Identity Access Management
Identity and access management - what are the risks of new products and admin steps schools should take to protect themselves.
The risk is that information you own is taken and used in a way you would not like or that content or features on applications that are inappropriate for schools are just waiting to be found by curious students. This risk can be mitigated.
Having worked in the area of identity and access management for many years, architecting sophisticated systems, there is one constant that does not change and that exposes the risk, that is the human factor.
The human factor – people do not read the small print in the online terms and conditions of use, if they did they would immediately look at and change the default security settings that come with almost every bit of IT you use. Whilst we can be assured that the IT we buy meets the applicable standards in cyber protection and data controls it is usually down to us as individuals or the IT administrator in the school to check the security settings are right for our use.
Let’s not get too technical, to keep things simple, just as you control who has access to the building, the classrooms and the offices in your school, so you must control who or what has access to the IT in your school. Only connect to your network things you know and trust and need and the same principle applies to people. Only give access to people you know and only give them access to do the things you authorize them to do.
Remove all risks of harm – intentional or not. Remember the IT network can be an open door to the school when the building is locked. When someone leaves, remove all access, take them off the systems, when someone joins give them access they need, treat them as an individual. If you are paying a per user fee for software then don’t pay for things people will not use. Be wary of the Internet of Things, the most likely source of exposure to risk will be connecting something not built to connect exclusively to a school network.
Be mindful that the computer is a mass storage device, it is built to allow addition and removal of the information it stores. Your security is the key to that storage device. The good and not so good of automation is that the applications you are accessing are built to read and write information, you most likely do not know what these applications are doing.
Ed Tech is good for schools, many applications are designed to know who we are and what we are using, indeed the machine learning applications work on the basis of personalization. Make sure that you know what the IT application is adding to and taking from your school, it is your data and should only be used for your benefit.
Only give access rights to the people or devices that you know needed for the good of your school. If in doubt Ask!
Written for Ed Exec Magazine