Information security is a relatively new headache for schools which have rapidly computerised over the last few years. Indeed, some now have so much ICT infrastructure that they feature on the MIS 100 list of New Zealand’s largest user organisations.
Marlborough Boys’ College isn’t quite that big yet, with 300 desktop computers, but it’s a large enough IT shop to have been running five IBM blade servers since late 2005. The school also allows remote access through a Citrix gateway.
That technology, and the very specific group of people who use it, have to be protected. The technology also has to be protected from its own user community. And it all has to be done without the need for specialised security staff.
Information manager Peter Olliver says there are a wide variety of users among the school’s 1,000 students and 100 staff and the network is very fluid. Where in a business users will typically log on at the start of the day and log off at the end, in a school they log on and off throughout the day at the start and end of each period.
“It’s a constantly changing environment,” he says.
Also, users range from sophisticated hackers to absolute novices who are “likely to cock things up”.
“A lot of people are testing the systems, particularly in boys’ schools,” Olliver says. “Girls’ schools don’t have these problems at all, but in boys’ schools it’s a universal issue — they’re proving their manliness by what they can do.”
To answer those security challenges the school has used a variety of software in the past. However, none was satisfactory and one made the machines it was installed on “run like a 286”, Olliver says. It also degraded network performance.
So the school’s IT team went hunting for something that would both work and not pose a constant management headache. They researched three or four options before settling on Sophos, which is widely deployed in UK schools.
Olliver says installation, managed by AISCORP, was so easy he can’t remember any glitches and the software runs in the background so users don’t even notice it. The IT team can manage and monitor activity from a central console and receive a daily email report on activity.
The solution manages endpoint and email security across every server desktop and email gateway. It covers antispam, antivirus and policy enforcement to protect students from exposure to offensive material.
It is also a “set-and-forget” system that largely manages and updates itself, freeing IT staff to perform higher value work.
The software also works well with the Citrix environment by avoiding repeat scanning of files. “What that means for the school is that our IT staff can focus their attention on developing and supporting quality teaching programmes,” Olliver says.