How a Security Play Streamlined a Business Process in a Texas School District
- By Dian Schaffhauser
New security initiatives could be viewed as one of those ever-demanding burdens in a school district, sucking up financial resources and adding a layer of complexity to user and IT operations. Or, if you're like Kyle Berger, executive director of technology services for the Alvarado Independent School District, south of Ft. Worth, TX, you could view it as a route to gaining efficiencies in your business processes while reducing expenses.
A couple of years ago, Berger implemented a new identity management (IDM) system at the district, which comprises six schools. The same solution is used to manage student, faculty, and staff network access.
Alvarado's network operation is Novell-based, and it has been that way since Berger joined the district four years ago. One of his first initiatives was to "stabilize the foundation" by deploying ZENworks to tighten up computer systems management. Now, along with the NetWare 6.5 operating system and ZENworks , the district currently runs Patch Management for security compliance, iPrint for network-enabling printers, GroupWise 7 for e-mail, eDirectory for network directory services, and File System Factory (now known as Storage Manager) for storage management.
So going with a Novell solution for identity management was a no-brainer, he said. A couple of years ago, Berger and his team of 11 decided it was time to "take the technology to another level and let it start managing itself." Since a third of the help desk tickets being handled by his team were related to resetting somebody's lost or forgotten password, it made sense to consider automating that.
Kyle Berger, executive director of technology services for Alvarado Independent School District
The Burden of Network Account Maintenance
Both students and staff have unique network accounts to gain access to the network. In the case of the kids, that's where--starting with second grade--their digital portfolios are maintained and where they can get access to class assignments. That student account stays with the student throughout his or her time with the district. As they get older, students are allotted greater network storage capacity.
Yet, maintaining those user accounts was a major chore for the IT staff. In order to access a computer and the Internet and have access to network storage, a student was required to take a form home that detailed the district's network and online usage policy. A parent would have to sign that, and the student would return it to school. That form would be put into inter-office mail, which would be sent to the IT department. An IT person would have to look up a given student's name to see whether it was already in use, issue a unique user name, and deliver that along with a password back to the appropriate campus and finally the student.
The entire process would take five or six days. A new student wouldn't be able to access the district system until he or she received the user name and password. For each activity, multiple forms would be generated, to inform staff members throughout the district that a particular person had been added to the network. If a student's name changed, updating that would be a manual process. Likewise, each year as seniors graduated, IT staff would have to go in and manually purge their accounts from the system.
A 90% Drop in Staff Time
Now with Identity Manager, said Berger, the minute a student is enrolled in a school, one of the questions asked of parents is if it's OK for the child to access computers. "If they say, 'Yes,' then the registrar in the front office puts a 'Yes' in our student system. Within seconds, it feeds through our network ... and automatically starts to create an account. It's pulling all the information from the student system so it knows what grade they're in, what their name is, and all that kind of information."
That five-day process is now completed in five seconds. Berger estimated that the amount of staff time used to manage user accounts has dropped by 90 percent.
The automation has enabled the IT organization to move to self-service password management so that users don't need network administrator intervention to retrieve or change passwords. That in itself, said Berger, is a boost to computer security for the district.
"I have 3,400 students and a teaching staff of 500. We have all their personal information just like a corporation would in our database-- everything that people would need for identity theft. We have to secure and protect you from that theft everyday, just like big companies do. But, we don't think about that in education."
In the past, he said, he would have put that password information on a piece of paper to forward to the student. "So there is the chance of other people getting that login information before it gets back to Johnny. Now it's all automated.... That makes our end users more efficient and compliant to the district's security policy while also saving the IT staff time and resources."
The district uses Skyward for its student administration. The hand-off of data between applications is handled via SIF, the School Interoperability Framework, an XML specification for modeling and sharing educational data followed by multiple vendors.
When somebody is added to the system and some piece of data is left out, such as association with a specific school, the software places the record into a "holding tank"--a non-production tree in the directory tree structure. A network administrator receives an e-mail specifying the problem and calls the office to get the missing details. Once that's added, the system automatically moves the student into the production directory.
Do kids as young as 7 actually understand the basics of logging in and using shared drives on the network? According to Berger, yes. The system creates a user name based on first initial, middle initial, and last name. The password is their user ID. "Once they log in, it's just basic teaching, computer use, file structure, saving to the network drive," said Berger. "Then they know they can get it from anywhere."
Change Management Challenges
The integration work wasn't only technical in nature. It also involved change management for the participants--staff, students, and IT people. With the aid of EST Group, an Arlington-based Novell consulting company, Berger and his team mapped out the process as it currently stood, then conferred with everybody who held a role in the process to confirm their piece of the workflow. From there it was streamlined. "Then I would go back to each stakeholder [to work through] where their part of the process was affected," he said.
A major obstacle was the hands-off nature of the automation. "You try to take that paper copy away from somebody and they get really nervous," Berger pointed out. So, as part of the process, e-mails would be delivered daily to those who wanted them, spelling out additions, deletions, and changes to network access. "A lot of them, at first, wanted the e-mail. Then they'd come back and say, 'You know, I don't need to know; it's working.'"
The IT people also monitored activities closely in the early days of the automation. Their attitude, said Berger, was, "'I've been doing this two or three days a week, and now the machine's doing it for me.' So they would sit there and watch it on the screen as it automatically ran through the log."
Sorting out the business flow took about a week, said Berger. Then configuring the IDM program and doing the SIF integration with the help of EST took another three weeks.
Now that the automation has been working for a year and a half, "the floodgates opened," said Berger. "'What about this process.' 'Can we do this now?' 'How about this?' Whenever I'm in a meeting now, it's always, 'Can we just automate all of this now?'"
The Price and Advice
Berger estimated that the implementation of Novell IDM and Storage Manager saved the district $25,000 in its first year alone. He said the price of IDM under education pricing runs between $0.50 and $1 per student. The total, including Storage Manager, is about $2.
Berger offered this advice to others considering an identity management solution. "Define the core business processes that you want to address with it. Don't try to tackle the whole thing right away. Find a few key processes that might really be tying up a lot of departments or a lot of time internally in your department. Start small and then build it up. Let everybody get comfortable with it before you just go out and take all the paper away."
READ MORE FEATURES AND CASE STUDIES
About the author: Dian Schaffhauser covers high tech, business and higher education for a number of publications. Contact her at [email protected].
Proposals for articles and tips for news stories, as well as questions and comments about this publication, should be submitted to David Nagel, executive editor, at [email protected].
Dian Schaffhauser is a senior contributing editor for 1105 Media's education publications THE Journal and Campus Technology. She can be reached at [email protected] or on Twitter @schaffhauser.