Blog | Level Data

Poor Account Provisioning Could Be a Threat to Your Schools

Written by David Barrett | June 19, 2020 at 12:30 PM

Education is unique among industry sectors because of the extreme rate of turnover. When viewed from a 30,000-foot perspective, the "churn-rate" for students enrolling, transferring, dropping out or graduating from even a modestly sized district is enough to eclipse all but the biggest multinational companies. Add in the rate of burnout for educators - roughly 50% of teachers leave the field within their first 5 years - and it's plain to see why having a holistic account provisioning plan is critical for a district's technology infrastructure, digital security and user access plans. 

Provisioning vs. Deprovisioning

Effective planning of user access needs to cover the entire spectrum of setting up user accounts for new people to sunsetting and deactivating old, expired or inactive accounts. Most organizations are very good at the first part - account provisioning. It's pretty tricky to access vital software tools without having a user account.

Things get a little murky when it comes to deactivating old accounts. Schools and businesses alike struggle with deprovisioning.

In order to understand why effective account deprovisioning in school districts is so crucial, it’s important to understand the need for effective provisioning from the outset. Because technology has become essential in modern education, district staff who lack the tools they need aren’t just doing a disservice to the school and themselves - they’re effectively hobbled from meeting the needs of their students. Similarly, students who experience roadblocks in accessing materials and applications necessary for classroom participation are put at an academic disadvantage through no fault of their own. 


"Just Have IT Take Care of That"

Managing user account permissions typically falls on the shoulders of the technology team, who are often stuck manually provisioning users. Because provisioning in districts is frequently done at-scale, account management is routinely offshored to the various department heads within a district as an attempt to redistribute the workload away from overburdened tech staff and save time, money, and stress. That approach seems to make plenty of sense when you step back and consider that an oversized sample of surveyed districts depend on at least 26 unique software applications for their operational needs.

That attempt at time and resource savings may actually represent a gaping hole in a district’s digital-safety protocols. Not only is manual user-input notoriously prone to typos and data-errors, it’s also the single greatest threat to a business’s cybersecurity. The difference between safety and danger can be as easy as an accidental keystroke or a mistaken button click.


Close The Door Behind Them

When it comes to deprovisioning, the same care taken during account creation should be paid. No matter the terms on which an outgoing employee or student departs from a district, it’s important to ensure that they can’t use their credentials to illicitly access any of the systems and applications they once relied upon. 

The greatest and most immediate risk to a district's IT safety is posed by individuals nursing a grudge or hoping to exact revenge. Failure to seal access points from intrusion by an aggrieved former staff member or student is, for all intents and purposes, an invitation for exploitation waiting to happen. It’s worth noting that 20% of survey participants in a recent student reported suffering a data breach stemming from failed deprovisioning. With education already ranked as the “single most vulnerable vertical across business sectors”, that risk is one that simply cannot be ignored.

The answer to the inevitable “what now” question lies in acting intentionally to craft thorough provisioning and deprovisioning protocols. At the absolute minimum, an automated directory management system is a critical component of that process. The ability for user access to easily be turned on, turned off or customized according to your needs from one central platform and synchronized automatically across your systems is the most secure, effective and efficient way to approach account provisioning for your schools.