+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
Windows 7 Thread, Hard disk encryption software in Technical; Originally Posted by edutech4schools Why not use a vpn and give staff access to the data on the server from ...
  1. #16

    Join Date
    Nov 2006
    Location
    Redcar
    Posts
    62
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Quote Originally Posted by edutech4schools View Post
    Why not use a vpn and give staff access to the data on the server from home, that way they never need to carry school data on a laptop.
    That's not really a bulletproof solution, and wouldn't be a credible workaround to the ICO, as you are not enforcing a policy of no mobile data unless it is encrypted.

  2. #17

    Join Date
    Apr 2006
    Posts
    388
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    44
    Quote Originally Posted by cogrady84 View Post
    That's not really a bulletproof solution, and wouldn't be a credible workaround to the ICO, as you are not enforcing a policy of no mobile data unless it is encrypted.
    This ties up nicely with the Laptops for Staff implications thread.

    A school nearby no longer purchases laptops for teachers - this trend started at a time when home PC's were fewer and further between after all - and instead each classroom has a desktop and home access to data is via VPN and Terminal Server, so in theory no data leaves the site. Staff work on lessons at home and bring them on memory sticks.

  3. #18

    Join Date
    Apr 2010
    Posts
    2,033
    Thank Post
    82
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    That's not really a bulletproof solution, and wouldn't be a credible workaround to the ICO, as you are not enforcing a policy of no mobile data unless it is encrypted.
    Are you saying that the way banks ,businesses, universities etc using vpn to access a server is not bulletproof or have I misunderstood. You get the staff to sign a policy that says they will only work on network drives and not save work to the desktop etc. They then connect to the server using 2 form authentication + encryption.

    Why would the ICO have an issue with this?

  4. #19

    Join Date
    Nov 2006
    Location
    Redcar
    Posts
    62
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Quote Originally Posted by edutech4schools View Post
    Are you saying that the way banks ,businesses, universities etc using vpn to access a server is not bulletproof or have I misunderstood. You get the staff to sign a policy that says they will only work on network drives and not save work to the desktop etc. They then connect to the server using 2 form authentication + encryption.

    Why would the ICO have an issue with this?
    Sorry, i don't mean that there is anything wrong with that method of access, I just mean, just by providing that solution, you are not enforcing them to ONLY use that, they still have an option of carrying around unencrypted devices and storing data on them. I think the best solution would be to provide VPN, but also have access control on stored data, so that it cannot be transferred to external devices unless either the data or the device is encrypted. This is a policy option with Sophos, for example. Paperwork in place or not, people will still do things they are asked not to, so data control is necessary.
    Last edited by cogrady84; 26th June 2013 at 01:20 PM.

  5. #20

    Join Date
    Apr 2010
    Posts
    2,033
    Thank Post
    82
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    got it.

  6. #21
    kaphc's Avatar
    Join Date
    Sep 2009
    Location
    Derbyshire
    Posts
    579
    Thank Post
    152
    Thanked 73 Times in 63 Posts
    Rep Power
    73
    As it happens, our LA doesn't allow VPN access from home, which leads most teachers down the line to the hard drive / USB storage solution as it's quick and easy.

    I appreciate the need for data to be encrypted when it's off-site to minimise risk. But also I'm looking at the fact this has been recommended by an audit at one school but nothing's been mentioned in the audits of the other three who do exactly the same thing! Is is a case of encryption is best practice or mandatory or just "nice to have" in your professional opinions? Are there any standards or minimum requirements stated anywhere that I can quote for the need to do this?

  7. #22

    Join Date
    Apr 2010
    Posts
    2,033
    Thank Post
    82
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    As it happens, our LA doesn't allow VPN access from home
    Ou LA once told our schools they were required by law to use Sims Gateway. Pinch of salt with anything LA says.

    You will probably find they control the ports or some other part of the IT system and like to keep things standardised as it is easier for them to manage, but at the end of the day it is up to the school to run itself.

    I can not tell you how much simpler and better our systems have been since installing RDS (remote desktop services) for the staff to access from home. Why would the LA want to stop you doing this?

  8. #23

    Join Date
    Nov 2006
    Location
    Redcar
    Posts
    62
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Quote Originally Posted by kaphc View Post
    As it happens, our LA doesn't allow VPN access from home, which leads most teachers down the line to the hard drive / USB storage solution as it's quick and easy.

    I appreciate the need for data to be encrypted when it's off-site to minimise risk. But also I'm looking at the fact this has been recommended by an audit at one school but nothing's been mentioned in the audits of the other three who do exactly the same thing! Is is a case of encryption is best practice or mandatory or just "nice to have" in your professional opinions? Are there any standards or minimum requirements stated anywhere that I can quote for the need to do this?
    I'm not sure about it being mandatory, although your LA would usually have a policy that if you are connected to their network, you have rules to follow as a responsible party.

    Encryption of data that is leaving your system I would say is definately classified as "best practice", my point of view is, if one of my staff takes a laptop offsite, with sensitive information on it, leaves it in the back of their car and it is stolen... How long before that data either ends up in the wrong hands or in the public domain? It is your responsibility as a network administrator to ensure safe and secure storage of data. If you hold student/parent contact information in your MIS, and that is portable, it must be protected, surely?

    This is just my opinion, i'm not sure about what each LA or the law requires?

    It is too easy to reset the user/password registry hive in Windows 7 with UBCD for example, and gain complete control of the device and the data it holds, encryption prevents that.
    Last edited by cogrady84; 27th June 2013 at 08:46 AM.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Hard disk Cloning software - Over PE 3.0
    By Dan_ATR in forum O/S Deployment
    Replies: 7
    Last Post: 11th December 2013, 01:07 PM
  2. Replies: 15
    Last Post: 18th September 2009, 05:09 PM
  3. Help laptop hard disk failure!!!
    By mullet_man in forum Windows
    Replies: 21
    Last Post: 31st January 2008, 01:56 PM
  4. Linux install from hard disk
    By Ric_ in forum *nix
    Replies: 9
    Last Post: 15th December 2005, 11:10 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •