All posts by Tony DePrato

Tony DePrato has a Master’s Degree in Educational Technology from Pepperdine University and has been working as a Director of Educational Technology since 2009. Currently, he works for Episcopal High School in in Houston Texas, USA. He has worked in the United Arab Emirates, China, South Korea, and Japan. In 2013, Tony DePrato released The BYOD Playbook a free guide for schools looking to discuss or plan a Bring Your Own Device program. Tony is originally from the US, and worked in multimedia, website development, and freelance video production. Tony is married to Kendra Perkins, who is a librarian.

Over Developing Ideas

By: Tony DePrato | Follow me on Twitter @tdeprato

Questions are the important thing, answers are less important. Learning to ask a good question is the heart of intelligence. Learning the answer-well, answers are for students. Questions are for thinkers. ~Roger Schank

Elevators are interesting. I use elevators as a model on the first day of any programming class, interface design unit, or STEM class. I find it fascinating to have students stop and think about how everything works and how everything is designed.

I use elevators because they are a universal norm; a mode of transport every student is familiar with using. However, the best part about using elevators on the first day of class, is everyone thinks they know everything about them. As students deconstruct the elevator, they realize there is an entire world of creation they have never noticed.

The day after the initial class, students often tell me they are angry. They are angry because now they are studying every small detail when they use the elevator, it is not longer just a quick hassle free ride.

Recently I  experienced two elevators in two very different hotels. The first hotel was a fairly standard US chain. The second hotel was on the upper end of the luxury scale in Asia. In both places, the elevators had horrible design flaws. I am certain that elevator number two was significantly more expensive to purchase. That fact did not negate the issues with user interface or reliability.

I began to wonder about the people who worked on designing these elevators, building them, and selling them to the hotels. These teams had to be worlds apart, yet, making the same mistakes. These teams obviously had very different and diverse backgrounds, yet, they ended-up in the same place with the same problems.

In a connected world this type of outcome should be fairly rare. It seems as if people should be able to study existing models, research back through history, physically explore and test systems that already exist, and easily interview people about their experiences. Yet, these team did not do that. I believe they worked in an insular fashion, and over complicated a traditional and reliable system.

Over Design and Over Development

Solutions are normally constructed with a series of processes all working together, and usually in some required order. There is a tendency for people to focus on a single link in the chain and the over develop that particular area. When this happens, the solutions and/or design weakens as a whole.

For example, assume someone is designing the security system in an elevator. The default process is to use a simple card swipe. Someone decides to make the product and solution more modern by removing the card swipe and switching to bio-metrics. This requires the use of fingerprints for everyone who is known to work in the building. The technology works, but many challenges start to appear:

  1. Dust on the surface is tough to manage
  2. The scanner is not adjustable, and not accessible to people who are in wheelchairs or on crutches
  3. The fingerprint database has an additional cost due to backups and emergency power
  4. A by-pass has to be installed for VIPs who may take the wrong elevator, thus allowing anonymous access
  5. Updating the system is slow, and requires all security guards to have an additional 6 hours of training

This example is not entirely fiction. There are many case studies on situations like this where people over develop solutions.  An older example, but truly timeless in my opinion, is the Denver Airport Baggage System. I will not go into details, but it is worth a read.

Another consequence of over designing and over thinking is stagnation. Good ideas simply never get off the ground. The desire for perfection starts to consume the project, and eventually, the momentum fades. People will generally find a solution or work around for their problems, even if that means compromising in areas that should be held to a high standard.

When solving a problem or developing a new idea the best rule to follow is to look-up and look-out. Explore the world and the ideas of the past and present. Find the same idea, or similar idea, and ask questions. Get the story, including the anecdotes, because facts and function are rarely where the secrets live.

 

Stop the Downturn: Data for Student Support

By: Tony DePrato | Follow me on Twitter @tdeprato

For many years I have been involved in student support planning. As an EdTech professional, I am heavily involved in managing and using student data. Student assessment data is normally used to make lists of students that need support.

The ideal scenario, is that students get the help they need BEFORE the grade falls below the recovery level. There is normally a point in the term where the grade cannot be recovered. The mean will be too low. If the school uses a few final exams to determine the final grade, the situation is even more dire for students who have early downturns.

Here are some recommendations for making certain that you are using student data correctly, and promptly, to support those who are beginning to have unfavorable results.

Set the Bar High

I start my trend analysis at the C+ level, or “average”, level. I look for students who have a C+, and see if they had a C+ the week before. This can be done fairly quickly in a spreadsheet with live data sets.

Students who have moved from a C+ to a C, a C- to a D, etc., would all need a weekly review.

This seems tedious, but I firmly believe interventions need to happen as early as possible in the process.

Do not Assume Students are Lazy

I am often guilty of assuming a student is simply not trying hard enough, or not paying attention. I think this is a very common initial reaction to falling grades.

Every student deserves to have the benefit of the doubt. Take the time to look at least 1-2 weeks back in the grading. Look for courses they are not struggling in, and see how the assessments differ.

Most importantly, take time to engage the student. Ask them about the situation, and listen for clues. Many times teenagers seems cagey, but they simply may not be able to articulate the problem.

Check the Class Average

Class averages often hold insight into student issues. If you have a class, and the average is 80%, and the grade distribution is on a normal curve, then prepare to have many students struggling.

That bottom group of students is going to be fighting all term for a low B or high C (80%-76%). This does not mean they need extra support, but it does mean that they need to be using their time very efficiently. The margin for error, and laziness, is very low.

Also, do not jump to make the class easier. Some topics are tough, and they should be.

Convert Standards Grades to Numbers

This is an internal process. Students and parents will not see the conversion. This is not about creating a 100 point scale. This is simply a better way for administrators to quickly review data. You can use any scale you wish.

If you have only three standard’s indicators, and you are only grading against four standards, you would generate 12 data points, per student, per assessment. That is 216 data points per 18 students, per assignment.

Assigning numbers to letters, using a simple find-and-replace function, would make it possible to run common mathematical analysis.

Require Regular Comments

End of term comments are nice, but they are useless for a true support intervention process. Teachers need to be required to tag assignments at the student level when those assignments indicate a downturn.

Many administrators are often sitting in a room without the teacher trying to understand the data. Simple comments bring clarity to assessment data. This is true even in standards-based environments.

I would even argue semester and trimester comments are useless. Action needs to be swift, and data needs to be updated weekly.

Require Teachers to Update Grades Often

Obviously, without data, no action can transpire. Data needs to be updated every 5-10 school days. If a teachers gives 4 significant assessments in a month, and updates their grades only once every 4-6 weeks, how far will the grade(s) fall before an intervention can happen?

Keep in mind there is a gap between the time the issue is discovered, and the engagement with the student(s). Every day matters. Make a point to be the annoying administrator who is sending “gentle reminders” about grading and data updates.

 

 

 

 

Scheduling , Why Wait?

By: Tony DePrato | Follow me on Twitter @tdeprato

If your phone battery is not at 100%, would you still use it? Or, would you sit and wait for it to charge?

If your water bottle is 50% empty, would you continue to use it, or would you immediately go refill it?

If a schedule is 70% ready to be built, would you start building it, or wait until you have 100% of the information?

Here are the correct answers: Use It; Drink It; Make It Now

Start Now, it is Never too Early

I have built many schedules. For new schools, new programs, residential life, and events. In my experience the most important rule about academic scheduling, PK-12, is to start now, because it is never too early. Literally, after the first week of the academic year, most schedule issues arise. Issues need solutions. Solutions need a process. Processes take time. Time is always the main currency of any PK-12 organization, and currency should not be wasted.

Scheduling is All About Percentages

Imagine  planning a very  traditional elementary school schedule. The homeroom kind of schedule found in many American Schools.

There are 50 teachers. In August the school is getting 10 new teachers. Do I wait for those teachers to arrive to plan the schedule?

Let’s state that another way. I have 83% of my team. Can I make a plan with 83% of my team? Yes.

Observable data and experience would easily indicate that very few people in a school want to be responsible for scheduling. This data would also indicate, that more senior staff are more likely to have the desire to be involved, as they are aware of the issues.

And, do not forget, these 10 new people probably have email or other methods to communicate their goals for scheduling well in advance of the start date. There is no need to wait for their arrival, to incorporate their ideas.

More than 50% of any team can get a tremendous amount of work done. The Pareto Principle is a further reminder that only 20% of the total team is needed to produce 80% of the required output. That is 2 out of 10 people, assuming they have the skills to do the work

Many times the motivation to wait is not related to waiting on data. It is the inverse. The person believes they have enough information. Therefore, they can simply wait to finish the work at an ebb in the their annual workflow. I know have done this many times, and it would be the misjudgment that haunts me the most frequently.

Percentages work both ways. Scheduling is deceptive. People often seem to look at all the information and conclude, “I can wait. I have 90% of the work done.”

In my experience, that last 10% takes just as long, or longer, than the first 90%. The last 10% often involves meeting niche requirements for students, negotiating time sharing with another division, a pending change to a curriculum that will add (or subtract) required hours, etc.

This is another reason to start scheduling for the next year, as early as possible. The time to complete the work is deceptive and often inconsistent.

Waiting for 100% of everything is a waste of scheduling time, and waiting to complete 10% is also a waste of scheduling time. Both strategies can have the same result: an incomplete schedule on opening-day.

The Reality of the Flexibility

There is something I like to call, The Reality of the Flexibility.

Often new scheduling ideas come from a sense of concern: Our children need more…or Our Children need less. Legitimate, and exactly what a school loves to hear from their staff.

However, most schools follow a curriculum, and have to meet requirements outside of their control. For example, a governing body may require every student have four, forty-minute Spanish classes every week. A curriculum connected to a third-party organization might insist that every high school student complete 120 minutes of mathematics every week. This list is endless and often complex.

Having discussions about making changes is important, but most suggestions can be quickly sorted into the “possible” and “impossible” categories.

The day has a finite amount of time, and the year has a finite amount of days. The number of changes possible in any schedule is usually a very small percentage of the total. The reality is, the schedule is usually not that flexible.

The Ideal Timeline

If you want to see some dramatic improvements in scheduling, and have a more pleasant summer vacation, I recommend the following:

  • After the first month of school, create a schedule planning document. Send it to anyone who is involved in scheduling. If you need to see a planning document, email me directly. tony.deprato@gmail.com
  • Have new ideas for schedules submitted by the end of the third month of school.
  • At the top of the second semester, top of the third quarter, or bottom of the second trimester (hopefully you see the pattern) have the first version of all the new schedules ready.
  • Gather feedback. Adjust. Repeat.
  • Do course requests if required.
  • After spring break plan a new schedule walkthrough for every division. Find the problems before they are real problems.
  • Gather feedback. Adjust. Repeat.
  • Have all final schedules in the hands of teachers, students, and parents by the last week of school. Include the following line: “Schedules may change slightly without notice.”

Finding SSO: Complexity for IT, Simplicity for You

By: Tony DePrato | Follow me on Twitter @tdeprato

SSO, or Single Sign On, is something I often discuss with school leadership, teachers, parents, and students. SSO refers to the ability for users to have one login and password that gives them access to all, or the majority of, the services they use. I have achieved this, and I would like to share the path I followed.

The Scope

The scope of SSO is very important. Many people will feel they have achieved SSO if their Google Apps account connects them to a few services. I would classify this as a very limited scope.

In the SSO implementation I am suggesting, the scope is:

  1. Email and Groupware Systems/Cloud (Google Apps, Office 365, etc.)
  2. School Information Systems (For example, PowerSchool)
  3. School Wifi and LAN Network Access. Accessing the network with the single account. This prevents unauthorized users from simply using the network with a shared SSID.
  4. Login Windows for School Owned Laptops and Desktops. This means users apply the same username and password for the school hardware.
  5. Printing and copying access
  6. Additional systems such as Follet Destiny, BrainPop, etc.

With this implementation, all the core IT services on-and-off campus can use, and require, the SSO. Each user uses one username and password to connect to 90% of their resources; and they simply match their username and password on systems that may not be compliant.

For the end sure, this is a transparent process.

The Heart of the Solution

Are you a Google Apps for Education School? If the answer is ‘yes’, then the answer to true SSO is a bit more complicated. Google does not offer a traditional directory service. In order to facilitate a full SSO implementation Google schools need a middle solution.

The concept is that the middle solution has permission to access and use the Google Apps accounts. Once this is enabled, the middle solution will sync and/or translate access between services. The login will either be the username(which is the first part of the email), or the full email itself. The password is managed in the middle solution.

I do not like to promote any specific services. However, for this design I made a special agreement with a company called JumpCloud. There are other services that will do the same job, and unlike traditional methods used for SSO, these cloud based solutions are easy to migrate from in the future.

If you are not a Google Apps for Education school, then odds are you do have Office 365. Microsoft now provides most of the needed features in their Azure Cloud, using Active Directory in the Cloud. This can be free, or licensed, depending on your needs.

If you do not have Google or Office365, then you probably can use any number of Open LDAP Cloud services, or you could technically build and host your our service with Amazon.

If you notice, I am staying in The Cloud. In my experience, very few schools have the in-house talent and resources to facilitate SSO using onsite servers. They can get the services to work, but the speed and quality is no where near that of the cloud based providers. I used a self-hosted solution in China for four years, and once I was able to move off-sight, the end user experience greatly improved.

Enough of the Tech Speak

If you are not working in technology, the sections above will help you immensely in speaking with your technology leadership about SSO. However, to rebound from the monotony of SSO vocabulary and processes, I would like to take a trip through the end user experience.

A new person (employee or student) joins your school. They sit down, and they activate their GMAIL.

When the GMAIL is activated, there is a message in their inbox. They open it. The message directs them to the middle solution provider. The user re-enters their password, and confirms their email.

A few minutes later they get another email, this one is for Office 365. The user opens it, and agrees to terms or service by entering their username and password.

From this point on, that username and password are now linked to all the services, including the school owned devices and network.

The initial steps can be done for new staff before they come to the school. This is an excellent time saver, and I find that new staff like this engagement. If they make a mistake, their email will always work for them. The other services are not critical until they arrive.

The student experience is a little different. I find it is best to have an initial registration process and location for new students. In this location, the WIFI network is open.

However, after they activate, they switch to their official network, and they sign-in with their new ID. Remember, there is no anonymous access. Once implementation is over, only those who are trusted members of the school can use the same networks as students and employees.

If you want to know more about creating seamless SSO experiences, or if you would like to share your own experience, please comment or email me directly, tony.deprato@gmail.com .

Thanks for reading.

 

 

 

The Accidental BYOD Solution


By: Tony DePrato | Follow me on Twitter @tdeprato

In 2008, I would have said Apple is the best BYOD solution for any school or family that could afford the platform. Then Apple started to change. I think it could be argued, they quietly have abandoned the education market.

Event the recent iPad and classroom management software changes barely address most of the issues. In fact, in many parts of the world, managing Apps legally and efficiently is not even possible.

Aside from oddly developed apps like Swift Playgrounds, iPad App development eventually falls into two categories:

  1. A Focus on Consumer Consumption over Learning
  2. A “Make it the way the App Says” Philosophy

There is no ability for students to go beyond the rules of the iPad, to change the rules of the iPad, or to create anything that was not predicted. The iPad experience is shallow compared to the opportunity to take a blank slate, and build it to a specification or idea(like an opportunity found on a laptop/desktop computing platform).

Microsoft has made amazing strides recently. Specifically, Microsoft products such as the Surface.  However, the Surface products are expensive considering their feature set. There are also security issues involved in running Microsoft products. The Microsoft hardware does not reflect the actual cost of ownership, when much of that cost is used for defending the organizational ecosystem.

It is difficult to recommend a Surface product to a family, because they can spend less for an Apple product.

The rest of the market is too fragmented to build a stable long term platform plan. Unless a school directs students to only by a specific make a model every year (and every year it will change), there is no hope to establish a level playing field with BYOD students.

But. Maybe there is hope. An unplanned, and possibly accidental partnership. Google Chromebook + Amazon.

Google has been a big education player for some time. Their services and branded hardware are dependable and flexible. The hardware changes often, but the Chrome OS is consistent.

Chrome OS is a solution for any school that has reliable internet access. Chromebooks can make an excellent hardware platform, yet have some reasonable opposition among many EdTech leaders:

  1. The platform cannot run powerful applications like Photoshop, Video Editing Packages, Etc.
  2. The platform is slow when working outside the core Google products
  3. Chromebooks have one official browser, and are not fully compatible with all websites/applications
  4. Although it is possible to code and create software on a Chromebook, the development options are lacking compared to those of a traditional laptop (This is important for schools developing computer science and/or app development curricula.)

What if these four issues were eliminated? Would the Chromebook be a better choice for most BYOD families or for schools buying hardware for students?

Enter Amazon Workspaces.

I tested Amazon Windows 10 Workspaces last year. I liked the experience, but had no reason to use the service. It occurred to me recently that if Amazon Workspaces supported Chrome OS, then I could create a flexible platform for BYOD that used Chromebooks.

Guess what? There is a Workspaces Client and App for Chrome OS.

512nmkgumll

I have tested this platform for the last 6 weeks using the new Samsung Chromebook and an Apple Laptop. I wanted to compare the performance of the Workspace’s Client service on two hardware platforms. Here is what I have found:

All four issues above were resolved. I even installed Photoshop and used it at the office.

Although Chrome OS is free, Workspaces is not free. They do have a seemingly affordable educational package. The downside to the Chromebook+Amazon combination is the entire process, of getting signed-up and calculating the price, is very convoluted. Amazon for Enterprise Business is mature. Amazon for education seems like a discount coupon, not a well directed initiative.

The next issue is setting up management for the Workspaces. The cost of doing this at scale is currently not clear. The cost is clear online, but the actual bills do not match the flat rates. I regularly ask for my costs to be explained. I send scenarios to people at Amazon to get pricing, and then I wait for the bill. The bill never matches the predictions.

I am close to having what I would consider an affordable and reasonable deployment model for Workspaces with Chromebooks.

Keep in mind with Amazon you pay for what you use. How many schools pay for a campus level licenses for Adobe Creative Cloud, yet only use a fraction of the licenses in any one semester?

How many schools give all students a license for Windows 10, just in case they take one or two courses where Windows is required for the curriculum?

Imagine only paying for what is needed, when it is needed.

Part two of this topic is pending until July, when I receive my next bill. 🙂 

Access Denied: Controlling What Students Can Access

By: Tony DePrato | Follow me on Twitter @tdeprato

Recently I have been discussing multiple new security measures for academic networks. From these discussions with other schools, engineers, and suppliers, I have created set of goals to help keep the development of network security on track and within budget.

Physical Access

Physical access can be managed without a great deal of expense. The goals to reach for are:

  • We allow only the devices we have confirmed and labeled
  • We can control the number of concurrent devices a user is using on the network
  • We can identify by IP, Serial Number, or MAC Address (or a combination of the three) the owner of a device
  • We can remove a user from network access, and restrict their devices, with minimal effort
  • We have processes and procedures to register devices; users can switch devices through these processes
  • Users can only circumvent the processes by giving their login IDs, passwords, and hardware to another person

These goals do not imply the direct management of equipment; nor do they capture user data. These goals ensure that devices on the network are approved, registered, and can be clearly identified.

Achieving these goals is the first step towards the concept that accessing the network is a privilege not a right. Privileges can be revoked. If revocation is not possible, then the concept/policy cannot be enforced.

Guest Access

Guest Access can be problematic for schools.  However, if your school is in a country that requires you to perform due diligence for network/internet access, then the Guest Access should be provided in a limited fashion, and only when necessary. Please review the laws governing access; especially where children under 13 are present.

If you are not sure what the laws are in your country, start here.

Topology

Topology refers to the way in which constituent parts are interrelated or arranged.

These are the topology goals that should be met before additional security is added:

  • Students, Teachers/Staff, and Parents/Guests are never on the same network/same IP range (not just SSIDs, unified IP ranges and access across the network should be prohibited)
  • Printers and other devices are not on the same IP range as the Wifi; those with access to printers and devices must be provided access
  • Data sharing should happen in the cloud; or in a device that has been configured with user authentication
  • LAN ports should not be using DHCP, if those ports are physically accessible by teachers, students, parents, or guests
  • Equipment on the LAN should be managed; given an IP address; and be easily identifiable
  • VLANs need to be created to meet most of the above requirements; VLANs should be planned out on paper and clearly mapped for decision makers to understand
  • All Access Points need to be named and numbered to reflect their exact location on campus

Web Filtering

Web filtering is often sold to schools as a turnkey holistic solution to manage content that students access. The truth is that web filtering will only, and always, be partially effective with students. Web filtering is highly effective in meeting the following goals:

  • Controlling what teachers and staff access
  • Controlling what guests access
  • Controlling what school owned devices access (devices that stay at school all the time)
  • Preventing accidental content being shown/broadcast on school owned devices
  • Meeting most due diligence standards concerning laws that govern content access and control
  • Showing an overall data set to help guide decisions based-on what people are doing and trying to do online

Web filtering has two main issues. First, HTTPS content can be blocked but not read.
This means when students go to HTTPS websites, the school will not know what they are doing, and/or interacting with on those site. Since 2018, HTTPS is used more often by webusers than the original non-secure HTTP. A few years ago, a person could type http://facebook.com . Today, everyone is forced to https://facebook.com .

Because many schools want to use web filters to study student access data, they will fail to achieve that goal, regardless of the fact the filter claims it can read the data. The filter can read some data, but not all; and currently not most.

Second, students can install and run VPN services fairly easily. When they do this, most filters are circumvented. Keep in mind that good VPN services are not free. Having those difficult conversations with parents at the beginning of the year, and as frequently as possible, is often more valuable than new snazzy technology solutions. If parents enable behavior, it is very difficult for school policies to be successful.

In summary, Physical Access, Guest Access, and Topology goals are usually achievable with current network hardware and software solutions employed by schools with a population of 500 users or more. Achieve these goals first, before investing in web filters or other solutions.

Remember, giving students freedom to work and create will create security loopholes. Depending  solely on technology solutions in an environment where education opportunities are abound is a bad strategy to pursue. There is no substitute for engaging students in dialog when they are acting inappropriately.

Tech Support Problems, Apathy, & Solutions

By: Tony DePrato | Follow me on Twitter @tdeprato

Recently I was reading a Technology Directors’ forum, and noticed that a few very well established schools were explicitly looking for people to assist them in improving their technology support system (Help Desk, Help Tickets, etc.)

Reflecting on how I design and implement such systems, I began to wonder if these schools have looked at the core foundation issues that cause problems in systems that support a variety of tech-ecosystems and networks.

Why Does Anyone Need Tech Support in 2018?

The question may seem obvious, but this question should be asked every year: Who actually needs support and why?

Why do teachers need someone to come to the classroom to help them? Is the equipment old and/or inconsistent? Is the classroom design too complicated? Does the classroom equipment not work well with the teacher’s issued device(s)? Are students unable to use or manage their devices? Are the deployed software and services too difficult to master?

For example, if a school is running Google Apps for Education or Office 365 for Education, is the school running these newer solutions using and old model? That would cause many problems for end users. End users would be trying to follow an internal plan, that conflicts with the external supplier’s solution. Google and Microsoft are external suppliers, and they do have  recommended implementation plans. In this case, the school has created a problem that will now need support.

The truth is, tech support and training are not the same thing. Asking support staff to execute tasks that an employee is required to do is a massive use of support time. The support staff is not the end user. Meaning, the support staff person is not a teacher. This means they will be very mechanical about explaining how things work, but possibly not very practical. Many issues are strictly job related, and require training from peers, not IT support staff.

The goal of anyone who is planning technology support, or facilities support, should be to eliminate the need for support. Expanding support around problems, will simply make those problems worse. Problems need to be eliminated to reduce the need for regular support.

Why Do Tech Support People Seem Apathetic and Annoyed?

Tech Support is actually a proper career. There are people who choose to be, and are employed as, tech support engineers or specialists.

In most schools tech support is usually an additional duty. Schools often have employees who are systems engineers, data base specialists, etc. assigned to do tech support. Why? Because, after all, if you have an IT job you can help people with IT. If that logic were true, every biology teacher could teach physics, and possibly serve on an ambulance as an EMT.

When people are spending most of their time away from their primary role, or outside of their primary comfort zone, they can develop a sense of resentment. In addition, people working outside their primary role will tend to make more mistakes doing other tasks. These mistakes often lead to public and unprofessional language exchanges. The cycle leads to further demoralization, and creates an environment of apathy.

The Way Forward

Over the years I have developed a few simple rules to handle support issues:

  1. De-personalize the process
  2. Divide-and-Conquer
  3. Follow-up Often
  4. Predict the future

De-personalize the process

The worse thing you can do is use personal email for tech support, or facilities support. There are some systems that work with a group email address ( eg. helpdesk@myschool.com).

However, even those systems trick the end-user in believing the email is going to a person. Email request systems, at least professional ones, route based-on criteria; or get posted in a list until a person delegates the work to someone.

The basic rule to follow is to use online forms or support groups (like Google Groups). Make certain individuals are not connected by name when they give support. Never allow teachers, or other stakeholders, to use personal email addresses for routine support.

Divide-and-Conquer

Support needs to be assigned to the person best suited for the job. Although some support can be generic and auto assigned, it is best to have routing system to send certain requests to certain people. For example, I have a form that has PowerSchool as an option. If someone selects PowerSchool, the request goes to the best two PowerSchool support people on staff.

Follow-up Often

From the moment a ticket is submitted, the end-user should automatically get a confirmation their problem is in process. When the problem is solved, they should get a notice. If their problem is pending for some reason, they should get another notice. If the issue is not solvable, the end-user needs a personal email, phone call, or face-to-face visit to explain in detail what is happening.  Complaints from end-users are often regarding a lack of communication.

Currently, my support form tells each user what their number is in the queue. This small feature has been very well received.

Predict the Future

This is not as mystical as it sounds. Support issues should be collected as data. This is another reason email is a bad option, unless the emails go into a categorized database. Patterns emerge in the data. Patterns can be used to find the next problem.

Sometimes technology fails in a single instance, but usually technology failure happens in batches or waves.

If you would like to know more about building custom and free Support Systems with Google Apps and Office 365, please contact me at: tony.deprato@gmail.com  . 

Keeping Your Campus Safe: Who Can Do What

By: Tony DePrato | Follow me on Twitter @tdeprato

When a school network is designed, various levels of access have to be created to manage content access. The easiest way to approach this is to place students, teachers, staff, and others into groups. The group is then managed. If an individual becomes untrusted, they become a non-group member, and thus cannot access anything.

Groups have an ID, this is something people never see. To get into the group, people have a personal ID, this is something people use everyday. They never consider all the places their ID (username and password) travels.

In the physical space, group IDs and access indicators are also needed. These need to be designed so they can be visually recognized by members of the community. In addition, buildings and facilities need to be designed to accommodate certain groups, but not allow others.

Group IDs in the Visual Space

I have already spoken about uniforms, but many schools do not use uniforms. Dress code is definitely a manner to identify a group students, but beyond that, there are many other ways to know who is who and what they should be doing.

IDs

Student IDs are often the same for all student, and many are the same template as staff IDs.

IDs for different groups should vary visually. This allows anyone to quickly look at the color, and make a decision about access to facilities, food options, etc. Having to stop and read, requires engagement. Engagement either requires a sense of authority, or it can make a person feel as if conflict might ensue. Colors remove the direct engagement aspect of managing people in physical spaces from those who might only want to report a problem.

For example:

K-5 Students

6-12 Students

K-5 Teachers

No Go Zones

Libraries, Cafeterias, and other large areas should have spaces that are “student only” and “parent/guest only”. These spaces should separate students by age group when possible.

People who are managing these spaces need to manage problems over a larger landscape. They should be able to politely direct anyone to their proper area, without conflict. These areas can be labeled, and color coded. Colors could match IDs (or guest passes) to help everyone navigate.

For example, students in the middle school might have red ID cards. Middle school bulletin boards, information screens, etc., could all have a red border. Anyone noticing a student with a blue ID, would immediately realize that student is in the wrong building. Trying to sort students by size is something teachers try to do, but that practice is not very accurate when students are close in age.

Driving and Parking

Access to campus often starts with transportation. Although schools usually have buses and public transportation options planned, personal vehicles are often loosely managed, or not managed.

Schools tend to believe that issuing parking stickers to people, and then assigning them a parking lot/space, is enough. However, schools need to consider why people need to drive, and if it should be a right or a very limited privilege.

I have worked at one school that had no parking at all. It was in a city, and space was at a premium. If people needed to drive and park, they had to use public parking options. This meant that it was nearly impossible to have unscheduled visitors. Anyone coming to the school would make an appointment to ensure their paid parking was used efficiently.

As people evaluate campus safety, they need to consider that anyone looking to create a negative situation would need a staging area. There would need to be access close enough to the school to allow someone to prepare. Vehicles make excellent staging areas. The closer vehicles are to buildings and entrances, the greater the risk.

In addition, schools are full of children running around and not always paying attention. Vehicles allowed to move within spaces where children are walking can be very dangerous. Ideally, these types of vehicles should only be allowed if escorted or properly directed.

If I really wanted to make campus access secure, I would run shuttles from designated areas. In an ideal world, those areas would be owned by the school, but at least 5 minutes from the campus by shuttle.

A small parking area could be created for certain groups of people, but all visitors and guests would be scheduled and shuttled into the campus.

Students would never be allowed to drive to campus. They would need to park and shuttle; or park and bike/walk to school.

School’s should be friendly communities, but communities are often not in the public domain. Access management is important, and it does not have to be overly complicated or expensive.

Group privilege is a privilege. It can be earned. It can be lost. It must be managed.

Keeping Your Campus Safe: Access Levels and Groups


By: Tony DePrato | Follow me on Twitter @tdeprato

I spend much of my time thinking like a cyber attacker. I read about how various threat vectors are introduced into systems. I imagine the scenario with regard to my school and network. I simulate those threat vectors, and test the boundaries inside and outside of the school.

I empathize with all those people in the world trying to make schools safe, without destroying the open and harmonious structure many educators are trying to maintain. The task seems overwhelming.

I listen to and read ridiculous arguments that are only viable arguments after the fact. I have been a bystander, simply empathizing. However, I do I have some ideas on how to make campuses safer.

This will be a two part post. I am going to explain how to use common strategies employed in network security (hopefully most campuses are already following these strategies) to enhance physical safety and security.

The NESA Conference

A few years ago I attended a conference in Dubai hosted by The Near East South Asia Council of Overseas Schools (NESA). I attended a full workshop on school security lead by a US Military specialist who helped embassies, and schools with embassy children, harden their security.

From my participation and review of my notes, I realized that the strategies taught in the workshop were very similar to strategies used in network security. Since then, I have used these strategies to enhance network security in very “aggressive” security environments.

One of the main areas that resonated with me was access levels and access groups.

Understanding Access Levels and Groups

Within the school community there are three main Access Levels. They govern foundational access to the school. Each one has groups within it, and in some cases, sub-groups.

Main Access Levels

  1. Active and Enrolled
  2. Deactivated and Unenrolled
  3. Potential and Unknown

Groups

  1. Students
  2. Teachers
  3. Administration and Support Staff
  4. Parents
  5. Third Party Support (Government Inspections, Sub-Contractors, etc. )

Schools tend to obsess over Level 3 (L3), Potential and Unknown. They are following the “stranger danger” philosophy even though statistics tell us that most violent crimes occur within Level 1 and 2 (L1 and L2). Because of this fear of strangers, the main areas of risk are often not fully vetted for loopholes.

Each level and group must have a protocol to follow when coming to the campus. These protocols can take the form of nice waiting lobbies, parking lots far from the main building, finger print scanning for employees, etc. Protocols do not have to be impolite or obtrusive.

If a single group in a single level is left without a protocol, then a loophole is created. A threat from that loophole is then possible.

In fact, new families wanting to enroll in the school fall into L3, yet their only motivation is to apply for education, or enroll in a new public school. They would be more harshly scrutinized than a parent of a currently enrolled student.

Why doesn’t that logic make sense? Because good security follows a simple common sense concept: never trust, always verify. In network security many people refer to the most stringent of these practices as Zero Trust Architecture. Or simply, just because we let you attend the school, does not mean you are shielded from on-going verification.

This is the same reason wifi networks need usernames and passwords; and passwords need to be changed and not recycled on a regular basis.

School Uniform Protocols Are A Good Example of a Security Loophole

School uniforms bind students together. As a large group, they all basically look the same. If a young child is wandering aimlessly around the campus without a uniform, every adult can quickly conclude that the child is not enrolled in the school; and they are missing their guardian. Simply not having the uniform allows quick action and decision.

In the early 2000s, I was walking through the hallway of my high school building. I noticed a student, in uniform, but I had never seen the student before. There was no notice of a new student sent around to the staff. I immediately engaged the student in conversation, and very quickly realized that they were not enrolled in the school. As a prank, they had stolen an old uniform from an actual student, and came to our school for a day.

Schools ask families to buy uniforms, but how many manage uniforms when students leave the school? How often do they change the design, the logo, the patch, etc. ?

To eliminate the uniform loophole, schools could issue a removable patch to students that changes annually, and then collect the patch when the term ends. Schools could offer a used uniform buy-back program and then recycle the clothing to a charity outside the immediate area. Without some type of plan, used uniforms create the potential for a security issue.

The students in L1 and L2 have the uniforms, no one in L3 would be able to easily buy one without proof of enrollment. Worrying about the L3 people getting a new uniform from a shop without proof of enrollment is statistically flawed. The real issue are those who know about the uniforms, have access to the uniforms, and know the loopholes in the planning. The real problem are those trusted once, and never re-verified.

In part 2, I will discuss how segmenting levels and groups can work without upsetting the physical environment. This will be based off of common techniques used in Wifi network management from schools to Starbucks.

Sources:

https://www.bjs.gov/content/pub/pdf/vvcs9310.pdf

https://www.bjs.gov/index.cfm?ty=tp&tid=941

Killed by a Stranger: A Rare Event, but a Rising Fear

https://www.backgroundalert.com/pa/?paid=6

https://www.csoonline.com/article/3247848/network-security/what-is-zero-trust-a-model-for-more-effective-security.html

 

Mobile Phone Shutdown

By: Tony DePrato | Follow me on Twitter @tdeprato

During the first few weeks before my new campus opened, many people wanted to know what the mobile phone policy would be for students, especially those students living on-campus.

A decision was made to allow teachers to set their classroom norms, and to give the students an opportunity to use technology responsibly. This very open policy would be applied, and results would be evaluated.

The first month of school yielded some very interesting results, and eventually lead to a big change not only in policy, but also in campus culture.

The Real Issue

The assumption most adults and educators make is that students will waste time while using their devices in class.

The truth is that students using mobile phones outside of the classroom, is in fact a severe waste of time compared to the time lost in the classroom. Policies focusing on controlling students and preventing them from enjoying some form of entertainment while in class, are missing the core issue(s).

The real issue with students who are engaged in very high levels of screen-time, is that the engagement negates their time to socialize. The device, ironically, pushes them further apart from one another, even if they are using the device to communicate.

Classroom use of devices can be very beneficial. Teachers can task students and keep them working and interacting, while socializing.

During the first month of observation, when left to their own prerogative, students in social situations would default to the use of social media apps and free or freemium games instead of talking to one another.

The students were not engaged in deep discussions, academic information exchange, or even conversations about making plans for their weekends. They were just engaged in activities that had a short and very shallow feedback loop.

My personal observations were combined with others, and everyone agreed that we did not want a campus culture that encouraged students to not socialize; to sit alone and stare at a screen; and that seemed to push curiosity to the floor.

The Policy and Procedure 

Writing a policy to ban devices is not easy. The task seems easy, but if the policy is to be enforceable, then it has to be well thought out. Whenever anything is taken away, a negative impact occurs somewhere else.

The policy itself is simple, “No use of mobile phones on campus during academic hours.”

The policy must be simple. I often fall into the trap of making options, but options are difficult to manage. Options are difficult to explain. Options are difficult to translate to students if they are not native English language speakers.

The policy should be followed by a positive exception. In other words, “When and where can students use their devices ? ” This was clearly defined, so that students and parents could plan on a regular communication pattern after academic hours, but before study hall (remember most of these are boarding students).

Finally, the consequences have to be mapped out clearly. With any set of consequences a negative impact can occur to someone, or some place, if policies are planned haphazardly.

The school found two locations with staff who were already managing student discipline. This created a distributed and nominal impact on those people working in the offices. There was no additional staff or equipment required to implement the policy.

The consequences created by the policy writing team were clear and strict:

  • For the 1st offense, your phone will be confiscated and withheld until the conclusion of the following academic day. This will be logged on PowerSchool for your parents and advisor to see.
  • For the 2nd offense, your phone will be confiscated for 3 days, a call will go home to your parents, and the incident will be logged into PowerSchool.
  • For a 3rd offense, your phone will be taken for an entire week, your parents will be called, and the phone will need to be picked up and collected by your parents in person.

The Aftermath

So far nothing. I wanted to have some type of amazing story to tell, but nothing bad has happened. I have asked around 60 students how they are doing without their devices.

They have all said that it is not a big deal for them, they have a time to use them, and they do not want any instances logged into PowerSchool for their parents to read.

In addition, the number of devices confiscated is actually lower than it was before the policy. We still have some classes using mobile phones as cameras everyday, but outside of those classes, I have not see any students breaking the rules.

Of course, they are breaking the rules sometimes, but not lunch. Not at assembly. And not during those other daily opportunities where students meet in groups and socialize.

A week ago I walked into assembly, and students were playing music, laughing, and talking. It was loud, and I was extremely pleased.