The growth of the mobile computing space and proliferation of devices represents a force to be reckoned with, impacting virtually all industries and sectors. ICT consulting and service development specialist Ukuvuma Solutions points to the convergence of mobile solutions within the education sector – and greater access to information and channels of distribution – as an example.
But with this convergence comes the responsibility to ensure higher levels of security.
“Evidence of the radical shift towards a more digitised platform for education is everywhere,” says Andrew Chester, Chief Information Security Officer at Ukuvuma Solutions.
“Never before has information been as accessible, via Internet-connected devices, and distributable, via electronic books (or eBooks) or online – content, as it is today,” Chester continues.
“We have already witnessed traditional exams breaking the mould and moving to online platforms, such as Prometric and Pearson VUE, which provide immediate recognition in the form of instantly knowing whether you have passed or failed an exam. This includes functionality such as showing you what your final mark was, as well as the areas in which you need to focus and learn more about before attempting the next exam,” he adds.
The availability of content and the ability to reach learners instantly via mobile solutions, such as tablets or iPads, is one of the reasons why education has warmed to the idea of mobile solution application.
However, in as much as this technology has the ability to add lasting value to educators and learners, the issue of security is a crucial one to address.
“The important thing to remember, regarding these devices, is that they are in fact only small form-factor computers and are just as vulnerable (if not more vulnerable in the mobile format) as normal computers. More so, they present an entirely now exploitable vector within an educational (or any) institution, today,” Chester continues.
To illustrate his point Chester speaks of the danger of technology being used to leak exams and commit other acts of fraud.
“Imagine if a smart device is used to exploit the online-based exam platform. What if the text book is laden with viruses and other malicious content which allows anyone to exploit an institutions ICT environment from the inside? Users of such systems can easily manipulate information, leak information, or bypass system requirements completely.
“All of a sudden you have exams being leaked, exams being passed without answering one single question or your institutions ICT environment, containing intellectual property and information, completely laid bare for anyone to use and access without you realising,” he says.
A proactive approach is best
Ukuvuma Solutions suggests that while the situation may appear to be dire, institutions can take proactive steps to ensure that information and platforms are secure and remain so, and, at the same time, empower learners and academics with cutting-edge content.
Such steps include securely provisioning smart devices, in terms of software security and secure, auditable, trackable content. Another option is to utilise geographic information (which is available by default in these devices), enabling users to only access certain information within a certain location.
There are many ways to securely provide the content to users and students, as well as limiting access to that information. However there is no such thing as 100% security, and a security implementation requires an in-depth approach. Ask yourself the following questions:
* Do you know who has access to specific information, and when/where they’re accessing that information?
* Do you know what is connecting to your ICT environment, or what is happening within that environment?
* What is your current exposure, and how will you know if malicious activity is on-going?
* What could you do if you had unfettered access to your organization’s ICT resources?
“ICT Security, in any organisation, goes beyond only securing the end-user’s device,” Chester continues.
“In-depth security includes tasks such as knowing what is going on within your ICT environment, and being able to track events in realtime and classify them. This includes the ability to securely provision access to your ICT environment and know when your environment or systems are under attack or compromised.
“Lastly, knowing whether your information is accurate, confidential and authentic are only some of the ways to ensure that your organisation remains on the bleeding-edge of education and being recognised as an innovate, enabling education provider,” he says.