Sep 18 2023

K–12 IT Administrators Encounter Additional Security Controls for Users Under 18

Google Workspace for Education recently implemented improved controls that require IT leaders to configure and authorize applications for students.

Following the shift to incorporate more online and digital learning, schools leaned into the adoption of educational software products and applications. Many of these applications tracked student data, with data collection being the primary driver of some applications’ use in schools, as educators found value in tools that could analyze students’ progress.

In other cases, however, applications accessed and collected data that seemed irrelevant to their educational purpose. Savvy IT professionals in K–12 schools began investigating apps’ permissions and vetting the programs their users were downloading. This also helped schools protect their networks from third-party risk as a result of these software solutions.

Keeping student data safe is a vital consideration and great responsibility of K–12 schools in today’s digital learning era. To avoid threats in this landscape, Google has implemented additional security features into its Workspace for Education platform. The changes are aimed at protecting valuable student data, especially for minors taking part in online learning.

EXPLORE: Find out how Google Workspace for Education’s security tools protect users.

What Security Changes Were Made to Google Workspace for Education?

Google recently updated the security features on accounts associated with users younger than 18. For applications that have not previously been configured, users under 18 will now see an option to request access from admins when they attempt to use them.

“Forcing admins to be very specific and intentional about what data they’re allowing their users — especially their under-18 users — to access is going to help security tremendously,” says Chenell Benson, a technical support analyst for CDW Education.

IT administrators can configure apps as trusted, limited or blocked. If apps are blocked, users will not be able to access them. If apps are configured as trusted, they will be able to access users’ data, even if IT admins otherwise restrict access to API services.

Apps configured as limited will have limited permissions. For example, admins could restrict apps from accessing certain scopes, such as Google Drive. Therefore, end users can access apps configured as limited as long as the applications do not attempt to access a restricted scope.

DISCOVER: Solve the most pressing Google Workspace for Education domain challenges.

The other change is that previously configured apps will need to be confirmed for users under 18 by Oct. 23, 2023. “That confirmation should be a one-time thing,” Benson says. “Once they’re confirmed, you won’t need to go back and reconfirm them.”

Admins can also allow minors to access apps without permission as long as the app requires only the Google sign-in scope, but that will also need to be set up within a school’s Google Workspace for Education system.

Take the journey toward data center modernization to secure your K-12 data.

What Do K–12 IT Admins Need to Know?

While there’s no way to automate the tasks of configuring applications, confirming configurations and changing the permissions, there are ways for IT admins to streamline the review and approval of app settings.

“There is a one-click check all, which I have seen some districts do just to get the confirmation out of the way,” Benson says. “Later, they’ll go back and review it.”

Admins can use a new bulk CSV workflow in App Access Controls to download, revise and upload the comma-separated values file after any changes they want to make. When this CSV is uploaded, all included apps would then be confirmed.

MORE ON EDTECH: Cloud software widens student access to learning.

IT administrators also have the option to change permissions for different groups of users. For example, they could block apps for students but continue allowing staff members to use them. They could also configure permissions differently for older and younger students.

The Admin Console shows IT leaders which accounts are designated as under 18. In some instances, staff members’ accounts were mistakenly flagged. “Now they’re trying to request access to apps,” Benson says. “So, make sure accounts are all set up intentionally, and make sure it’s a team effort. It shouldn’t really be on one person.”

 Brought to you by:

puhimec / Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.