In-depth: Security community dissects impact of Becta closure

With the closure of Becta announced by the government just weeks after the coalition took office, fears of the impact on schools' IT security have been rising, writes Amro Gebreel.

computer class.JPGWith the closure of Becta announced by the government just weeks after the coalition took office, fears of the impact on schools' IT security have been rising, writes Amro Gebreel.

Acting as a provider of guidelines, there are now growing concerns that in the absence of Becta, schools will let policies lapse and expose themselves to potential problems.

We asked a panel of security industry specialists, if they think that the demise of Becta could be bad for schools security, because without a body recommending standards and practices school could end up falling foul of good security practices?

Ian Moyse, Webroot's EMEA Channel Director tells MicoScope that Webroot had been working closely with Becta over many months and were nearing certification.

Although the demise of Becta will not change the actual security Webroot provides, it strongly believes in the value of the validation and certification provided by independent organisations such as Becta, who focussed on specific security requirements for the education sector.

"Schools have an added challenge as compared to a corporate environment; not only that they are under as much threat from spam, malware and malicious content, but they also have higher responsibility to look after and protect the more susceptible users.

In addition, school computers are used by multiple users who have no personal ownership of any individual machine and thus are more likely to be relaxed about their usage. Security protection for children is paramount in this environment. The more independent security advice and guidance our education system can benefit from the better."

Oliver Hart, head of public sector sales at Sophos, says that Becta had many years' experience of working with schools, providing advice and strategy on the effective and innovative use of technology and highlighting areas of concern for educational establishments.

Sophos believes it is necessary to have an organisation focused on providing high quality ICT advice to schools, particularly at present when there is a move towards more free schools and academies with autonomy being directed more towards schools rather than traditional LEAs.

"Without this focus, there is a danger that a number of schools will have poor quality ICT security practices in place at a time when legislation and the level of threat is at the highest it has ever been.

At its worst, this could lead to loss of pupil data as well as a reduced availability of IT resources in the classroom."

Neil Hollister, CEO of CRYPTOCard agrees that Becta's advice on the need to secure remote access to IL3 data with 2 factor authentication was essential for schools.

With increasing remote access, whether from staff to access SIMS management data or from parents to access online reporting, the question of who is accessing this data is critical. The common password is the weakest link in IT security today and must be removed.

He asks how schools were to be educated and encouraged to do this without Becta?

Nick Billington, Managing Director, BitDefender UK, tells us that the huge popularity of certain technologies like social networking and mobile devices, combined with the challenge of controlling and monitoring access for user safety, highlights the huge challenge that schools face on a daily basis.

There is no doubt that this is a big issue that is constantly evolving and developing as cyber criminals seek new ways to overcome the measures put in place to prevent exploitation.

"Having a centralised approach where best practice can be shared is clearly an important factor in prevention. It seems likely that the undoubted gap created by the demise of Becta will be filled by a more disparate combination of bodies and initiatives, and the danger here is that the standard of IT security in schools could slip."

Chris Davies, general manager of D-Link UK & Ireland, tells MicroScope that Becta was a valued organisation, especially for primary schools during the time when there was a huge investment in IT within the sector.

"Security and more specifically network security are fundamental areas for advice as it is key to pupil safety and the efficient running of our schools.

It will continue to be an ongoing concern for schools, so there is now a void that needs filling. Many resellers in the education market are already trusted advisors to schools, however the demise of Becta presents them with opportunity to grow this relationship deeper and further."

In addition, with budgets in the public sector becoming increasingly tight, it will be the resellers that go that extra mile with schools that are likely to prosper in the future, says Davies. In fact, over the coming year resellers can expect to see schools looking for more and more value from their IT investments.

"Resellers will need to make sure they are offering choice as well as advice, as educational establishments re-asses their IT procurement to achieve maximum value from every IT investment."

Stonesoft Appliance.JPGAsh Patel, country manager for UK and Ireland at Stonesoft tells us that the main aim of Becta was to make recommendations on how schools can benefit from IT in education and its closure raises many concerns.

He says that, firstly, there is now no ruling body to ensure technology is being employed accurately and, most importantly, safely.

"This is particularly worrying because of the sensitive nature of the information and the importance of it being held securely.

Secondly, if the schools are not educated properly on IT security, there is a high risk that they could have a more relaxed attitude than necessary, this could leave a gateway for hackers and could potentially jeopardise the children's welfare."

Patel adds that some of Stonesoft's channel partners are already feeling the pinch because of the recent government ICT cuts and from the demise of Building Schools for the Future (BSF) projects.

However the closure of Becta, in his view, may open a doorway in the sense that they have an opportunity to make recommendations to schools, perhaps policing their ICT projects in the same way Becta used to.

Robert Newburn MCP, Solutions Manager - Information Security at Trustmarque Solutions believes that it is true to say that Becta was starting to make positive steps in driving security standards in schools, with good guidance and polices in line with HMG data security policy and ISO27001.

"Unfortunately, good security practice is still lacking in many schools, with only an exception of schools demonstrating solid governance. Whilst Becta may be missed, of more concern are the financial constraints on schools implementing standards and controls.

Schools are increasingly aware of data security, particularly around sensitive information relating to students, however, when it comes to the crunch only a small degree of security projects go ahead, with the funds instead directed to front line teaching."

Newburn says security needs to be kept on the agenda for schools and small steps can make a big difference: "So far it has been the inherent culture of care within most schools that has protected their organisations, but without adequate investment and good governance we may see more schools failing to protect their systems, information and most importantly the students in their care."

Paul Evans, Managing director, Redstor tells MicroScope that the idea of a government organisation promoting IT in Education and simplifying purchasing, which Becta was tasked with doing, might sound like a worthy cause.

However, this was all based around the philosophy that schools, local authorities and private companies needed such help when in reality they were more than capable of sorting things out for themselves.

"Niche IT suppliers with innovative new ideas to technology problems faced by schools were automatically ruled out by Becta as they only dealt with a handful of large suppliers who were able to provide 'full' or one stop shop IT services." 

This in turn limited customer choice and in many ways prevented price competition.

Evans tells us that Redstor works with 85 LEAs providing data back-up services and device management, but despite having such an established education customer base and providing solutions that were saving the public sector time and money, Becta did not deal with Redstor directly and they had to work with an approved partner company such as Ramesys.

In his opinion, the Becta closure puts the decision making and onus of what to buy and why back to the people in the know and on the front line, namely into the hands of schools and their partners.

"Schools tend to trust their ICT partners at the Local Authority or Private ICT supplier and rely on them to help them research, provide advice and decide what to buy and from whom. Becta did provide some good high level advice and also assist with purchasing, however in these new austere times it was realised that this was not enough justification to save this quango from the chop."

Rik Ferguson, senior security advisor at Trend Micro says that many schools operate in very much the same way as small businesses, they do not have the benefit of a large IT team and even less frequently do they have the benefit of dedicated information security professionals.

"Becta did an admirable job of attempting to stay ahead of the technology curve and make rational technology and security recommendations to educational establishments.

By publishing, standards, guides, best practices and templates Becta filled a very important hole, one that schools often do not have the time or experience to fill themselves.

With their demise let's hope that local authorities are able to pick up the slack and offer comparable advice, the security of our schools and the information regarding our children should be paramount."

Read more on Data Protection Services