As schools distribute Android and iOS tablets to their students, IT administrators must ensure that their web filtering solutions can authenticate, monitor and report the internet activity of all on-premises devices down to the user level. WFR 4.2, claims M86, “provides this capability, helping schools enforce regulatory compliance and maintain productivity, while introducing new tools on their networks without compromising filtering capabilities.”
New facilities in the software include LDAP recognition of the user rather than just an IP address, improved control over time-settings for individuals and/or group access to the internet, and improved security reporting.
Jim Culbert, information security manager at Duval County Public Schools doesn’t believe that schools can avoid promoting the use of new technology if they are to prepare pupils for the wider world. But, he adds, “along with these devices comes the need to ensure teacher and student safety. To do this, schools must be able to authenticate and monitor internet activities all the way to the user level, instead of the generic IP address.”
One difficulty is that ‘regulatory compliance’ differs in detail from country to country. In the UK, Dr Brian Bandey (a lawyer, scholar and research associate at Oxford) is a recognised expert in school e-safety. “If schools and academies”, he comments, “are going to take the decision (either officially or unofficially – actively or by default) to permit pupil owned tablets and other web-enabled devices onto their premises with access to their WiFi – then they need to understand that their Law-Based e-Safety Obligations to Pupils are immediately in play.”
But Dr Bandey thinks that ‘regulatory compliance’ is a misnomer. It is “not as a matter of what is often referred to as ‘regulatory compliance’ but through the action of Laws”, he continues. “Thus important Health & Safety obligations and their professional Duty of Care are engaged. It is well known that such devices are vectors for bullying and harassment. The School is obliged to assess this risk, take appropriate action based on such assessment, and in any event take reasonable steps to inform itself of the traffic on its network.”
The key, of course, is to know what’s happening on the school network. With this knowledge the IT administrator can adhere to whichever laws are applicable in each different country.