TakeMeasures for Education
www.takeware.co.uk/takemeasures/education

Awareness, Accountability, Training
USB FireWall
Encryption Ensurance

Background
The pressure is building to 'Turn off the USB ports' becuase of the need to avoid the potential disaster of personal information from a school being leaked via a removable drive being lost or stolen. The potential damage to the school's reputation is considerable and councils and LEAs are concerned that this is something of a time bomb for them.
 
While the increasingly pressing need is to prevent personal data - which pupils have no access to - being breached the only way to ensure staff cannot continue to take files away is to turn off the USB ports, depriving both pupils and staff of the convenience and utility of both removable drives and the ports themselves - for printers, scanner, cameras etc. Or so it is percieved.
 
TakeMeasures - Gatekeeper, the next Generation!
Over five years we have developed a way to allow schools to take a graded approach to security which also differntiates between the needs of pupils, staff and senior staff - and balances these with the need for security.
 
Pupils & Guests
For pupils TakeMeasures provides a 'USB Firewall' that prevents unwanted executables and malware getting in or out - and can also reduce or eliminate the trade in MP3s - which also exposes the school to potential legal problems.
 
Staff
Meanwile it provides the means to enforce the school's policy by either
  • Preventing staff from taking sensitive data away (from a login which has any access to it)
  • Allowing data to be taken - but only on a suitably encrypted device (recommended)
  • Allowing data to be taken but with full awareness of responsibilities, potential consequences - and a managemnt-friendly report which shows 'Who, What, Where, When - and with Which device'  for any data taken.
This allows schools to choose their approach - always in a way that is easy and managable - and prevents the need for draconian measures such as turning off ports and banning memory sticks.
 
Primaries and Secondaries
We believe that this approach is far better than turning off the ports and banning memory sticks - and this has been proven to be the case even before the recent increase in awareness of the problems of data loss. The technology as been 'case hardened' in seconary schools in the UK and internationally and is a real alteranative. We also believe that TakeAView in particular now offers a good solution for primary schools who will also now need to demonstrate compliance going forward.
 
 
Some Typical Policies
 
Guest - The typical user within a school - who have no access to sensitive information. The objective is USB Firewall - prevent bad stuff coming in or being traded.
 
Staff (Lower Security) - For trusted staff how are allowed to take information away on unencrypted devices (available from TakeAction upwards)
 
SecuredStaff - For staff with access to sensitive / personal information. Ensures that data can only be taken away on an approved encrypted device (Available with TakeControl - Enrol)
 
 
 
TakeMeasures - Accountability & Layered Security - Upgrade Paths
 
1. Awareness, Reporting, Training - Delivered by TakeAView
This is appropriate where sensitive information is exposed to staff and provides for awareness, monitoring and management of the risks.
This requires no setup or technial skills. Awareness and training are delivered at login and risk assessments are provided as a management report.
 
2. Content Policing - As above plus: USB Firewall or Endpoint Security - Delivered via TakeAction
This is a appropriate where there is a risk of unwanted software, malware or other materials (such as MP3) being introduced or traded.
May require identification of groups of users (such as staff/guests-pupils etc) so that they can be treated differently (according to their levels of access and trust) and therefore a low level of technical skills.
 
3. Data Security - As above plus: Enforcing encryption of your data before it can be taken off site - Delivered by TakeControl
This requires that suitably encrypted drives are obtained for selected staff and that they are registered (enrolled) with the system. Only registered drives are be permitted for these staff /logins (via their inclusion in a group 'secure by encryption').
 

The upgrade process
TakeAView requires no technical skill or setup. The software once downloaded can be installed onto each PC/Laptop by hand - or it can be installed remotely using Group Policy Object (or other remote execution) for those with the skill and larger networks.
 
Upgrade to TakeAction
Once a license has been obtained the defaults (guest / ?site?) are uprated to including policing as well as monitoring and groups can be created and policies applied accordingly (Staff / SecuredStaff / Guests etc).
 
Upgrade to TakeControl
This can be done as a third stage or along with upgrade to TakeAction. Having obtained encrypted drives for the relevant users they are then enrolled to the system and the users are added to the appropriate 'secured by encryption' group so that only their encrypted drive will be permitted.