Want this blog on your Windows Phone? Get the app free here
According to The Guardian, BP have just lost a laptop containing 13,000 personal records related to the Gulf oil spill. And the laptop had no encryption. So where are we with encryption in education?
I've been a BitLocker encryption user since the days of Windows Vista on my laptop, and since that time I have been reassured to know that should something happen to my laptop, all of the data on it is fully encrypted and secure. The whole process was very smooth – I simply enabled it in the Control Panel, and the encryption happened in the background over a morning.
What astounds me is that more organisations don't deploy BitLocker encryption onto their laptops as standard. After all, it's easy and it's included with Windows Enterprise versions - which schools, TAFEs and universities will be licensed for as part of a Campus, School or EES Agreement. And it's a fire-and-forget protection - once you have enabled it, you can forget it's there. I have been happily using a laptop which is fully encrypted by BitLocker for the last two years, and it's never bothered me or interfered with what I need to do.
A typical laptop for a teacher or member of school staff is likely to have piles of sensitive data on it - whether that's student lists, reports, or really sensitive information such as special needs or child protection information. So why would they not be automatically encrypted with BitLocker before you hand them to staff? Or retrospectively encrypted now? Encryption in education worldwide seems to be entirely reactively driven - it happens only once a significant data loss.
If you want to know what's involved in deploying Windows encryption, there's an excellent TechNet article written by the Microsoft IT team – they’re the people that keep all of our in-house IT systems running.
The article deals with both the technical, and managerial issues, of managing the introduction, and also gives a unique insight into the challenges of change in a very tech-savvy environment. And the article is incredibly honest about the challenges faced, and the lessons learned. Here’s an extract":
Lessons Learned Lessons learned during Microsoft IT's BitLocker deployment include: Microsoft IT tried to retrofit the environment with BitLocker. A better approach would have been to move forward with new computers and then upgrade only existing computers that had the highest security risk. Microsoft IT thought BitLocker would be easier to deploy than it was. Microsoft IT relied on the BitLocker Preparation Tool to handle all aspects but found during testing that it failed in some situations, primarily due to locked files when trying to shrink the partition. Hardware needs rigorous testing at scale. Computers that test well in a lab environment sometimes yield different results in a production environment. In other words, one computer in a lab might look fine but thousands in the production environment have variance, such as differences in the BIOS. Recognizing high-business-impact data is a difficult, industry-wide issue. Few tools are available that enable organizations to find the types of high-business-impact data that users have on their computers.
Lessons learned during Microsoft IT's BitLocker deployment include:
Read the whole article here, and if you have time take a look at the whole IT Showcase section – a large section of the website in which the Microsoft IT team share their experiences in running a complex IT infrastructure (The “How Microsoft IT reduces costs” section is especially interesting)h
Last week, at the Microsoft Management Summit 2011, Brad Anderson, Corporate Vice President for the Management & Security Division unveiled some news in his speech that would be of interest to any university, TAFE or school. It was all about the extension of the System Center family to manage more non-Microsoft devices - including Android devices, and iOS devices like iPads and iPhones. Sadly, because it was part of the announcement for the new System Center 2012 Beta, there's not a huge amount of detail that's been posted up on the various Microsoft websites, so I've put together my bullet-point version of what's been announced, and then given you all of the source material below:
So next time your Principal, or a Head of Department or one of the Deans insists that they need to get access to your corporate systems from their personal phone, or they start syncing files with sensitive data to their iPad at home, you will at least know that you can manage the risk of data loss - and do it from the comfort of your existing System Center management console.
You can view the full text of Brad's presentation, including the demonstrations on the PressPass site, and here's an extract where Jeffrey Sutherland is demonstrating the new Configuration Manager 2012:
But today, with Configuration Manager 2012, I now have the tools at my fingertips to manage mobile devices just as I managed my traditional Windows desktop.
As you can see, there are a number of reports that come built in with Configuration Manager 2012, specific to management of mobile devices. I'm going to show you one report that I find particularly useful, which is the count of mobile devices by platform. And this helps me understand what type of devices are connecting in.
As you can see, we have just under 14,000 mobile devices that have connected. And even though we've standardized on Windows Phone as our preferred device, our users are able to bring in whichever devices they want. And so you can see that we have a fairly broad distribution across IOS, Android and Nokia Symbian.
However, understanding what devices I have connecting is just the first problem that I have. Now let me show you how easily I can configure the security policies that I want to apply on mobile phones. So, I'm just going to view the properties of my connector. And as you can see, we have several settings groups from which I can build up the correct policies to apply. I've already set a password policy, but I'm going to make one small tweak to it, and that is if the phone is lost or stolen, and somebody is trying to break into the PIN, I want it to actually automatically wipe if the user has failed to enter the correct PIN after a number of attempts. I'm going to set that to ten.
And now just like that, this policy is now being pushed out to every device that's connected to our environment
Learn More about System Center
Download the System Center 2012 beta
I have a huge respect from the Microsoft IT team - the people who have to keep our IT systems up and running, in the face of tens of thousands of highly capable internal users (yes, 'highly capable' also means disruptive!) and millions of users externally (including some with evil intent).
So when they make big changes to our IT - as they have been doing recently by moving many of our internal systems to the cloud - they learn lessons I want to hear about, because education customers and partners are doing similar projects - and many of the lessons learnt are as relevant to a school or university as they are to our own business.
The TechNet team have just collected some of those stories together into TechNet Radio downloads, including interviews with Tony Scott, the Microsoft CIO. You can either listen online via the TechNet Edge website , or download the file for your MP3 player/phone/car etc
Title
Online version on TechNet Edge
Direct MP3 Download
Link
MP3
In Australian Education, the shift to the cloud has been rapid too - either to shared private data centres here within Australia, or to regional data centres (such as our Cloud services data centre in Singapore). Although many of the initial moves have been about cost-saving, there's now a growing trend of moving to the Cloud to improve service delivery. And that's the trend that will probably accelerate things more - because if the alternative you face is a high capital investment and long project implementation times, or a quick project in the cloud, then you can afford to be much more user-demand led. There are two ways that you're likely to end up using the cloud:
Learn More about Windows Azure
Last week I wrote about Marquette University switching from a traditional PBX to using Microsoft's Lync, which had been featured in CIO magazine. Pretty soon after I realised that perhaps that original article had been prompted by an official Microsoft case study of universities using Lync, focusing on the Marquette University implementation.
The official case study includes a lot of detail about their implementation, and what caught my eye was the quote from Dan Smith, the Senior Director of IT Services at Marquette, talking about the choice they had between Microsoft's Lync and the Cisco solution they also considered:
After creating a one-stop shop for students, using Lync's Instant Messaging and presence to make it more effective, they are now looking at creating a 'Help Desk Bot' that will enable students, faculty, and staff to send an instant message through Outlook Web App or the Lync client to the help desk when they experience technical issues. The instant message is automatically routed to an available help-desk agent.
Read the full Marquette University case study on Microsoft.com
The main Microsoft News Centre, where we publish all of our global press releases, is reporting that new IDC research estimates that Microsoft partners worldwide (all 640,000 of them) generated revenues of $580 billion in 2010, up a fifth over the last three years. And the calculation shows that for every $ of revenue generated for Microsoft, you're generating $8.70 for yourselves.
(Given that Microsoft's education pricing is significantly lower than mainstream pricing, I'm guessing that in education the real number is probably closer to $30 for you, for every $ for us)
There's some future trends identified in the global report that are directly applicable to the Australian Education market too. For example:
It forecasts that Cloud services (explicitly Software As A Service - SAAS) will grow at over five times the rate of traditionally delivered software by 2014.
The image above, taken from the infographic, relates to a finding in 2009 that partners that invested in more Microsoft Competencies got bigger deals and higher revenue per employee - partly because it also brings more attention and support from Microsoft.
And the report also identified more collaborative working between partners to win business. IDC said that partner-to-partner activity within the Microsoft Partner Network has increased from $6.8 billion in 2007 to $10.1 billion in 2009 - jumping nearly 50% in two years.
You can find the press release here, or…
Download the full 'Partner Opportunity in the Microsoft Ecosystem' report
If, like me, you're a visual learner, then you might appreciate the snazzy Microsoft Partner Network Infographic, which gives you quick picture of the results - and provides a good incentive to read the full report.
OK, after 'record breaking Kinect' and 'augmented reality Kinect', this is the last of the Kinect stories for a while. But this is such a great example, I have to share it.
TG Daily are reporting that doctors at Sunnybrook Hospital are using the Kinect system to view and control images of MRI and CT sacns during surgery. What that means is that instead of having to leave the sterile area around the patient (and wasting another 20 minutes in the clean-up process involved in that), they can check a patient's scans on a screen, using Kinect to zoom in and out etc. It's reported to be saving doctor's up to an hour on surgery, and reduces the amount of data a surgeon needs to remember during surgery.
With so many unexpected uses for Kinect, it cant be long before we start to see the educational equivalents.
Last week I highlighted an interview with an outgoing Australian University CIO - Mick Houlahan of the University of Western Sydney. This week, I've got another one to point to - this time it's the incoming CIO for RMIT, Brian Clark, who's also been sharing his ideas with CIO Australia.
Having met new university CIO's who have joined from commercial organisations, I know they find there are many stark differences between running an IT infrastructure for a business and for a university - and that there are many, many similarities too. All too often, people who don't understand education assume that somehow education IT infrastructure is a junior version of a corporate IT system - when in fact, the opposite is often true. Often education IT systems have to respond sooner to technology innovations - and the rapidly evolving demands of users.
You should read the full article - 'Incoming RMIT exec turns IT focus outward' - if you want an insight to the projects and business challenges, and I'd highlight some of the key things that stood out for me in it:
Read the full interview with Brian Clark, CIO of RMIT on CIO.com.au
Apologies to pedants - the grammatical error in the title is deliberate. I know I should say 'an university', but it just doesn't sound right, so I've opted for the easily read, but grammatically incorrect, version.
Computers or users which access Microsoft servers often need a specific licence called a CAL (stands for Client Access Licence). Most education customers buy these licences in a package called the Microsoft Core CAL suite - basically, a package of licences that they need for their computers to allow them to access their key server systems in the school/TAFE/University. The Core CAL Suite includes licences for Windows Server, Exchange Server and SharePoint Server. Customers who do more advanced things with their networks often choose the Enterprise CAL Suite, which gives them more advanced collaboration etc.
We've just announced that from August, the Core CAL Suite will have additional licences within it, as we'll be adding the Lync Server Standard CAL and Forefront Endpoint Protection CAL.
The changes reflect the way that technology use is changing in business and education. For example, by adding Lync (previously known as Office Communications Server), it means that you can be ahead of the curve of the deployment and use of Instant Messaging (IM) and presence across your network. Gartner say:
So these changes make it easier for education customers to adopt these technologies within your existing ICT infrastructure (this is particularly important in schools, where it is unlikely that a public Instant Messaging system would meet all of the e-safety requirements for all users).
Adding Forefront Endpoint Protection means that you will have a highly-rated malware and virus protection licence included with your CAL Suite. (Forefront provides advanced antivirus, behavioural threat detection and Windows Firewall management).
By buying the Core CAL suite, customers save money on the cost of individual licences. By adding Forefront Endpoint Protection, it is likely to mean that there are additional cost savings possible, for example if you're currently spending money on alternative protection software for your network - in many cases, this could be a significant amount.
You can see what is in which CAL suite on the Microsoft website, including the August changes (marked with a * in the table below)
Find out more about Lync on the Microsoft Lync website
Find out more about Forefront on the Microsoft Forefront website (quick links: Overview and FAQ)
One of our teams in Australia is called Developer and Platform Evangelism (or DPE in Microsoft-Acronym-Speak). They work with developers, technical students and software makers, and spend their time getting geeky. They're also the team that wear the coolest T-shirts (or so they think), and like DPE teams all over the world, like to find different ways to express themselves. In fact, I'm sure they get a kick out of being as un-corporate as possible.
I tell you this as a warning, so that you're not surprised when you look at their 'Noise to Signal' website, which is about some of their areas of expertise - for example, the work they do with students, or the latest technology like Kinect Hacks, Surface 2 and IE9. The website is a massive, clickable, cartoon.
My two favourite idiosyncratic bits of it:
Visit NoiseToSignal
SharePoint is pretty widely used in education, with schools, TAFEs and Universities all over Australia using it within their learning or administration processes. One of the things I've noticed is that it tends to be the IT team who get the 'Can I do this…' questions about SharePoint. And the answer is normally "Yes", whether the question is a learning one ('Can I setup a website where I can distribute homework assignments instead of printing them') or a administration one ('Can I setup a collaborative wiki for all the school policy papers, and a shared calendar for the update deadlines').
And often the challenge is how to do it in the fastest and most user friendly way. So I thought these two Microsoft SharePoint Kits from Microsoft Press would be good to know about - whether you are an IT person in education, or even a developer working within one of our Australian Education Partners. You can pre-order them now, for when they're published.
With this two-in-one kit, you get mission-critical information from SharePoint MVPs, featuring insights from the SharePoint community and members of the SharePoint Team at Microsoft. You'll discover how to plan, design, deploy, and manage strategic solutions using SharePoint 2010, Microsoft SQL Server, Windows PowerShell, and other key technologies.
Topics include architecture, deployment scenarios, design considerations, security best practices, high availability, performance, centralised administration, disaster recovery, customisation, solution development, and upgrade and migration strategies. Key solutions include building and managing a server farm, automating tasks, FAST search application management, enterprise and web content management, and business intelligence.
Experience learning made easy, and quickly teach yourself to use SharePoint 2010 with this two-in-one kit. Written by SharePoint experts and MVPs, you'll discover how to plan, create, design, deploy, and manage applications and workflows using SharePoint Designer 2010 and SharePoint Foundation 2010 -- one step at a time!
Build exactly the skills you need by working at your own pace through easy-to-follow lessons and hands-on practice files.
You’ll learn to:
I also discovered that O'Reilly run a weekly and daily promotions of Microsoft Press ebooks. Two weeks ago they took 50% off Inside Microsoft SharePoint 2010, and on 1st March they took half off the Microsoft Silverlight 4 Step by Step ebook. And as they point out prominently, the ebooks are DRM free and delivered to you in 5 different formats where possble. (And ebooks are a lot more convenient for Australia!). The easiest way to follow the offers is to subscribe to their eBooks Offers RSS feed, or look at this week's deal on Microsoft Press books at the top of this page
Learn More about the full range of Microsoft Press books