Schools hold more sensitive data now than ever before so the importance of data protection is paramount for any institution whether they are primary, secondary, state-funded or independent. Primary Technology faces the daily challenge of ensuring that schools data is protected without disrupting teaching and learning in the classroom and without causing a headache to staff that take devices off-site.
This issue has come to light recently as a serious issue regarding data protection within a school made it through the Court system and as a consequence schools have been advised to ensure that devices which go off-site that contain confidential or sensitive information are encrypted to a given standard. At the Primary Technology Office our engineers have researched the implementation of encryption within the school environment and have various options available for moving forward which are suitable to different budgets and scenarios.
The standard Microsoft offering whichis available on the Enterprise version of Windows 7 and all Windows 8 versions
is Bitlocker. Schools with EES Microsoft licensing are eligible
to use any of the versions which support encryption. BitLocker allows full encryption of laptops without the hassle of remembering a complex multi-character passphrase, to boot a laptop a specific USB key is required. This is a centrally managed system, so schools can also have a master key locked away in the safe – so devices can be booted without a specific individual’s key. It also means you have a backup of recovery keys just in case the USB ports on a device fail or all copies of the USB keys break which we admit is very unlikely. Obviously depending on the number of devices in the school this could be a very time consuming activity, and if done improperly could render devices and data useless.
There is an Open Source and free offering which allows a per device encryption model. A backup of the key can be made onto a CD and kept safe, but otherwise it requires a long password to unlock a laptop. This is a good option for smaller establishments or those without EES licensing.
Data protection doesn’t just affect devices that go off-site though. All schools must ensure that staff members only have
access to information which is necessary for them to use. This can be achieved by giving users specific access permissions to the various storage areas which are used. How this would apply to a specific school will be up to the headteacher to decide with advice from the school’s technician or external technical support provider.
Another common vector for sensitive data is easy to use USB memory sticks. Both hardware and software encrypted sticks are available but with frequent failures and high prices these are usually not suitable for most schools to use. We would always recommend that data is stored on a device with FDE (full disk
encryption) in place.
It’s wor th noting that data protection doesn’t stop when a device comes to the end of its life. It is the responsibility of the school to ensure that their devices have a full audit trail when disposing of them and should ensure that the disks are erased to
HMG Information Assurance Standard number 5 by an accredited
Only by making sure their devices are secured whilst in use and then correctly disposed of and erased can a school be certain they are protecting their data throughout its lifecycle.
Primary Technology are a leading company offering ICT services to schools; from technical support, to hardware installations and hosted services. We’re always happy to help so feel free to get in touch.
Written by Josh Freeman,
0845 68 01274