Dan Turner- Surrey School District

David Hawks- Absolute Software

March 10, 2008

Laptop Security in the Classroom: Best Practices for Protecting Mobile Learning

Agenda

• Market Factors

• Compliance, Protection, Recovery

• Effective Laptop Security and Sustainability

• Case Study- Surrey School District

• Additional Resources

Changing IT Landscape for Schools

K12 Market Factors

• Increased use of mobile devices

• Growing volumes of data stored electronically

• Legislation mandating compliance and data privacy

• Security Audits and Accountability

CPR- Basic Security

• Compliance:

» Complying with all applicable mobile data protection regulations, with an easily accessible audit trail

• Protection:

» Protecting data on mobile laptops using encryption, authentication and remotely delete data

• Recovery:

» Recovering lost or stolen devices returns them to the control of the District and sustains programs

Securing Your School’s Assets:

Market Factor- PC Theft

• More than 120,000 laptop thefts occur annually from Schools Safeware,

• 70% of computer crime is a result of “inside jobs” Gartner Group,

• 1 in 10 chance of a laptop being stolen and 97% are never recovered

Gartner Group & FBI

Theft is an increasing problem

PC Asset Challenges in Districts

• Ratio of IT staff to PCs– ONE I/T staff member to every 500 or more PCs (1:500+)

• Theft and Loss– ‘Not a problem at my District’

– Silent Budget Threat- DRIFT

• Limited Funding – Lose it & it’s gone (Self insured or no insurance)

– Life Cycle Management

• Sensitive information on Admin/Faculty/Nurse PCs – Compliance or face severe penalties

Market Factor – Data Breaches

• Financial Fraud overtook Virus attacks as the #1 concern for PC Security in 2007 (Source: CSI Institute, 2007)

• The Black Market for Identity theft is valued more that $5Bil and growing 60% year-to-year, faster than the Security Industry! (Network World, September 17 2007)

• Compliance is non-discriminatory and all organizations face fines of up to $5M for data breaches

Data Accountability and Trust Act, US House of Representatives, 2006

Data Breaches result from loss and theft

Regulatory Compliance

Regulatory Compliance– FERPA– HIPAA– State legislation (Data Breach)

Audit trail required

Need to know where assets are at all times

School Districts should not only know what software and hardware is installed on computers, but also who has access to them and where they are

Compliance, Data Protection and Theft Recovery

3. Compliance Risk

1. Computer Theft 2. Data Breach

Market Factor – Asset Management

• Gartner report shows many organizations can track approx 60% of their mobile assets, since many are off-the-network (Gartner Group, 2002)

• A Ponemon Study also found that 30% of I/T Departments would never detect the loss or theft due to off-network equipment (Ponemon, 2007)

• PC Drift can account for between 10-15% of missing PCs (Absolute Software, 1996-2005*)

Mobile Users Create Asset Management Challenges

Implement I/T Asset Management (ITAM)

• Optimize and provision software and hardware » Efficiencies and reduce costs

• Enables Software license compliance » Accurately track licenses, utilization, long range Tech Plans

• Informed decision making and asset management.» Intuitive dashboards and audit compliance

• Asset accountability » Tax payer

Mobile Computing: What is really going on?

– WHO are the laptops assigned to?• Teachers or staff leaving without returning assigned laptops?• District administrators or contractors traveling with sensitive data?• Students safety at risk because of the value of their laptop?

– WHAT if the configuration has been changed?• Can components such as memory easily be taken?• Software image integrity• User-Acceptance Policies enforced?

– WHERE are my assets?• Spread out over how many physical school locations?• Laptops moving from people to people?

Case Study- Surrey School District

• Project Overview– Largest District in British Columbia - 65,000 students, 120+ schools– 7,500 staff, 60 professional IT staff, 1200:1 computer to tech ratio– Needed a way to:

• centrally & remotely manage 13,000+ computers• quickly generate accurate data on computer hardware/software• Improve annual investments in computer hardware• Improve annual Investments in computer software

– (license and regulatory compliance)

• Challenges– Provide solution to address inefficiency of manual inventory counts– Address cross-platform requirements & TCO

Case Study- Surrey School District cont....

• Milestones– 1 image for each of 2 platforms established

– Automated process and discovery asset reporting

– Efficient and reliable tracking and license management

– Accurate reporting (99% HW & SW assets on pc clients)

• Solution Outcome– Software true-up processes went from 15 field tech’s visiting schools

over a month and half, to an automated process – always up to date!

– Real-time accurate data reports on hardware and software inventories

– Provision resources more effectively and efficiently

– Reduced Total Cost of Ownership (TCO) and improve efficiencies

Building Effective Security in Schools

•Effective End-Point Security Strategies Focus:

– Network access control– Asset Protection (Physical & Data) – Codified Security Policy and UAP– Vulnerability management – Contingency Plan

• Roles and responsibilities need to be clearly defined (Professional Development and TRAINING)

• Integrate Security policy and IT processes (Disaster Recovery)

• Faculty and Students understand/adhere User Acceptance Policy

80% of issues that can cause damage to an organization can be avoided by properly implementing processes in the above areas – Gartner 2005

Maintaining a Secure Learning Environment

Physical Security • Challenge- Comprehensive strategy

Safe Learning Environment• Challenge- Vulnerabilities

Accountability• Challenge- Lack of Resources/tools

Consistent Security• Challenge- Sustainability and funding

Don’t Rely Solely on Single Point Solutions Alone

Nearly 1/3 of end-users attach passwords to PCs

- Gartner

Encryption

Cable Locks

Firewalls

Anti-Virus

Stop tags

Single Point Solutions

Best Practice

BIOS

Device

Operating System

•Tracking agent: Deter theft, recover the asset

•Remotely Delete Data

•BIOS and Hard Drive Passwords

Network•Network integrity – Unique identities•Multi-factor authentication to control access•Control over network access from the end

point•Responding to systems damaged by attack

•OS Integrity – OS/Virus Patches•File oriented Encryption and Certificates•Secure backup/recovery of data •Fingerprint readers

•Full hard drive encryption / Vista•Secure back up of data•Locks and cables / STOP Tags

No single vendor does it all

Security- Layered Approach

Summary- SASS

Sustainability- Asset Recovery

Safety- Access

Accountability- Asset Management

Security- Data Protection

eToolkit

Vendor Resources

• Compliance Vendors– www.absolute.com www.altiris.com– www.pcguardian.com www.guardium.com– www.landesk.com www.peregrin.com

• Data Protection– Encryption/USB Device

• www.credant.com• www.pointsec.com• www.guardianedge.com• www.winmagic.com• www.safeboot.com• www.pgp.com

– USB Protection• www.volumeshield.com• www.Utimaco.com

– Data Delete• www.absolute.com• www.beachheadsolutions.com

– Content Monitoring & Filtering• http://www.vontu.com

• Theft Recovery– http://www.absolute.com– http://www.ztrace.com

End

Q & A

Contact information:

David Hawks Business Development

dhawks@absolute.com

http://www.absolute.com

410-499-5380

Thank You for your time!

1) PC Theft recovery

2) Secure Asset Tracking

3) Data Protection

Security Products

Education Institutional Protection Consumer Protection Staples & Office Depot