Educational institutions are a target for cyber crime, just like any other business or non-profit. Concrete, measurable steps need to be taken to protect assets. Making use of a framework greatly helps this. A framework has specific metrics and criteria included in it. This provides a tangible resource to assess against. Usually, an outside team is brought in to walk through the assessment. Once the assessment is done, a remediation list exists. With a list, priorities are established and budget/human capital are applied.
FERPA is a federal law that addresses privacy of student
records. It is not broad enough for a school to base its entire cyber security
Specific steps that all institutions should take include:
MFA — Multi-factor Authentication is a step beyond passwords. Logging in to access a system requires not just a password, but something else. That something else can be a prompt on a phone, a code generated by your phone, a text message, a hardware token that is inserted into a USB port, a finger print … the list goes on and on. The school needs to be aggressive in ensuring there are no gaps in their MFA deployment. If all logins require MFA, but VPN access doesn’t, the crooks will find this quickly and exploit it just as fast.
Policies – While these are seen as the boring part of network security, they are critical. Who is allowed to do what? What is not allowed? What are reasonable expectations? If something happens, what is the response plan? Who is included? Who communicates to whom? Policies run the gamut and should be not only created, but yearly reviewed.
Separation of duties — Smaller schools in particular will tend to have one or two key IT staff. These staff are responsible for deployment of new technologies, while managing existing equipment. Picture this, staff is assigned to deploy a new wireless system. As they learn the components, software is installed/configured, firewall rules updated – they are do everything they can to make it work. In the end, it does. But, is the config optimal? Is it secure? Were the firewall updates done in a judicious and cautious manner? Having additional eyes on a project, particularly those that are subject matter experts, is not only helpful but critical.
Executive support — No cybersecurity progress is made without senior administrative, chancellor, and/or principle support. It’s pointless yelling into the wind for staff to try to move something forward without senior buy-in. With management support, funds and personnel follow. Educational facilities never have an abundance of either. But, management’s support allows what meager resources there are to be appropriately channeled.
What should education’s IT leaders be most aware about the current treat landscape?
The old saying, “When everything is important, nothing is important” comes to mind. There are always external threats. They will never go away. But, learning institutions are in a unique spot when it comes to insider threats. Insider threats, in a traditional business, are where staff are working as, or being used by, criminals. Schools are unique targets for insider threats.
They exist to encourage learning, challenging ideas, trying new things, even pushing boundaries. Labs need to be setup for students to learn and try things. The same systems students use for learning, academia uses for grading, class management, and transcript creation. Students are brought very close to critical systems. Insider threats are very real threat to educational institutions.
Good cyber hygiene is critical to protecting “back end data.” Regular software updates and patch management are critical in mitigating known software vulnerabilities.
Two-factor authentication is vital to hedge against phishing and other social engineering attacks. Appropriate data encryption serves to protect critical data. And, vulnerability scanning/management of the environment is key to identifying and closing all known system vulnerabilities.
Modern firewalls and end-point protection protect against ransomware and reduce the overall threat landscape. And cyber security awareness training for all users is critical to help them understand common social engineering-based threats and attacks. Assess and validate cyber security controls in place to protect data stored in any hosted/cloud-based system.
The current IT landscape is full of concerns. Anything that cybercriminals can monetize is a risk. Probably the most common problem I hear about is ransomware, which can be addressed by managing patches/updates and ensuring off-site backups are regularly completed (and isolated).
Response from Heather Paunet, vice president of product management at Untangle, a provider of network security for small-to-medium businesses (SMBs), including educational entities.
What’s the most important IT solution that must be implemented now across your district/college/university (despite budget limitations)?
Districts, colleges, and universities should highly consider investing in a multi-layered unified threat management solution to protect their network. With the increase in BYOD devices on campus, it is essential to create layered network security, and provide separate networks.
Separate networks will allow only authorized users access to personal data within the now segregated administrative network. Student and third-party vendors can still access the internet on the common network, but are limited with zero access to other content sensitive information such as social security numbers, payment information, or confidential records on the administrative network.
Using this layered approach is extremely important for students, allowing them to be protected from accessing inappropriate content, and their behavior can be monitored, flagging anything that may require an intervention for their well being. For example, being able to know if students are searching for “bullying” or “self harm” can ensure that students are given extra help, support and advice that they may need to get them back on track.
In a perfect world and with a blank check, what IT investment would you make to support your current educational entity?
A robust next-generation
firewall to protect the gateway from malware, spam, viruses and phishing while
allowing web content filtering, application control, and bandwidth management
to monitor student, staff, and faculty access and ensure student safety, and
student well being on campus.
Tools4ever, one of the world’s largest providers of identity governance and administration solutions and services, continues to demonstrate its commitment to enhancing classrooms through education technology by exhibiting at the 2019 CETPA Annual Conference. The conference is scheduled for Nov. 12-15, 2019, at the Anaheim Marriott and Convention Center in Anaheim, California.
Throughout the conference, Tools4ever will provide live demonstrations of its cloud-based identity management solution, HelloID, at booth #445. HelloID, used by hundreds of schools, colleges and universities throughout North America, represents the next evolution in Tools4ever’s 20-year effort to increase the usage and support for education technology in the classroom. HelloID enhances learning experiences by providing admins and educators with the solution they need to provide secure access to learning environments, educational devices, and self-guided service and technical support.
“The annual CETPA conference is the premier tech event for K-12 leaders in California and we are excited to be a part of it for our 13th consecutive year,” said Drew Olsen, Director of Sales – Western US at Tools4ever. “California is a leader in student data privacy protections, thanks to CETPA’s leadership. However, with the ever-increasing number of cyberattacks at the K-12 level, districts must remain vigilant in protecting what information is available while streamlining how it is accessed to best leverage EdTech in classrooms and beyond. We look forward to meeting with our customers and partners at the event to further demonstrate how identity and access management remains a critical component of any district’s technology strategy.”
The California Educational Technology Professionals Association (CEPTA) advocates improving administrative information processing in public education throughout California and prepares its membership to better meet and support technological needs. The annual conference brings its membership and partners together to share ideas and foster dialogue about information technology pertaining to the classroom. The conference includes the latest and best technology tools targeting improvement across teaching, learning and administration.
CETPA members include education’s CTOs, technology directors, network managers and engineers, database administrators, and district and county superintendents.
TOPdesk, a leading global provider of innovative enterprise service management solutions, today announces that it has been named a “strong performer” by analyst firm, Forrester. TOPdesk is profiled as one of the top 15 vendors that “matter most,” as detailed in the Forrester’s report, “The Forrester Wave™: Enterprise Service Management, Q4 2019.”
According to the Forrester Wave™ evaluation, the globally serving TOPdesk “has shifted to fully address the ESM market during the past few years and has oriented its strategy to provide for all forms of service requests, expanding its collaborative abilities and out-of-the-box modules.”
Per the report, “TOPdesk has grown steadily in North America, gaining popularity with midsize enterprises and public sector organizations, including higher education, and is pursuing a strategy of steady organic growth.”
“TOPdesk is a well-rounded ITSM and ESM product with fast time-to-value,” the report continues. “Request management is notably strong, with Kanban, intelligence, and costing … The platform is built for speed of utilization … [and] is well suited to midsize enterprises looking for a tool with both ITSM and ESM capabilities and experience.”
Wolter Smit, TOPdesk CEO and co-founder, said he’s proud of acknowledgement. “We know — and our clients tell us — that our solution continues to be first-rate. We’re honored to be named as a Strong Performer by Forrester, and are thankful for our clients and partners for helping us get here.”
In the report, Forrester notes ITSM users are looking to increasingly leverage self-service options, speed up service delivery, and enhance their own ITSM capabilities to meet the challenges of changing technology landscapes. TOPdesk believes that it addresses these issues by helping organization improve service management processes; optimize services by providing a user-friendly self-service application; and offers comprehensive support through a continuously delivered platform.
TOPdesk provides a robust platform for improved enterprise services, and a high-quality service management solution with proven fast time-to-value.
TOPdesk develops software that helps organizations efficiently manage the services they provide. Whether this concerns IT, facilities management, HR, service desk or service support, TOPdesk helps organizations support their employees, customers, consumers and citizens. It serves all sized organizations, from small businesses to large multinationals, and is available as a local installation or Software as a Service. The TOPdesk solution can be tailored to meet every organization’s needs.
TOPdesk has 15 branches worldwide: in the US, Canada, Brazil, the UK, the Netherlands, Belgium, Germany, Hungary, Denmark, Norway, and Australia. www.TOPdesk.com
Blackboard Inc. announces the appointment of Edwin Scholte as Chief Financial Officer (CFO). Edwin will join the company on November 4, 2019 and will oversee all financial aspects of the company, including investor relations, accounting, tax, financial planning and analysis, treasury, and capital markets. He will report to the company’s Chairman, CEO and President Bill Ballhaus.
With more than 20 years of experience as a finance and operating executive, Edwin has deep roots in the education sector and extensive experience in international strategic finance partnerships, global expansion, and mergers and acquisitions. He joins Blackboard from Best Merchant Partners, a privately owned merchant banking institution in the education sector, where he served as Managing Director. Prior to joining Best, Edwin served as CFO and as COO of the higher education, professional and international divisions of McGraw-Hill Education. Earlier he held senior finance and operating executive roles at LexisNexis/Reed Elsevier, Wolters Kluwer, as well as a privately-owned boutique incubator of Internet and corporate services start-ups in The Netherlands.
“Edwin’s broad financial and operational experience and deep knowledge of the education sector will be an invaluable asset to our executive leadership team as we continue to execute our business plan and strategic initiatives,” said Ballhaus. “I’m excited to have him join our team as CFO.”
“The impact of innovative technology on delivering better outcomes for institutions and learners is significant, and Blackboard is at the forefront of this exciting transformation in the global education community,” said Scholte. “I look forward to joining Blackboard and working with the team to deliver substantial value for all stakeholders.”
Edwin earned a Bachelor of Science in Business Economics from Haarlem Business School in The Netherlands, and a Master of Business Administration from Duke University.
Campus Management and Dallas Theological Seminary (DTS) announce their partnership to bring a more technology-centered and customer-focused mindset into the institution through the full suite of CampusNexus solutions. The modern, enterprise-wide system was selected to transform the student and faculty experience to focus on learning and student success through new, operationally efficient and innovative technology.
The full suite of CampusNexus solutions selected by DTS includes CampusNexus Engage, CampusNexus Student, and CampusNexus Finance, HR & Payroll, all of which are implemented and deployed in the CampusNexus Cloud.
“Since our inception in 1924, we have been serious about serving our students and preparing them for whatever God might be calling them to do,” said DTS chief operating officer Robert Riggs. “With the development of technology over the past decade, the way we can engage, and support students has improved tremendously. Today, we are focused on providing our students, faculty, and staff a higher education-specific, enterprise-wide system that is built on Microsoft technology and enables innovation in the way we connect and impact all our constituents. We are excited about our new partnership with Campus Management and what we will gain by implementing these advanced technological solutions.”
The latest release of CampusNexus Engage includes a native integration with CampusNexus Student that provides the real-time, bi-directional communication, enabling constituents to access accurate data when they need it. Using CampusNexus solutions and the Microsoft Power Platform, the institution will have the ability to utilize app development and the latest innovations on their campus such as chatbots, analytics and machine learning.
“We’re proud to be the selected transformation partner for Dallas Theological Seminary as they strengthen their infrastructure for innovation and technology advancements. Their strategic investment positions them to be at the forefront of technology for years to come,” said Campus Management senior vice president of field operations Jim Brigadier. “From the moment we began interacting with DTS, we knew there was a strong cultural alignment between their institution and our organization. We look forward to leveraging that alignment to drive student success well into the foreseeable future.”
PowerSchool announces that its CEO, Hardeep Gulati, has been appointed to serve a two-year term on the University of California, Davis School of Education Board of Advisors, offering strategic guidance to drive the goals of the school.
The School of Education’s Board of Advisors supports the implementation of the school’s vision through strategic planning and guidance, philanthropic leadership, and alumni engagement.
“We are so pleased to welcome Hardeep Gulati to our Board of Advisors,” said Lauren Lindstrom, dean of the UC Davis School of Education. “He brings a passion for educational equity and a wealth of knowledge about the ways that technology can enhance teaching and learning opportunities for all students.”
The mission of the UC Davis School of Education is to confront and eliminate inequities among people and communities through the generation of impactful knowledge and the promise of education. Since its founding in 2002, the School of Education has established itself among the nation’s top education schools, renowned across the state and country for leadership in advancing educational opportunity and attainment. School of Education faculty prepare exceptional K–12 teachers and education leaders, and conduct pioneering research that informs national policy and practice.
As the CEO of PowerSchool, Hardeep Gulati leads a company of educators and technology specialists committed to harnessing the power of technology to empower educators and unlock student potential. Under his leadership, PowerSchool has introduced award-winning, unified solutions and made a lasting impact on the future of K-12 education.
Gulati has been recognized by EdTech Digest as Education Technology CEO of the Year and one of the Top 100 Influencers in EdTech. Most recently, he was named a Top 25 Education Software CEO by the Software Report. Gulati received his MBA from the University of Pennsylvania’s Wharton School.
“At PowerSchool, we believe every student deserves the best opportunities in life and I am proud to serve on the UC Davis School of Education Board of Advisors with those who share a vision of a quality and equitable education for all,” Gulati said. “As highly visible ambassadors of UC Davis and the School of Education, Board of Advisors’ members expand the school’s connections to the community, and I look forward to contributing to the board’s efforts to impact education.”
Ellucian announces that Gannon University (Gannon), a private, Catholic university in Erie, Pennsylvania, has selected Ellucian CRM Advance to more dynamically build alumni relationships and better support its fundraising efforts.
In 2018, Gannon began a search for a modern customer relationship management (CRM) solution that would enable personalized communication with stakeholders and alumni along with increased operational efficiency and strong configuration capabilities for staff. The university also required more robust analysis and data reporting tools to drive effective fundraising campaigns and increase accountability. After evaluating competitive offerings from other vendors, Gannon selected Ellucian CRM Advance because of its flexible platform, advanced features, and native integration with the university ecosystem.
“We chose Ellucian CRM Advance due to its highly configurable nature and because it enables us to create the exact reporting, data analysis, and functionality we need,” said Gannon University vice president of advancement Scott Rash. “In addition, Ellucian’s detailed demonstrations and commitment to our successful partnership during our search highlighted their standout focus and expertise within the higher education advancement space.”
With CRM Advance, Gannon will have the ability to drive increased campaign performance with customized intuitive dashboards, relevant reporting and more robust analysis of meaningful data. Improved workflow management will enable Gannon to further streamline outdated manual processes and increase overall productivity and efficiency for its staff. Additionally, enhanced features within CRM Advance will allow for more impactful constituent engagement, translating to better long-term relationships between the university and its alumni and supporters.
“We couldn’t be more excited about this partnership with Gannon University and we look forward to watching CRM Advance enable the university to advance its mission, serve its students and community, and inspire philanthropists to transform lives,” said Ellucian associate vice president of advancement Beth Brenner. “Today, it is essential for colleges and universities to have technology that empowers their staff with access to a holistic view in order to develop data-driven strategies and execute innovative campaigns. We’re proud to help such a forward-thinking institution achieve its philanthropic goals.”
You know what you’re doing, and the service you’re providing is helping teachers teach and students learn. In my case, that’s directly what my colleagues and I are doing, putting teachers and students together in web and video conferences, integrated with their learning management systems. I know what we’re doing is making the process of education easier, better and more efficient. We’re absolutely helping more students access their teachers and helping more teachers use the modern tools of teaching.
That’s comforting. And rewarding.
But it is also isolating and challenging at the same time.
The 22 part is that for anyone to recognize your work, they have to see you, know you’re there. They need to understand that great bridges require great bridge builders.
The catch part is that, if you do your education IT job well, you’re invisible. Your IT can be so good, so seamless and so intuitive that no one has any idea you were ever there. Or that it did not simply just work that way to start.
In IT, being invisible is winning, even though it may not always feel that way. I liken it to what a studio-level makeup artist must feel – you know, the person who makes movie stars look great or gruesome, depending on the role. If you’re at the movies and you’re talking about the makeup, something probably went wrong. It’s only when they’re really good that they can fade away.
And sure, knowing you do good work is satisfying. And please don’t misunderstand, I’m not in this business for glory and adulation. I feel certain that almost no one goes into education for that. Still, what we do – those of us who build the bridges and apply the makeup of education IT – is not easy. Or free, unfortunately.
It can also be a marketing challenge. Wrap your head around this sales pitch. “What I do is so smooth and subtle that, once you start using it, you won’t notice it all.” Where do you sign, right?
I exaggerate. People do notice when they have to drive around a river instead of having a bridge to cross. But once it’s up, people don’t remember what it was like before. And people who’ve become used to driving around an obstacle, or not traveling at all, don’t know cool bridges are available.
Polluting my metaphors again, I think back to the talented make-up artist who probably has to go pitch new producers and directors by saying, “You probably didn’t notice me at all in this other movie, but …”
To tell you the truth, though, I’m not deterred by the education IT paradox. Solutions that work are always in demand. Bridges are easy to sell when people have to get somewhere. When people look at nearby towns and cities and say, “hey, how did you get that cool bridge?” the phone rings.
And the big education dynamics favor companies like ours. More and more people are studying online, and more schools are needing to invest in tools that make that reality easier and safer.
But as it does, I feel for others in education IT or in IT in general – on staff or on their own. I know that some of the best among us are the least seen. That’s what happens when we do our jobs well. And it can get old. It’s also not likely to change. I cannot see a future in which IT solutions have pretty construction plaques saying, “Built by Julie Carter at IT Solutions in 2019” or whatever. So, we’re just going to have to accept that as the way it is.
At the same time, we can take comfort in the real value we’re providing, unseen as it may be. Cynical types may say that gleaning value from the service you provide, regardless of recognition is cold comfort. I prefer to think of it as warm comfort. It can be easy to forget that IT is about making connections and helping people do great things, in our case, helping people learn. When we do that, we’re doing right, whether anyone notices or not.