Data Security
Managing Student Identities in the Digital Era
Technologies like single sign-on are convenient, but do they compromise the security and privacy of students' data?
The digital leap is at a tipping point. School districts nationwide are rapidly turning to digital learning content from sites and apps, according to the Consortium for School Networking's report Identity and Access Management: Fundamentals for Securing Student Data and Privacy. According to the report, this move is inspired by "the power of digital media to engage students in learning that is relevant to them in the classroom and beyond." In fact, CoSN's 2015 K–12 IT Leadership Survey finds that district technology leaders expect that at least 50 percent of instructional materials will be digital within three years.
Unless districts better manage students' access to online resources, the digital leap could slow to a crawl. Robust identity and access-management technologies should go hand-in-hand with the shift to digital content. These emerging technologies can provide several benefits:
- Instructional value with safe, secure and efficient access to digital content;
- improved risk management with password security and heightened control of student data;
- automation and efficiency with consolidated user accounts and access routes to digital content; and
- transparency for parents who want to know how student information is used and shared.
There are two areas of concern, however. The first challenge teachers and students face is managing and remembering logins and passwords for a large number of applications. The second issue is students' release of power to third-party software, enabling the software to take actions such as sending e-mails on students' behalf.
Provisioning Access and Data Sharing
Securing students' data and privacy is becoming more complicated, as districts contract with cloud service providers for access to digital content. Educators must carefully consider how they provide access rights to online content and share student data within and beyond the district. They must ask questions such as:
- What can users access online, and what are they allowed to do?
- How will the digital resources be managed to provide required access?
- What data about students is shared?
- Who decides what is shared?
- How is data sharing controlled?
A third-grader could sign on to an LMS with a username and password, giving her access to grade-appropriate or classroom-specific digital learning resources. An English language learner might have access to a different set of resources to support learning. A 12th-grader signing on to the same LMS might be able to access more advanced content. Meanwhile, a teacher would have greater access privileges to instructional and administrative resources, such as diagnostic tools, lesson plans and gradebooks.
The 5 'A's of Identity and Access Management
- Authentication is the process of identifying a user through a username or ID, password, smart card, fingerprint or other means.
- Authorization is the process of specifying access rights to online resources, generally by linking demographic data from a student information system (or, for staff, from a human resource system) into an identity management system.
- Account Management is creating user accounts and the provisioning and de-provisioning of access rights to online content.
- Authoritative refers to the validity and accuracy of data used to manage online accounts. For example, the SIS is considered the best, trusted "source of truth" about student identity when creating accounts, as opposed to a teacher's classroom roster or school secretary's spreadsheet, which might not be accurate or current.
- Auditing is digital recordkeeping of users' access to online resources, requiring reliable authentication of users' identity. Auditing technology supports periodic review of users' online activity to ensure adherence to data and privacy policies and to investigate any suspicious activity or breaches. Some districts conduct annual internal audits of their systems and practices to monitor who had access to what from where, and what powers they had. Others hire third-party auditors to conduct this review.
Districts release user "attributes" — age, grade level and learning needs of students; roles and responsibilities of teachers— to the LMS to manage appropriate access. The LMS, like many Web sites and apps, might provide access to content from multiple providers. Using their authenticated user ID and password, students can log into one site and then click into many others without any further authentication prompts. This is known as federated identity management — multiple providers agree to allow "single sign-on" with one set of trusted credentials for each user. Single sign-on is convenient and efficient — and can put incredible learning resources at students' fingertips. Without adequate controls, however, single sign-on can leave student data vulnerable.
Jim Siegl, technology architect of Fairfax County Public Schools, explained a common type of authorization that users are asked to provide to apps and software services. "I use this analogy with my instructional colleagues and it's a revelation for them. A driver's license is an example of a federated credential. It's issued at the Department of Motor Vehicles, but it's also accepted when you use a credit card or check in at the airport. All it does is prove that I am who I say I am. If you click 'OK' on a dialogue box in an app, it's more than just attribute release. It's a lot more like power of attorney or advanced medical directive. It's basically saying, 'I'm granting this entity permission and power to act, either globally or in certain circumstances, for me.' "
When students log into their apps, are they just letting the app know who they are as if showing their driver's license to board a plane? Or are they letting the app actually act on their behalf — doing things like tweeting under their handle — essentially giving the app power of attorney?
With this type of federated authentication, it is not the district, but the student who is in control. The student initiates the signup, agrees to the terms and grants the vendor access. The school may have little or no ability to manage or audit.
In a centralized system, it is the school that initiates the signup and grants the vendor access, rather than leaving that power in the hands of the student. However, this still requires cumbersome logins and multiple passwords that students must remember. Some districts address this by creating a single portal where students and teachers log in once and from there are connected to their apps, digital tools and content and other software.
Barriers to Single Sign-on
Unfortunately, there are still barriers to single sign-on use. Third party single sign-on portals have a limited number of apps with which they function, and district portals must be specifically coded for each new app — often on both the part of the vendor and the district. (Preferably, this work is for the vendor to support a standard and on the part of the district to configure the portal.) This requires a global acceptance of a standard for authentication and authorization to eliminate these additional steps.
Also, authentication technologies work well online, but not as well (yet) on mobile devices. Many promising technologies, such as LTI, are heavily Web-based and designed to work with Web apps — not with mobile apps. With 50 percent or more of Web traffic now on mobile devices, districts are forced to make tradeoffs between the convenience of single sign-on to the Web and the convenience of mobile apps.
Over time, these challenges may be addressed by emerging technologies such as SAML, OAUTH 2.0 and others. There is tremendous demand for simple, complete solutions to the single sign-on problem. But if the market is able to address this complex problem, there will be increased transparency to districts and families on the rights that students cede to vendors.