Technology systems are very valuable. Even a modest system can represent an investment of tens of thousands of dollars for network devices (routers, switches, access points, servers, and similar devices that users never see). The cost of software to keep the devices functioning is frequently thousands of dollars per year as well. Including personnel and other expenses, the total cost of owning and operating an enterprise level information technology network exceeds the cost of the devices by several factors.
In schools, the network infrastructure is generally considered mission-critical as well; without the network critical aspects of the logistics and strategic goals cannot be met. To protect the investment and to maintain essential services, the network and information stored on it must be secured against physical threats (such as fire, flood, and theft) as well as network threats (such as viruses and other malware) and misconfiguration (through malicious intent or by accident). Securing systems against network threats and misconfiguration requires system administrators take steps to prevent unwanted changes being made to the system.
Network threats are detected and removed with (very expensive) software. In recent years, many network administrators have moved to unified threat management (UTM) devices to protect networks. All network traffic flows through this single device and software installed on it is configured to detect and quarantine or remove all varieties of malware and to prevent network intrusion. A UTM device can help identify computers that are infected with malware on a network as well as replace firewalls, content filters, and other devices that manage network traffic. Unfortunately, this software is not completely effective, but the responsible network administrator will install and use such tools to reduce threats to school networks.
The most effective step to prevent accidental or malicious misconfiguration of a system is to create and secure accounts that have administrative rights to computers, especially servers and other network devices. Only individuals who have knowledge of the network configuration should be provided with administrator accounts, and responsible network administrators will have and use standard user accounts and log on with administrator credentials only when necessary. Without an administrator account, only limited changes can be made to a computer.
If steps have not been taken to secure a computer or system, then it is open and users can make changes to the system. Potential changes include installing software (useful applications and extensions as well as malware), changing network configurations, and installing printers and the peripheral devices. While this does allow for systems to respond to users’ needs and new software immediately, it does expose systems to threats from malware, or changes that interfere with the functionality of the systems.
Computer systems are not either open or secure. Every system can be placed on a continuum from open to secure (see figure 1). Within a school, different systems serve different needs, which necessitates technicians configure them at different places along the continuum. In general, the more secure a system is, the more reliable it is. Servers and network devices are highly secured, usually kept in inconspicuous places behind locked doors. Further logging on requires an administrator account, so students and teachers cannot access the systems with their credentials. Computers in public places such as computer rooms and libraries tend to be quite secure as well; this minimizes the potential for quick degradation.
Computers on teachers’ desks tend to be the most open in a school. Ostensibly this is done to allow teachers the flexibility of installing software and extensions to make their machines flexible so they can support teaching. While this does allow teachers to test functionality without the need to seek the assistance of a technician, it is well known among technology leaders that teacher’s computers are among the least functional in schools. A teacher who indiscriminately installs software and web browser extensions often will introduce conflicting software and changes that interferes with performance.
Figure 1. Continuum describing ICT systems
School and technology leaders must negotiate the ratio of secure to open on various systems in the school. For ease of management, and to minimize complaints of malfunctioning machines, most technology leaders argue for greater security to reduce the workload of managing devices. In some cases, computers can be set up so that any changes made can be removed when the computer is restarted. Teachers generally appreciate that feature in computer rooms and on other shared devices but not on the machines they use for their own productivity.
When planning for secure versus open systems, the question, “How do we respond to a teacher wants to install software she learns about at a conference?” often illuminates the different priorities of different stakeholders. School technology systems must allow for educators to explore new tools while encountering few obstacles and provide for rapid deployment of or access to good resources quickly all while securing data and systems within the limits of time and budget.