of budget, awareness and protocol, schools are vulnerable to advanced cyber attacks, and criminals know it.

New technology brings new risk

Fortunately, awareness is spreading. Technology chiefs indicated in the CoSN IT Leadership survey that cyber security is now one of their top priorities. Education leaders are also recognizing that these attacks not only have the potential to cause financial loss for schools, donors, students, and staff, but they can also erode trust in the educational institution itself. For students, it’s not just about their privacy and preventing identity theft, but also about their future academic and workplace careers.
Ultimately the problem for school systems rests in constrained budgets, inadequate cyber security staffing, and in some cases, senior leaders who may not truly understand the threats they are facing. Out of 17 industries analyzed, education ranked last in cyber security, according to the 2018 Education Cybersecurity Report.

Most schools are accustomed to putting student education at the forefront, and while they may also devote energy and resources to physical security, it can be easy to overlook the modern threats lurking in connected systems. Behind the promise and excitement of smart boards, smart TVs, laptops, tablets, and IoT devices, criminals are waiting to exploit vulnerabilities.

One major issue is the large number of staff and administrative users with personal and school devices that expands the attack surface. Many schools now have students utilizing their own laptops during school hours, bringing more points of vulnerability into the school. For example, students or faculty could be working remotely on an unsecured Wi-Fi network, opening the possibility of an attacker gaining access to a school’s system. Many also use apps such as Office 365, Dropbox, GSuite and Slack to communicate and collaborate on projects. While these apps do offer some security, they are often no match for the advanced cyber threats that are changing daily. If a student were to unknowingly share a document infested with malware to Dropbox, it could compromise the entire system.

Taking action

There are several actions that educators should take to mitigate cyber risks. One place to start is with a simple risk assessment to identify vulnerabilities. This could include an inventory of all devices and connections in the system, including BYODs, along with apps and software. During this assessment, questions should be asked such as “How is the technology being used?” and “What processes and protocols are in place?” Comprehensive risk assessments can often reveal several simple ways a school can improve its security.

Other cost-effective steps that leaders should take include:

Additionally, schools, much like enterprises, should have a system to backup data and a plan for recovery should an attack occur. For it is slowness or lack of preparedness that often leads to the most serious disruption.

Education leaders can find several resources to assist with planning, including those at the Readiness and Emergency Management for Schools Technical Assistance Center and The National Initiative for Cybersecurity Education (NICE).

Finally, as human awareness is a critical component of cyber security, students, faculty and staff should be educated on cyber security issues, how to reduce the risks and what procedures to follow in the event of a breach. For all employees, such training should occur before every school year and for students, computer security literacy should begin as early as the third grade. While cyber security risks will always be a reality in today’s digitally-connected environment, school-wide awareness, planning, and education can reduce many of your vulnerabilities lowering their risk and better protecting the sensitive data of their students and faculty.

Consolidate, Centralize and Save: Strategic Licensing Approaches for Academic Success

By Ryan Peatt, chief product officer, Kivuto.

Ryan Peatt

Academic institutions face many challenges due to how the ever-changing nature of technology affects the management and distribution of licenses. No longer can schools afford to leverage traditional models to ensure their students, faculty, and staff are equipped with the right technology to succeed. Innovative and scalable new IT solutions must be developed to create the backbone for academic success and greater user experiences. This includes such things as exploring sustainable licensing criteria, centralized funding models, and risk reduction initiatives.

Sustainable Licensing Criteria

Faculty at higher educational institutions need the freedom to choose the tools they use to teach. But when resource procurement is decentralized, there is no visibility into what tools are being ordered, in what quantity, from which vendors, and at what price. This makes it impossible for institutions to optimize their budgets and ensure compliance with all laws, terms, and conditions.

It is crucial for institutions to develop enforceable and sustainable licensing criteria that include clear guidelines around what products their faculty can license, in what quantities, and from which vendors. Organizations can accomplish this by giving faculty more visibility into what resources are available and what terms and conditions they come with; or by establishing a request-and-approval process for faculty wanting to adopt resources their school has not already licensed.

The University of Utah did both, setting up a secure, centralized repository containing all assets available to faculty. Educators have self-serve access to all resources the school has already licensed, and requests for new assets can be submitted directly through the repository and are visible to other users who may need the same resources. By ensuring faculty are aware of what’s available and what’s been requested, and by requiring them to get approval for new resources, the university has established a more efficient and less risky way for educators to select their teaching tools.

Central Funding Models

In an ideal world, all software would be procured and funded centrally at the enterprise level, ensuring that compliance requirements are met, and that the lowest prices are secured. Unfortunately, central funding models can be too rigid for many institutions as they often require that a certain level of demand for a product before any licenses are ordered. This can result in frustrating waits for faculty and students who need resources that aren’t in high demand. Alternatively, these models may result in institutions over-ordering certain products and losing money on unused licenses. So institutions often allow individual departments, or even individual faculty, to handle the procurement of their own resources.

To counter this, Queen’s University explored the option of implementing a cost-recovery plan. Under their model, software would be procured centrally at very high volumes to get the best pricing available. The school could then ‘sell’ licenses to individual end users for far below the equivalent retail price or other volume-license/academic pricing. These chargebacks, combined with the savings the school sees by purchasing in bulk, would save Queen’s a significant amount compared to the cost of ordering licenses on an as-needed basis.

Risk Reduction

Software licensing is complex, and with complexity comes risk. Institutions are responsible for ensuring compliance with all terms and conditions attached to every piece of software they license, from campus-wide essentials to niche products used by a single faculty member. This is already an uphill battle. As vendors transition their products to the cloud, move to time-based delivery models and inflexible clickwrap agreements (which are often updated without notice), software management and distribution will become even more complicated – and riskier.

IT teams need visibility into what software is being purchased, installed, and used at their institutions. They must ensure that the number of licenses installed does not exceed the quantity purchased. All stakeholders should clearly understand all usage rights and restrictions attached to every product they use, and comply with them diligently. Procurement and IT teams need to vet service agreements against their own legal, privacy, accessibility, and computing policies, as well as applicable laws.

Risk reduction must be a core priority in any college or university’s software licensing strategy. Aggregated and centralized management of software licenses can help with this by reducing the overall level of risk to schools through visibility and education.

Providing School Safety and Security through Technology, Red Flag Training, and Law Enforcement Expertise

By Mike McCarty, former law enforcement officer and founder/CEO, Safe Hiring Solutions.

Mike McCarty
Mike McCarty

Technology has revolutionized industries, organizations, and institutions while bringing with it the power to solve many of our nation’s greatest challenges.  

Education is no different. 

Perhaps, education presents bigger challenges than others given the varying stakeholders, political climates, school cultural distinctions, state/county/district laws – not to mention the availability of funding.

Make no mistake, technology holds the same power for our nation’s schools by helping to prevent tragedies like Newtown, Parkland, Santa Fe, and so many others from happening at all – or at least starting to reduce the number of tragedies and threats of violence occurring on a daily basis.

Integrating disparate security technology systems to work together make it possible to both share information and connect red flags on threats.

For example, SafeVisitor is integrated with access control to share excluded parties photos and use existing cameras to flag them before they get to the door; when integrated with the student information system, it also shares excluded parties and custodial issues to flag them; and integrating crisis alert systems with SafeVisitor makes it possible to share emergency notifications for quicker response time.

As we approach the back-to-school season, our nation’s schools continue to grapple with keeping our students, teachers, and administrators safe.  

The Top-Three Threats

The facts are clear. 

According to the Safe and Sound Schools Report, all stakeholders were asked to identify the top-three threats they were most concerned about in schools. 

While the threat of an active shooter remains the top concern for students and parents in 2019, “mental health emergencies” rose to the top of the list for educators, public safety officials, and general community members. 

Secondary concerns were “bullying” and “an intruder” for educators and parents; students chose “mental health emergencies;” and “active shooter” for public safety officials and community members. 

The third-most concerning threat for public safety officials and students surveyed was “an intruder;” “mental health emergency” for parents; “active shooter” for educators; and “drug/alcohol abuse” for community members.

Based on the findings of this report, there is a strong perception with stakeholders that schools have a high sense of false security.  

Mental health/behavioral indicators are essential to reducing the likelihood of school violence and this is the top issue for educators, public safety officials, and the general public – but not the top concern of parents and students who are focused more on the threat of an active shooter.  

Herein lies the risk in having tunnel vision on an active shooter as the only threat to school safety. How do we reconcile this?

There are More Threats Than You Think

For instance, sexual violence ranks extremely low by stakeholders, when this threat is actually toward the top.  

For example, based on WRTV Channel 6 report and research in Indiana of teacher license revocations from 2012-2018 (this number excludes unlicensed employees, vendors, and volunteers, which would make the number much higher), there were two active shooter incidents compared to 97 allegations of criminal misconduct, 57 of which were sexual abuse, child sexual abuse, or child solicitation.

Additional challenges include vendors feeding on the fears of parents and students by selling gadgets and products like bulletproof backpacks that do not promote school safety but instead put fear into students rather than empowering them to focus on what they are at school to do: learn.  

Visitor Management Systems 

An essential component of school crisis response is the reunification of students with their primary caregivers, so reunification is a critical piece of preparedness.

A Visitor Management System (VMS) can not only help implement having multiple pre-planned reunification locations but also:

Technology Experts with Law Enforcement Training on Spotting Red Flags 

The Safe and Sound Schools study finds that most stakeholders point to the principal as the person in charge of school safety – a flawed assumption that MUST change.

Every school must have a threat assessment team comprised of stakeholders inside and outside of the school. Such a threat team is coordinated with technology systems that communicate to internal security and outside law enforcement, like student information and incident reporting systems.

Marjorie Stoneman Douglas High School Shooting in Parkland, Florida

Too often each stakeholder works independently, and the red flags are not shared, as it happened in Parkland, FL., with multiple stakeholders having flagged the shooter three days prior.

All schools should develop a threat assessment team. To often each group (counselors, SRO’s, probation/law enforcement, administration) work independently and so they might see a single red flag but as part of a team would connect a student who might have multiple red flags.  

When my children lost their mother, the school was actively involved. Counselors were monitoring, and I would assume, creating reports in a system – maybe the student information system.  

Parkland is a perfect example of how multiple stakeholders were aware of problems with the shooter, Cruz. 

First, he lost a family member. (My three kids lost a mother when they were young – nine, six and three months.) This is traumatic and intervention is a must.  

Then Cruz lost a second parent… a second MAJOR red flag.  

Cruelty to animals, threats that were reported to law enforcement and FBI but never shared. It’s a perfect storm of disconnected red flags.

Parkland surely would have known about loss of each parent and monitored grades and behavior which would each be potentially recorded in separate systems – student information system and incident reporting system.  

Threats internally or anonymous reporting of concerns or threats with Cruz could be in the same or different systems.  

External threats were also uncovered on social media and with law enforcement that were in a different system but not shared with the school.  

Red flags and suspension should have placed Cruz on an exclusion list using technology, such as integration with a student system, to import his photo to SafeVisitor as excluded and shared with access control – camera systems – in hopes that it could have flagged him outside the school as he arrived, which could possibly have created an auto alert via text or email to security and law enforcement.  

Integration with a crisis alert system could have created lockdown by immediately sharing information with law enforcement through the crisis alert as seconds matter.  

Unfortunately, the technology cannot alleviate slow officer response… or a school resource officer standing behind a tree and not engaging the shooter.

Technology can be the hub of a threat assessment team, connecting the individual security systems, student information systems, etc. to work together as one system and aggregate flags and uncover problems long before they become an active threat.  

Additionally, working with a partner whose background is in law enforcement and has training on how to spot red flags is key.  School security requires the same approach as it is in law enforcement. 

Walmart Workplace Shooting in Southaven, Mississippi

In the recent Walmart shooting in Mississippi, the shooter made an implied threat just three days earlier by raising his shirt and showing a knife to a co-worker during an argument.  

The implied threat three days prior to the shooting in Mississippi was likely not understood by either the employer or law enforcement.  

Understanding threats is a critical component to neutralizing a threat early. 

Threat assessment was the foundation for our Domestic Violence Division in Nashville in 1994 that reduce the 25 women and children killed annually to 12 or less each year after implementation – more than a 50% reduction in domestic homicide by recognizing threats, signs and behaviors.

Prepare for and Prevent Tragedies with Technology

Law enforcement is the cavalry you want coming in an event like this, but we must prepare our schools to have systems, processes, and procedures in place to be what I call “left of bang” (to assess threats before they happen) so that they can focus on education.  Working with the right technology partner with law enforcement expertise is key to achieving this objective.   

“At bang” is when protocols, training, and technology, kick in. “Right of bang” is the law enforcement response.  

Seconds matter so everything done in preparation reduces the time it takes to get law enforcement on the scene and neutralizing the threat.

Moving the needle for our schools to help them become “left of bang” instead of “right of bang”  – is paramount. Workplaces like Walmart and schools have it within their control to manage employees, students, administrators, vendors, and volunteers through the power of technology. 

“See something, say something” is very important because students often see things on social media or hear things at school and can share this information. However, without technology and creating integrated security solutions that drive important data to a threat assessment team, we run the risk of red flags not being connected, like in Parkland.  

Technology is consistent, unbiased, does not minimize a potential threat because it does not understand it, and can uncover problematic behaviors early. 
Technology is the foundation for prevention and can be the solution that shaves seconds off law enforcement response which saves lives.

Kivuto Partners with The Douglas Stewart Company to Expand Reach Into Education

Image result for Kivuto logo

Kivuto, a provider of academic digital resources, announces its partnership with The Douglas Stewart Company, North America’s distributor of educational software and technology products. Together, they will provide a tailored solution for the management and distribution of the Adobe Student License Pack for Higher Education.

Cloud license management and provisioning is a challenge for academic IT departments as it is difficult to actively manage those who have access, the length and amount of access, and the rules around software license use. Kivuto Cloud addresses these challenges, empowering educational institutions to effortlessly deliver both product key license verification and distribution, and named user license distribution for schools where software is required by students, faculty, and staff.

With the release of Adobe’s new VIP Student License Pack for Higher Education, Kivuto and Douglas Stewart will work together to provide a tailored solution for customers and their reseller partners that automates the entire digital supply, while eliminating the complexities tied to licensing individual end users. Douglas Stewart’s global reach and extensive education portfolio of products and services offers Kivuto the opportunity to extend its reach to a vast array of additional educational markets.

Jeff Blacklock, president at Kivuto, said: “Getting solutions into the hands of key individuals within educational institutions is challenging. Kivuto recognizes Douglas Stewart’s strength in the market and the reputation they have built over the past 65 years as an education reseller. We are pleased to have the opportunity to partner with them, adding extended value in the academic IT sector. With this partnership, Kivuto and Douglas Stewart will work together to solve some of the most challenging problems educational IT departments are faced with today.”

Charles Hulan, president at Douglas Stewart, said: “By partnering with Kivuto, we are now able to offer a solution that enables IT within educational institutions to safely, securely, and confidently verify and distribute software and resources to authorized students, faculty, and staff. Kivuto Cloud enables IT departments to have full control over a centralized model that can provide the much-needed adoption and insights that have been missing for so long. Kivuto Cloud will be a great addition to the solutions we offer to our clients.”

Tools4ever Announces New Technology Partnership With Ellucian

Image result for tools4ever logo

Tools4ever, a leading provider of identity and access management solutions in education, announced a new partnership with Ellucian. The partnership unites two market-driven education solution providers. Mutual customers can now integrate Ellucian’s PowerCampus, Banner and Colleague products with Tools4ever’s Identity and Access Management and Identity as a Service (IDaaS) solutions. This partnership offers mutual customers automated user account lifecycle management across numerous applications, all from a single point of entry.

“It’s an exciting partnership for us, as we can now offer our mutual customers seamless integration between our products,” said Dean Wiech, managing director of Tools4ever in New York. “We have spent more than 20 years of successfully implementing solutions in more than 2,000 educational organizations. Partnering with other market leaders, such as Ellucian, allows us to continue our success in the education market.”

Ellucian and IAM

Ellucian’s SIS and ERP product suite empowers educational institutions to give people the right information at the right time. Their solutions make schools and universities more efficient, informed and capable of delivering great experiences to staff and students. This partnership allows Tools4ever’s IAM solution to connect Ellucian’s product suite to user accounts in Active Directory, G Suite and more. For example, if a staff or student record is created or changed in the SIS, IAM synchronizes the record’s information with all connected systems and applications. Other benefits include helpdesk delegation, self-service access management and access governance processes.

Ellucian and HelloID

The collaboration with Ellucian also extends to Tools4ever’s IDaaS product, HelloID. HelloID is a cloud-based, user-friendly dashboard where students and staff can access all approved teaching and learning applications with a single logi. Single Sign-On to the HelloID’s dashboard and connected applications is available to staff and students from anywhere, on any device, at any time.

“This partnership allows the team at Tools4ever to improve the customer experience and address more of their critical requirements,” stated Managing Director of Tools4ever NY, Dean Wiech.

EDUCAUSE Report: Diversity In Higher Education IT

Personal, Network, Social Media

EDUCAUSE recently released a brief detailing diversity in the higher education information technology (IT) workforce. The report is designed understand factors that help promote and maintain the success of higher education’s IT workforce. The report, “Diversity in Higher Education: Information Technology,” created with CUPA-HR – human resources support for higher education — examines demographic makeup of the higher education IT workforce so as to better understand the workforce today and to identify opportunities in the pipeline for future higher education IT leaders.

This EDUCAUSE brief is a snapshot of diversity and pay equity in higher education IT, a look at the aging of IT administrators, and the characteristics of possible pipeline positions from data collected in the 2018 CUPA-HR Administrators in Higher Education, Professionals in Higher Education and Staff in Higher Education surveys.

In all, EDUCAUSE says higher education entities provided data for more than 36,577 incumbents in 51 information technology positions for the 2017-18 academic year.

Among higher education IT employees, 26% are women and 21% are racial/ethnic minorities. Representation of women and racial/ethnic minorities in higher education IT is much lower than among college students, the primary constituent population they serve. According to the report, the representation of minorities varies greatly within higher education IT, with far more minorities represented in staff and professional positions than in administrator roles.

White men make up the majority (59%) of higher education IT employees, and about 70% of minorities in higher ed IT positions are men.

Black and Hispanic women are the least-represented groups in higher ed IT, together occupying only about 3% of all IT positions (and only 0.5% of all IT administrative positions).

Increasing diversity

One way to increasing the diversity of higher education, EDUCAUSE suggests, is for institutions to recruit experienced individuals from regions of the country with better representation of women and racial/ethnic minorities. For example, female IT professionals and administrators are better represented in the Northeast than in the rest of the country, whereas minorities are much better represented in the South and West. “This data highlights the need for considering nationwide or regionally-targeted recruiting strategies when seeking diverse candidates — particularly for leadership roles,” the report states.

Pay

In general, Black and Hispanic women are underpaid relative to their white male peers; white women are paid equitably; and Asians are generally paid more than white men.

Aging, Retirement and the pipeline

An important concern for many U.S. employers is the expected wave of retirements in leadership positions as the last of the Baby Boomers (born between 1946 and 1964) turns 55 years old in 2019, with many already at or past the expected retirement age. Administrators in higher education IT are no exception. For higher ed IT, this demographic transition may present an opportunity to make progress on diversity as this less-diverse generation gives way to a younger, more diverse generation.

The median age of the IT administrators highlighted in this report is 52 years old; however, the proportion of higher education IT employees that are older suggests that higher education IT may soon face succession planning challenges.

Around 43% of IT administrators are 55 years old or older. The median years in position is seven, but almost 39% of higher education IT administrators have more than 10 years in their current role. This is high compared to all administrators in higher education, where the median time in position is five years, and only 25% of administrators have more than 10 years in their current position.

Certain IT positions are considered part of the pipeline to administrative leadership roles. Some of these positions have higher representation than average for women or individuals from certain racial/ethnic groups, and may provide opportunities to recruit diverse future leaders as older employees near retirement.

“Some in higher education IT have argued that to close the gap on diversity in the field, a different way of thinking about recruitment, retention, and creating inclusive environments may be necessary, including deliberate efforts to use this type of data to recruit more diverse leaders,” the report’s authors write. “Higher education IT may also need to consider recruiting diverse candidates for leadership roles from outside of higher education or from positions not typically identified as part of traditional job progressions.”

EDUCAUSE says the data collected on information technology positions in higher education can help institutions focus their attention on key aspects of diversity for this critical part of the higher ed workforce.

“The time to begin succession planning is now — and the data show that certain positions in the immediate higher education IT pipeline may present opportunities to improve DEI in the process,” EDUCAUSE notes.

Educational Entities Can Do Some Learning About IT Infrastructure

By Jay Akin, CEO, Mushroom Networks, Inc.

Jay Akin

K-12 and higher education entities require different perspectives on their IT strategy compared to IT strategies for corporate campuses. However, there are common themes and major technology trends that create similar IT challenges for both.

The proliferation of personal internet connected devices (primarily in the form of cell phones and other gadgets) and new web applications have caused various tectonic shifts that require similar fundamental changes in the security posture and campus connectivity strategies.

Corporations have tried to resist the use of personal connected devices within the office network environments and have tried to block the use of other unauthorized web applications even when used to serve some business need. This was an unfruitful strategy and the hidden shadow IT, as it is sometimes called, won this grassroots driven trend. For example, employees started using the freely available file sharing apps (such as Dropbox, Google Drive, etc.) when their corporate offered alternative lacked in features and ease-of-use.

Similarly, employees continued to use their personal cell phones for business use cases when it was more convenient. Corporate IT had no choice but to embrace the fact that their employees would bring their own devices and in some cases adopt their preferred applications to solve their specific needs. This set of challenges also goes the other way with corporate provided connected devices finding their uses in personal use cases such as corporate provided laptops being used at homes.

The solution for corporations is to modify their security posture and rethink their connectivity architectures to be able to support the new reality. These changing trends have meant a shift towards a no-trust security posture versus solely relying on a on premise-based firewalling approach. It also meant starting to adopt software defined network architectures, namely, SD-WAN (Software Defined Wide Area Networking), for managing and controlling bandwidth in their campuses.

Educational entities are in a similar situation when it comes to the proliferation of connected devices and the use of student-driven applications that can stress the wide area network bandwidth if not properly planned for. Therefore, it makes sense to look at some of the corporate solutions to these very same challenges to figure out how to handle the changing security environment and the increased pressures on bandwidth requirements.

Educational entities and campuses should also modify their security posture to have a zero-trust model whereby it is understood that solely protecting the perimeter of the network, although certainly required, is not enough for a completely secure network design. Unauthorized and uncontrolled devices (such as personal cell phones) will be present with all of their malware that may have collected over time and can create a threat from the inside of the network. Short of keeping these devices off of the network (which we know is not a practical solution) the next best option is to carve out and segregate the bandwidth available for such devices out of the network that the institution uses. By definition, all the sensitive data and resources will therefore be isolated and protected from any potential malware that may be on the personal devices.

This approach, which can be achieved with modern cognitive networking solutions in a highly cost-effective manner, will also provide the much-needed control of WAN bandwidth usage for both networks.

Once a software-defined approach is adopted, IT teams can take advantage of various other features that these modern technologies offer depending on the needs of their networks. For example, multi-WAN aggregation for additional capacity, adding premises-based or cloud-delivered UTM (unified threat management) security solutions and various others are some of the features that can be leveraged.

Even though at a high level corporate networks and networks of educational institutions are highly different with respect to their role, the important commonalities in the challenges both environments face allows both IT teams to learn and adopt solutions that the other has tried and tested.

Blackboard Debuts First Release of Blackboard Data Platform

Blackboard Inc. has announced the availability of its Blackboard Data developer tier, giving eligible institutions direct access to information to help manage and differentiate their learning ecosystem. Blackboard worked with more than 130 client developers at more than 75 institutions through global engagement events to co-develop the first Blackboard Data platform release.

The announcement was made at BbWorld 2019, Blackboard’s annual users conference that brings together educators, administrators and thought leaders, taking place July 23 through 25 in Austin, Texas.

Blackboard Logo (PRNewsFoto/Blackboard Inc.)

The first release on the Blackboard Data platform, known as the Blackboard Reporting Stack Developer Tier, will provide clients with direct access to data sets through a Snowflake data warehouse integration. Clients will also have access to the Blackboard Data User Interface, which includes a comprehensive data dictionary and integrated privacy guidance.

The goal, the company said, is to help developers and researchers answer questions to support common educational business goals. Data and tools in the Reporting Stack are now available for eligible clients using the Software as a Service (SaaS) deployment of Blackboard Learn at no additional fee.

“We have placed Blackboard Data right in the heart of our platform both architecturally and operationally,” said Rachel Scherer, senior director of analytics at Blackboard. “This means that not only can we pull data together in one single place, but we can also push it back into the learning ecosystem to make it richer with reliable in-workflow insights. Altogether, the Blackboard Data approach lets us contextualize information and provide insights to the right stakeholders at the right time.”

Blackboard Data is architected to combine activity and usage data across Blackboard’s Teaching and Learning solutions within its SaaS EdTech platform including cloud deployments of Learn, Open LMS, Collaborate, Safe Assign, Ally and the Blackboard app, with more to follow. The data is optimized for reporting and stored in a cloud data warehouse. Customers benefit from an industry-leading interface and simple integration with common business intelligence tools.

This is the first release for the Blackboard Data platform and over time the company will roll out more solutions, it said in the state announcing the launch. Following a SaaS continuous delivery model, Blackboard will expand eligibility across the company’s suite of SaaS-based products and add capabilities for more personas.

To introduce clients to Blackboard Data, Blackboard is launching the 21 Days of Blackboard Data challenge and encouraging all clients to join. Participants will have access to a demo data set with the same user interface as the Developer Tier. Interested clients may learn more and register at https://21days.blackboard.com/.

PowerSchool Launches EDGE 2020, Its Second Annual Customer Event

PowerSchool, a provider of K-12 education technology solutions, announced that it will host its second annual customer event, PowerSchool EDGE, bringing together a community of educators, thought leaders and experts who are passionate about education and the technology that powers it. The 2020 event, scheduled for March 30 – April 1 in Orlando, is expected to be bigger than the 2019 inaugural event.  

PowerSchool’s flagship customer event brings together K-12 leaders to connect, learn and grow to improve education and student outcomes. It offers two full days of insights and training to lead students, teachers, schools, and districts to success, or four days for EDGE University, which features extended, in-depth, deep-dive product training.   

“PowerSchool’s inaugural EDGE hosted around 1,000 attendees from 48 states, seven countries, and more than half of Canada’s provinces, bringing major K-12 stakeholders together to discuss the most critical topics in education today,” said Anthony Miller, PowerSchool’s chief marketing officer. “Building on the success of our inaugural event, EDGE 2020 promises to be even better—with more in-depth sessions, more certification courses covering more products, and more value for every educator.” 

EDGE provides practical training, best practices and industry-leading thought leadership insights for all levels of K-12 roles including curriculum, instruction, technology, HR and finance, as well as administrators, principals and superintendents. PowerSchool EDGE general sessions are focused on company updates, inspirational speakers and education leadership panels. Breakout sessions are broken into four main categories, including thought leadership, best practices, classes and certified training in deep-dive product courses. 

Attendees can expect to hear from leaders in more than 40 engaging breakout sessions on today’s key K-12 topics. Gain experience and expertise with hands-on learning, best practices and networking opportunities to grow and develop careers, as well as a deeper understanding of the PowerSchool road map and vision for the future.  

Registration is now open at www.powerschool.com/edge. Launch pricing and early-bird discounts are available, starting at $499 for EDGE and $1,900 for EDGE plus EDGE University. 

Ellucian Banner System Vulnerability Update

Image result for Ellucian logo

The U.S. Department of Education (Department) is working with Ellucian to clarify the previous alert from July 17, 2019. Some of the issues mentioned in the alert may be unrelated to the vulnerability (Vulnerability) for which Ellucian released a patch on May 14, 2019. The Department and Ellucian have no reason to suspect that a breach has occurred as a result of this vulnerability.

Ellucian has found that there are two separate and distinct issues that bear immediate attention:

  1. The Ellucian Banner vulnerability
  2. Fraudulent admissions applications

The Ellucian Banner Vulnerability

Who is Impacted: The vulnerability only occurs in Ellucian Banner Web Tailor versions 8.8.3, 8.8.4, and Banner Enterprise Identity Services versions 8.3, 8.3.1, 8.3.2, and 8.4. Although Banner Web Tailor 8.9 was previously listed as impacted, it is a roll-up software release that contains all patches and releases since 8.8 and is not affected. Customers not using these software versions are not impacted by this vulnerability.

Actions for Institutions Using Ellucian Banner System: Patches for this vulnerability were issued by Ellucian on May 14, 2019 and are included in all subsequent roll-up software releases. There is no indication that student or institutional data has been compromised. The patched vulnerability is extremely difficult to exploit and unlikely to occur outside of a laboratory setting. Institutions running Ellucian Banner Web Tailor versions 8.8.3, 8.8.4 or Banner Enterprise Identity Services versions 8.3, 8.3.1, 8.3.2, and 8.4 should immediately apply the previously release patches.

Fraudulent Admissions Applications:

Although it was reported that attackers can leverage the vulnerability discussed above to create accounts, Ellucian believes this is not correct. The issue described in the alert is not believed to be related to the previously patched Ellucian Banner System vulnerability and is not exclusive to institutions using Ellucian products. Attackers are utilizing bots to submit fraudulent admissions applications and obtain institution email addresses through admission application portals.

Ellucian recommends adding reCAPTCHA capabilities to the admission process to reduce the likelihood of experiencing fraudulent applications for admissions, even if institutions are not currently experiencing this issue.

For More Information:

Ellucian and the Department will continue to review this matter and update stakeholders as necessary. Additional information is available at Ellucian’s Customer Center and in Ellucian’s FAQ document.News TypeAnnouncements