Dan Turner Surrey School District

1
Laptop Security in the Classroom Best Practices
for Protecting Mobile Learning

• Dan Turner- Surrey School District
• David Hawks- Absolute Software
• March 10, 2008

2
Agenda

• Market Factors
• Compliance, Protection, Recovery
• Effective Laptop Security and Sustainability
• Case Study- Surrey School District
• Additional Resources

3
Changing IT Landscape for Schools

• K12 Market Factors
• Increased use of mobile devices
• Growing volumes of data stored electronically
• Legislation mandating compliance and data
  privacy
• Security Audits and Accountability

4
CPR- Basic Security
Securing Your Schools Assets

• Compliance
• Complying with all applicable mobile data
  protection regulations, with an easily accessible
  audit trail
• Protection
• Protecting data on mobile laptops using
  encryption, authentication and remotely delete
  data
• Recovery
• Recovering lost or stolen devices returns them to
  the control of the District and sustains programs

5
Market Factor- PC Theft
Theft is an increasing problem

• More than 120,000 laptop thefts occur annually
  from Schools Safeware,
• 70 of computer crime is a result of inside
  jobs
• Gartner Group,
• 1 in 10 chance of a laptop being stolen and 97
  are never recovered
• Gartner Group FBI

6
PC Asset Challenges in Districts

• Ratio of IT staff to PCs
• ONE I/T staff member to every 500 or more PCs
  (1500)
• Theft and Loss
• Not a problem at my District
• Silent Budget Threat- DRIFT
• Limited Funding
• Lose it its gone (Self insured or no
  insurance)
• Life Cycle Management
• Sensitive information on Admin/Faculty/Nurse PCs
• Compliance or face severe penalties

7
Market Factor Data Breaches
Data Breaches result from loss and theft

• Financial Fraud overtook Virus attacks as the 1
  concern for PC Security in 2007 (Source CSI
  Institute, 2007)
• The Black Market for Identity theft is valued
  more that 5Bil and growing 60 year-to-year,
  faster than the Security Industry! (Network
  World, September 17 2007)
• Compliance is non-discriminatory and all
  organizations face fines of up to 5M for data
  breaches
• Data Accountability and Trust Act,
  US House of Representatives, 2006

8
Regulatory Compliance
Compliance, Data Protection and Theft Recovery

• Regulatory Compliance
• FERPA
• HIPAA
• State legislation (Data Breach)
• Audit trail required
• Need to know where assets are at all times
• School Districts should not only know what
  software and hardware is installed on computers,
  but also who has access to them and where they
  are

9
Market Factor Asset Management
Mobile Users Create Asset Management Challenges

• Gartner report shows many organizations can track
  approx 60 of their mobile assets, since many are
  off-the-network (Gartner Group, 2002)
• A Ponemon Study also found that 30 of I/T
  Departments would never detect the loss or theft
  due to off-network equipment (Ponemon, 2007)
• PC Drift can account for between 10-15 of
  missing PCs (Absolute Software, 1996-2005)

10
Implement I/T Asset Management (ITAM)

• Optimize and provision software and hardware
• Efficiencies and reduce costs
• Enables Software license compliance
• Accurately track licenses, utilization, long
  range Tech Plans
• Informed decision making and asset management.
• Intuitive dashboards and audit compliance
• Asset accountability
• Tax payer

11
Mobile Computing What is really going on?

• WHO are the laptops assigned to?
• Teachers or staff leaving without returning
  assigned laptops?
• District administrators or contractors traveling
  with sensitive data?
• Students safety at risk because of the value of
  their laptop?
• WHAT if the configuration has been changed?
• Can components such as memory easily be taken?
• Software image integrity
• User-Acceptance Policies enforced?
• WHERE are my assets?
• Spread out over how many physical school
  locations?
• Laptops moving from people to people?

12
Case Study- Surrey School District

• Project Overview
• Largest District in British Columbia - 65,000
  students, 120 schools
• 7,500 staff, 60 professional IT staff, 12001
  computer to tech ratio
• Needed a way to
• centrally remotely manage 13,000 computers
• quickly generate accurate data on computer
  hardware/software
• Improve annual investments in computer hardware
• Improve annual Investments in computer software
• (license and regulatory compliance)
• Challenges
• Provide solution to address inefficiency of
  manual inventory counts
• Address cross-platform requirements TCO

13
Case Study- Surrey School District cont....

• Milestones
• 1 image for each of 2 platforms established
• Automated process and discovery asset reporting
• Efficient and reliable tracking and license
  management
• Accurate reporting (99 HW SW assets on pc
  clients)
• Solution Outcome
• Software true-up processes went from 15 field
  techs visiting schools over a month and half, to
  an automated process always up to date!
• Real-time accurate data reports on hardware and
  software inventories
• Provision resources more effectively and
  efficiently
• Reduced Total Cost of Ownership (TCO) and improve
  efficiencies

14
Building Effective Security in Schools

• Effective End-Point Security Strategies Focus
• Network access control
• Asset Protection (Physical Data)
• Codified Security Policy and UAP
• Vulnerability management
• Contingency Plan
• Roles and responsibilities need to be clearly
  defined (Professional Development and TRAINING)
• Integrate Security policy and IT processes
  (Disaster Recovery)
• Faculty and Students understand/adhere User
  Acceptance Policy
• 80 of issues that can cause damage to an
  organization can be avoided by properly
  implementing processes in the above areas
  Gartner 2005

ABC
15
Maintaining a Secure Learning Environment

• Physical Security
• Challenge- Comprehensive strategy
• Safe Learning Environment
• Challenge- Vulnerabilities
• Accountability
• Challenge- Lack of Resources/tools
• Consistent Security
• Challenge- Sustainability and funding

16
Dont Rely Solely on Single Point Solutions Alone
Single Point Solutions
Stop tags
Cable Locks
Firewalls
Anti-Virus
Encryption
Nearly 1/3 of end-users attach passwords to PCs
- Gartner
17
Best Practice
No single vendor does it all

• Tracking agent Deter theft, recover the asset
• Remotely Delete Data
• BIOS and Hard Drive Passwords

BIOS

• Full hard drive encryption / Vista
• Secure back up of data
• Locks and cables / STOP Tags

Device

• OS Integrity OS/Virus Patches
• File oriented Encryption and Certificates
• Secure backup/recovery of data
• Fingerprint readers

Operating System

• Network integrity Unique identities
• Multi-factor authentication to control access
• Control over network access from the end point
• Responding to systems damaged by attack

Network
18
Security- Layered Approach
19
Summary- SASS
Sustainability- Asset Recovery
Accountability- Asset Management
eToolkit
Safety- Access
Security- Data Protection
20
Vendor Resources

• Compliance Vendors
• www.absolute.com www.altiris.com
• www.pcguardian.com www.guardium.com
• www.landesk.com www.peregrin.com
• Data Protection
• Encryption/USB Device
• www.credant.com
• www.pointsec.com
• www.guardianedge.com
• www.winmagic.com
• www.safeboot.com
• www.pgp.com
• USB Protection
• www.volumeshield.com
• www.Utimaco.com
• Data Delete
• www.absolute.com

21
End
Thank You for your time!
Q A
Contact information David Hawks Business
Development dhawks_at_absolute.com http//www.absolut
e.com 410-499-5380
22
Security Products

• 1) PC Theft recovery
• 2) Secure Asset Tracking
• 3) Data Protection

Education Institutional Protection
Consumer Protection Staples Office
Depot