News of a school district grappling with the security pitfalls of access management made headlines recently and it caught our eye. According to ZDNet, when Bearden Middle School in Knoxville, Tennessee issued new iPads to their students as part of the national iPads for Kids Program, they had few options at their disposal for securing them. Packets were mailed to parents that included a parental consent waiver and an “Apple ID Worksheet” that would allow the school to set up an iPad for their child. The worksheet required parents to provide their child’s birthdate, password, and answers to three security questions.
Needless to say, parents quickly realized that writing their child’s critical information onto a worksheet and then sending the worksheet to school with their child was a very vulnerable process full of unnecessary risk.
Unfortunately, this story of deployment woes is nothing unusual to school IT administrators. Somewhere between manually granting permissions for thousands of students and trying to keep an overburdened identity access management system afloat, it becomes clear that problems in the deployment process are common with schools.