If you'd like to submit interviews, opinion pieces, industry analyses or case studies on these or any other topics, mail me at robertbuckley@geoconnexion.com to discuss length and topics. The deadline for copy is July 1st.
October's issue will have the following focuses:
The deadline for copy is August 1st.
For further information, visit www.geoconnexion.com.
]]>If you'd like to submit interviews, opinion pieces, industry analyses or case studies on these or any other topics, mail me at robertbuckley@geoconnexion.com to discuss length and topics. The deadline for copy is May 20th.
For further information, visit www.geoconnexion.com.
]]>Deadline for leads is 1st May 2013. Email me or leave a comment below if you'd like to contribute.
Is 3D the next dimension in education?
Will 3D be the next must-have technology for schools? Students will be able to immerse themselves in environments and study objects they could never examine, using little more than glasses and a projector or TV. With 3D technology cheaper than ever, not just to buy but for creating content, and with students now used to 3D thanks to cinema and home theatre technology, will VR finally see some uptake? And if it does, who are going to be the winners?
I'd like to speak to consultants, vendors, teachers and education experts on whether 3D is the future. Last possible date for phone interviews is 10th May, but I'd like to speak to people sooner than that, if possible.
]]>If you'd like to submit interviews, opinion pieces, industry analyses or case studies on these or any other topics, mail me at robertbuckley@geoconnexion.com to discuss length and topics. The deadline for copy is June 17th.
For further information, visit www.geoconnexion.com.
]]>If you'd like to submit interviews, opinion pieces, industry analyses or case studies on these or any other topics, mail me at robertbuckley@geoconnexion.com to discuss length and topics. The deadline for copy is March 17th.
For further information, visit www.geoconnexion.com. ]]>In higher education at least, mobile devices are largely bought by students. According to an NUS survey of mobile device usage, the overwhelming majority of students have at least one device and a third own a tablet ebook reader. Nearly three-quarters of students use their devices for reading educational books, so to a certain extent, the opportunities lie in electronic textbooks.
Cengage Learning, for example, recently digitised all the first year textbooks for psychology students at Plymouth University. Student Rosie Rule says: "The ebooks are so much more accessible than the hard copies. I can now carry 12 textbooks round with me on my phone and iPad. I can read during the commute to uni and even whilst I'm queuing to pay for my groceries. Similarly, the search facilities are so much more effective and book marking and highlighting are especially useful."
Simple digitisation of books is just the beginning, however. Ebooks offer publishers the chance to provide multimedia content, such as videos and audio, and interactivity as well, such as tests. Cambridge University Press, for example, has developed 'Explore Shakespeare' apps that provide glossary definitions of Shakespearean language, include audio performances by the likes of Michael Sheen and Kate Beckinsale, give the option to separate out particular characters' actions, and include group and pair activities.
Nevertheless, outside of content provision, higher education doesn't provide many opportunities for anyone except the big mainstream IT companies, such as Apple, since universities tend not to buy and supply mobile devices themselves, leaving that up to students. Developers of "mobile device management" software will see some benefits, as institutions that want to limit the activities of students who want to "bring your own device" (BYOD) look for ways to lock down those devices. There are few benefits to trying to incorporate mobile devices into learning when there is no classroom, only a lecture hall, not everyone has a device and those who do may have completely incompatible operating systems and features.
Distance learning courses, particularly those that incorporate online content, are a different proposition, with many providers looking at how to adapt old content and include new content that will work on mobile devices. Most are looking to work with tablets rather than mobile phones: "For us, the content we create is quite rich, quite high impact so can't be used on lesser devices than smartphones," says Rich Townsend of the Greenwich School of Management, which offers a marketing course especially adapted to include tablets, right down to an 'augmented reality' app that superimposes course content onto the real world using mobile devices' built-in cameras. "Adapting content for a tablet isn't difficult, but adapting for a phone is a different experience that requires different skills and thought processes. You probably wouldn't watch our content on smartphones." However, for those that are looking to offer online content to countries such as those in Africa, where the mobile phone is ubiquitous, the PC scarcer and the tablet non-existent, the mobile phone presents a golden opportunity to access an otherwise unreachable market.
It's in primary and secondary education that mobile has the greatest opportunities. Here, schools are investing not just in content but in the devices themselves so they can be used in lessons. "There's a tablet frenzy in the UK. An overwhelming volume of our customers are currently planning classroom, year group or whole school deployment of this technology," says Gareth Davies, MD of learning platform developer Frog, which is re-architecting its software to work with mobile devices. "It's inevitable and brilliant for education. Getting rid of the beige box is the way to go."
Luke Noonan, purchasing director at tablet manufacturer Disgo, agrees. "What we are starting to see is that with costs involved in managing IT in education, actually this is a common and effective way of bringing more interaction into classrooms without having huge IT rooms without having bulky PCs and monitors."
BYOD is far less appealing to schools than HE, says Joe Warren, head of ICT curriculum at Cognita, the UK's largest group of independent schools. Schools are cautious, he says. "They have fear in their eyes and take devices off kids at the gates. It would be a huge culture shift for them to adopt BYOD."
While most schools are interested in Apple's iPads, the greater openness of the 'Android' tablet platform as well as the relative expense of iPads - starting price of £269 including VAT for just an iPad mini - means that hardware manufacturers as big as Dell, as well as much smaller companies such as Disgo (starting price of tablets: £59.99), are developing tablets especially for schools - and schools are buying them.
However, according to Frog's Gareth Davies, there's a certain element of novelty behind the rush towards tablets, as well as "a lack of direction anywhere else", that's causing schools to invest in tablets. This means schools are buying devices, particularly iPads, without really being sure what they'll be used for. "They think buying the iPads will sort everything out but find out it doesn't. They can't get into their network, all the information in the pupils' apps they can't get to, they don't know how to manage them and so on."
As a result, BESA's survey showed that 85% of schools are worried about security and management, and 71% are concerned about the installation and purchase of apps. While there are options available for managing iPads in volume, companies such as Disgo can offer more complete packages of ready-managed, cheaper, Android-based tablets. "Android is much more suitable for education. We can be much more flexible in what we provide," says Luke Noonan. "Products have to be locked down and people can't mess with settings."
Avantis has similarly developed the LearnPad tablet-based ecosystem for schools, which as well as including an Android-based tablet, includes apps, an app store, management software, volume licensing options and more, all targeted at educational institutions. "When schools come to us, they don't know what they want from the tablet. They don't know what to do. They know they want the light, portable, battery-powered tablet tech but that's it. In a lot of cases, they've already bought iPads, but they don't know why, and they don't integrate well with ICT, content or the curriculum," says Avantis MD Nik Tuson.
But, the issue of what to actually use tablets for is one of their biggest problems. Geoff Mulgan, the chief executive of the National Endowment for Science, Technology and the Arts (Nesta), says that despite more than £1.4bn being spent on technology in schools in England in the past three years alone, "The emphasis is too often on shiny hardware rather than how it is to be used," adding that too often it is not being used to its "full promise and potential".
Elizabeth Burd, an IEEE senior member and professor in the School of Engineering and Computing Sciences at the University of Durham, has conducted research into the use of tablets. She says there is a missed opportunity in many schools to uses tablets for collaboration and to display pupils' work. Schools also have a tendency to have banks of tablets given out for a lesson then returned to racks, which limits the abilities of pupils to use the tablets in their own time for work. She also argues that it's the multimedia aspects of tablets that schools should concentrate on: "Text, especially to younger kids, is one of the least interesting aspects of the educational experience, so tablets are a very good way of engaging today's multimedia students."
Part of the problem, says Cognita's Joe Warren, is the time needed to locate good resources. "Not all devices are content rich. Even though there are lots of educational resources becoming available all the time, it requires lots of research time by the teaching team to find apps and resources that are suitable." He adds that the schools he works with would like more education-focused material available, "especially ebooks at A-level and that level".
Content provider ClickView's CEO Harvey Sanchez agrees. "Content is massively available - the challenge is relevancy, finding something that's specific to the curriculum. That's something very few companies do well."
Avantis's Nik Tuson adds that a lot of content is unavailable to many tablets, since iPhones and iPads can't play content created in the Flash format, which is a popular for educational videos and interactive apps on web sites. While Flash will die out in the long-term, having been discontinued for most applications by its creator, Adobe, in the short-term, the need of educational tablet users to access existing Flash content will remain.
Content creation by teachers is also an issue, says Cognita's Joe Warren: "A lot of teachers in the sciences just want them as recording devices: students can record with them and film each other doing experiments. If it's just a research tool for that and looking things up, teachers find that easy, but you can do that with anything." As a result, he would like to see more tools for creating lesson resources, as well as applications that children could explore, something that ACS Hillingdon International School is doing, according to its IT integrationist Sue Wakefield-Gray.
"Teachers are beginning to create curriculum content using the iBooks Author app which allows complex eBooks to be produced containing text, audio and video files. Students are also creating eBooks that allow them to showcase their own learning or to be shared with other classes such as storybooks for younger students or non-English."
Tablets and mobile devices are certainly seeing short-term interest from education institutions. Their longer-term viability will depend on several factors: whether good uses can be found for them that don't take up too much time or resources; whether there's good content appropriate to courses being generated and made available in tablet-suitable formats; and whether there are content creations tools that allow teachers to create lesson resources easily. If these obstacles aren't overcome, tablets are liable to end up being under-used or even ignored as educators move on to the next piece of "shiny hardware".
]]>If you'd like to submit interviews, opinion pieces, industry analyses or case studies on these or any other topics, mail me at robertbuckley@geoconnexion.com to discuss length and topics. The deadline for copy is February 17th.
For further information, visit www.geoconnexion.com. ]]>Deadline for leads is 7th January 2013. Email me or leave a comment below.
Ease of use
Almost everyone agrees that the key to security is to ensure that there's a low enough barrier to its use that everyone will use it. Yet, beyond a few attempts to make things easier for administrators, how much effort are vendors - and CSOs - putting into making security easy for end-users? Are interfaces easy enough to use? Are processes easy to follow and understand? Who, vendors and CSOs alike, actually has user test groups for their software interfaces? How much effort is being put into management consoles that people can actually use? Does the security industry need an Apple to come along to make it think different? Do CSOs need someone to teach them how to Keep It Simple?
I'm looking to speak to vendors, analysts and IT security professionals about whether security software as it stands is easy enough to use and how much focus is placed on making security as simple as possible that people don't end up switching it off or trying to get round it.
This article will discuss both software and processes.
Interviews will be by phone between January 8th and 15th, so interviewees will need to be available during these times.
]]>This article is intended to introduce someone new to Macs to the basics of their security in the enterprise.
]]> AccountsIt is therefore good practice to give all users standard accounts and to have a single administrator account reserved for installing software and other maintenance tasks.
Account management is accomplished using the System Preferences application, available from the Apple menu in the top-left of the screen. Select Users & Groups from the row of system preference panes, or type "account" into the search bar at the top of the application, and OS X will highlight relevant panes.
Click + to create a new account, or click on an existing account and then check or uncheck Allow user to administer this computer to give the account the appropriate privileges.
A user can associate their Apple ID - the same ID that they would use to purchase music from iTunes, etc - with their account. Clicking Allow user to reset password using Apple ID could save on your support costs, but all it takes is for someone to guess the Apple ID's password and they will have access to the Mac, so it is not recommended.
You should also use this pane to disable the Guest User by clicking on it, then unchecking Allow guests to log in to this computer.
Click on Log-in Options to turn off Automatic login, so that the Mac will not log into a specific account at start up; Display the log-in window as should be set to Name and password so users have to enter both an ID and password before they can access the Mac; and turn Show password hints off.
Basic security settings
The Mac has a dedicated Security & Privacy system preferences pane. The General tab has a number of settings.
• Click Require password immediately after sleep or screen saver begins to force users to reauthenticate themselves if they've been away from the Mac for a set period of time.
• Show a message when screen is locked allows you to add a message, such as "If found, please call...", to the log in screen to help with the Mac's recovery if it is lost or to discourage people from trying to sell it.
• Disable automatic log in - as in Accounts.
• Allow applications downloaded from: allows you to prohibit the execution of any applications other than those from the Mac App Store or identified developers.
The Advanced... button offers several additional levels of security:
• Set Log out after to a reasonable period of time, depending on whether you are dealing with a desktop or a laptop, to log the user out of the Mac if it has been left unattended for too long.
• Check Require an administrator password... to stop the majority of system preferences being modified by anyone except an administrator
• Check Automatically update safe downloads list to download Apple's list of OS X malware signatures every day, so that the Mac can recognise and warn the user if a piece of malware is downloaded.
Firewall
The Mac has a built-in firewall you can turn on by clicking Turn On Firewall in the Firewall tab of Security & Privacy.
This is relatively robust and tries to strike a balance between ease of use and security. However, Firewall Options can lock down the firewall even more.
Enable stealth mode will hide the Mac from some speculative hacking traffic. Block all incoming connections should be reserved only for the least secure of Macs, since many useful services will be disabled. However, you can disable or enable incoming connections to specific applications by clicking on the + button and selecting the application whose traffic you want to control.
Disk encryption and secure backups
It almost goes without saying that full disk encryption should be turned on, although Apple's implementation, FileVault, can occasionally be unreliable and will not work with certain types of disk configuration, such as RAID. It is available from the FileVault tab of the Security & Privacy system preferences pane by clicking Turn On FileVault.
Next, specify all the users who can unlock the disk - each will use their own user account password to do so - at start-up.
If you lose the passwords for the accounts on the Mac, you can enter the "safety net" key that OS X generates to decrypt the drive and as a final precaution you can store this key with Apple.
Before beginning the encryption process, you should make a copy of the Mac's startup disk. The Mac has a built-in back-up system called "Time Machine", accessible from "System Preferences", that will regularly back up the main disk to any compatible network server, connected hard drive or partition that you choose.
However, this does not back up every single file on the Mac so it is worth investigating programs such as Carbon Copy Cloner for imaging drives completely.
You should ensure Time Machine back-ups are encrypted by checking the "Encrypt backups" box when you first choose the destination disk.
Locking-down and DLP
OS X has built in Parental Controls in System Preferences that can lock down certain aspects of OS X, such as the ability to change passwords, to use particular applications and more. Click Enable Parental Controls for the first account you want to lock down, then check the appropriate settings for the restrictions you want to apply.
Parental Controls enables a basic form of DLP, by stopping CD burning: check Limit CD and DVD burning in the Other tab.
Greater control, including locking down of USB access, is built in, but only available through other, more advanced mechanisms, such as OS X Server, DeviceLock and Endpoint Protector.
Once you have configured the Parental Control settings for one account, they can be easily copied to other accounts using the cog button:
If you choose to allow USB drive access, you can apply FileVault encryption to removable USB drives by right-clicking on the drive on the Mac's desktop.
However, it is not cross-platform so if the drive is to be used by Windows as well, you should investigate encryption software such as TrueCrypt or hardware such as Kingston's DT Locker+ G2 USB sticks that work with both platforms.
Anti-malware
There are relatively few pieces of malware that target the Mac and most of those that do target OS X's Java environment, which is no longer installed by default with OS X. There are frequent security updates to OS X, with all publicly known malware that targets systems blocked by the latest updates.
However, patch management remains the Mac's security Achilles' heel, with system updates handled through the App Store in the Apple menu.
Administrator rights are needed to install the updates, so an admin needs to manually update every Mac. However, you can do this more efficiently by activating the "Remote Login" function in the "Sharing" system preference pane. Restrict access to it by clicking on the + sign and adding the administrator account to the list of users allowed to use the function.
You can then use SSH to log in remotely and update the Mac with the 'softwareupdate' command.
However, few organisations bother to install paid-for OS updates or buy new Macs very often, so it is also worth installing AV software such as Sophos, Norton One, ESET Cybersecurity for Mac and ClamAV.
Keychain
Each user account as well as OS X itself has encrypted keychains for storing passwords, security certificates, Wi-Fi log-in details and other authentication functions. Users can store log-ins to websites in their keychain from browsers including Safari and Chrome; when they return to those sites, the browsers will automatically fill in these log-in details. The system software does the same with network authentication details.
By default, the password for the keychain is the same as the user's account password and the user can at any point access these passwords using the Keychain Access utility in the Utilities folder in the Mac's main Applications folder.
The system security certificates, Wi-Fi log-in details and so on are only available to someone with an admin account, but if someone guesses the account password, they can access all the passwords stored in the user's keychain. To prevent this, select the log-in keychain in the Keychains panel of Keychain Access and select Change password for the keychain log in, so that it is different from the user account password.
Conclusion
There has not been enough scope here to go into depth with the full security possibilities offered through additional products, such as OS X Server, Apple Remote Desktop or Casper Suite, integration with Active Directory or options such as two-factor authentication.
However, if you follow these basics at least, your Macs should start out and remain reasonably secure.
]]>If you'd like to submit interviews, opinion pieces, industry analyses or case studies on these or any other topics, mail me at robertbuckley@geoconnexion.com to discuss length and topics. The deadline for copy is January 17th.
GeoConnexion International brings you the latest news and stories plus reports from geotechnology industries in UK, Europe, the Middle East, Africa, North America and Asia. Topics covered include 3D Visualisation, Remote Sensing, LiDAR, Cloud, Mobile Mapping, Navigation with emphases on healthcare, public safety, retail, the environment, utilities, surveying, LBS, transport/logistics, telecommunications and more. For further information, visit www.geoconnexion.com.
]]>This is despite the fact that 25 per cent of workers say their company's IT policy specifically forbids such actions, while a further 23 per cent either do not know if their company has an IT security policy, or are not aware of what their company's IT policy states.
As a result, 50 per cent of British people say their trust in government and public sector bodies has been diminished while 44 per cent per cent say their trust in private sector companies has been reduced as the result of breaches and losses of personal data over the past five years; 77 per cent of people would prefer to buy goods or services from a company that had not suffered a data breach, with only 12 per cent saying that it was not important to them whether a company had suffered a breach.
At a roundtable held by Check Point to discuss these issues, contributors suggested a number of ways to deal with these problems. Kevin Bailey, research director for European security software at IDC, argued that while an organisation has to trust its employees to some extent, as well as those intent on being malicious, there are those who might be socially engineered and those acting incorrectly but innocently.
These people have to be protected and the organisation has to protect itself from them, too. "In God we trust - for everyone else, there's the end point."
Martin Pickford, head of technology security solutions at EE, added that education in combination with contracts is important. "People need to be aware of the rules and they need to be reminded. But if they go bad, they go bad and you can't stop that."
Andy Lucas, a partner at law firm SNR Denton, agreed, arguing that organisations should "trust no one but trust in the contract". While security can be enforced technologically and physically, ultimately, it's only if there's a legal way to enforce security policies internally that security can hope to succeed, since at least some people will always be willing to try to circumvent security for both good and bad reasons.
It's a suggestion picked up by Pickford: "People have to understand that they'll lose their job."
However, Bring Your Own Device (BYOD) and mobile working are blurring the boundaries between employees' work and personal lives. These two trends have their benefits, for both employers and employees: employers get more flexible working patterns, can spend less on hardware and support, and can potentially access more powerful technology than they would otherwise have been able to afford; employees can work the way they like when they like on devices that they're familiar with and they don't have to have two of everything.
Peter Warren, chairman of the Cyber Security Research Institute, suggested that BYOD can actually help with security. "You will only get people to buy in to security if it's their responsibility to look after a device." An employee is far less likely to lose their own computer or smartphone than they are a company-provided one, particularly a 'CrippleBerry' that is more of an inhibitor to flexible working than an enabler.
Nevertheless, both trends still have problems, particularly for security. As the survey showed, employees are likely to want to use insecure services such as Dropbox for accessing data at home or on their phone, which could potentially lead to data loses.
They aren't going to want to use their smartphone for work if they can't use their own apps, such as Facebook, because the company doesn't like it or regards it as a security risk. They're even less likely to want to have their phone or home computer wiped completely when they leave the company.
Andy Lucas pointed out that in the US, contracts requiring employees to submit to such wiping are being challenged in the courts: "Are employees really positioned to give consent to such contracts?" While there hasn't been a challenge in the UK, relying simply on employment contracts may not be enough.
At the very least, says Lucas, in combination with contracts, there needs to be training for employees in how to be secure. But companies also need to consider whether they're applying new standards to an old phenomenon. "Employees have been taking customer lists since the industry began. The key issue is enforcement. Cast iron contracts help, but it's also partially behaviour. People going on gardening leave for six months after they leave a company is partly about getting them to forget things."
But panellists were agreed that largely the solution to the security risks presented by BYOD was to focus on the data and securing that, rather than the devices or endpoints. Encryption in particular was seen as the best way to safeguard against data loss, since even if data is transferred insecurely by email or Dropbox, if it's encrypted, no one else can use.
"Companies want to take over security for devices but that can cause issues," said Check Point major accounts director Caroline Ikomi. "But it's easy to take control of data."
However, while Peter Warren wanted to know why encryption wasn't legally mandated for all devices - although he suggested that at most security conferences, the only people attending who were against legally mandated encryption were from governments - both Martin Pickford and Caroline Ikomi pointed out the problem with encryption is key management.
"It's a pain and an overhead," said Pickford. Advances in key management usability might well be the solution to broader adoption of encryption within organisations. Indeed, if there was one thing the panellists could agree one, there are no easy answers to the issue of trust, at least not yet. "Trust is probably going to be the big fundamental argument we get for the first 20 years of this century," suggested Peter Warren.
]]>