K-12 Director of Technology saves time and improves student safety and data security in Google Workspace for Education with ManagedMethods
Rich Chiuppi has a lot on his plate. As Director of Technology at East Prairie School District #73, he’s part of a two-person team managing the entire district’s IT and cybersecurity needs.
“I oversee the technology, implementations, and security, so I wear a lot of hats,” he explains. Although generally not as big as other districts in the Chicago area, East Prairie’s 550 students and 80 staff are more than enough to keep Rich busy, especially when it comes to cloud technology.
As Chiuppi recalls, East Prairie recognized early on that the industry was trending toward the cloud. At one point, the school hosted all of its student information and library systems on in-house servers, but soon realized that moving them to the cloud was the better option.
“We gradually started phasing things into the cloud for the reason that it was more effective, and in some situations the industry was kind of forcing us in that direction,” he says. “If you’re hosting certain things on premise, it becomes cost-prohibitive over time.”
So, East Prairie started using Google Workspace for Education Plus, with a few Apple and Microsoft applications in the mix. According to Chiuppi, it was an interesting transition because teachers were at first allowed to try different applications on their own.
“We wanted them to have the flexibility and creativity to use technology in the classroom,” he explains. “As time went on, we started to realize how data was being used by some of these vendors, how certain services behaved and how many services we inherited from letting teachers have that freedom. Then, SOPPA came along, and it really opened our eyes like, ‘Oh, this is what’s going on?’”
SOPPA — the Student Online Personal Protection Act — is an Illinois law that protects the privacy and security of students’ online data at school. Its intention is to regulate how edtech vendors manage student data, but it also requires school districts like East Prairie to implement a more rigorous vetting process for solutions that capture student information.
“Using ManagedMethods, I can quickly pull a report of all 3rd party apps that are connected to our Google domain. Then, I sit down with our admins and say, ‘Here’s the 300-plus extensions and apps that are now in use across students and staff. Are these SOPPA regulated? Which ones aren’t getting used?’”
Like most K-12 school districts, East Prairie initially thought that Google’s built-in security measures were adequate for securing their domain. But after reading through Google’s agreements more closely, Chiuppi and his district realized that data security was more their responsibility than they previously thought. This is because Google, like any SaaS provider, operates under a shared responsibility model. This means that Google as the vendor and the customer are responsible for certain, yet separate, aspects of cybersecurity when using Google applications (like Gmail, Shared Drives, Sheets, etc.)
“The console for Google Admin wasn’t very visible at first. Even with the security investigations tool being added, it’s a lot of work to dig through and find what you’re looking for,” he says. “With two people here, I don’t have a lot of time to spend hours looking for potential issues.”
In fact, Rich even ran a survey to see if everyone in Illinois was equally short-staffed. “Am I the only one thinking it’s crazy to have a two-person team for all this?” he asked. About 19 districts responded, and many agreed they were working shorthanded.
“Overall, I feel schools are in a situation where it’s hard to hire techs that give us the ability to break up our workloads and allow time to view concerns like data security and privacy at a really detailed level,” he adds. “And since the funding isn’t really there to compete with corporate employers, it’s really difficult to spread the workload and get those insights.”
“ManagedMethods automates a lot of what we would have to do manually in Google Security Investigations. We’re a small team and don’t have a lot of time, so it’s a huge time saver in terms of being able to see what’s going on.”
Chiuppi decided it was time to find a better solution that gave him the insight he needed to level the playing field.
“It was one of those things that kept me up at night, thinking about Google and our biggest apps and if something were to happen to those applications,” he says. “We’d be going down for quite a while.”
East Prairie started using Bark, which ignited their curiosity about cloud security. However, Rich still couldn’t really monitor data in Google or identify his risks. ManagedMethods, he says, is the only product he’s ever seen that can do that effectively.
Fortunately, Rich discovered ManagedMethods and signed up for a webinar. “I was like, ‘Wow! This is perfect,’” he exclaims. “The trial went really well and the setup was a breeze. A lot of times with technology it takes a while to go through the systems because they’re so wide and deep in functionality. It helped me get familiar with the visual interface. Everything is clearly laid out, so it’s intuitive where you need to click.”
Rich noticed an immediate impact. In fact, he even caught a few risks that shouldn’t have been able to happen with the Google security settings he already had in place in his Admin Console.
“We found a few applications that students shouldn’t have been using. Somehow they got around Google’s Lockdown Store,” he says. “We only allow certain apps. Nothing else should be installed, but there were a few kids who had things installed that they shouldn’t have had.”
“Google Admin Console isn’t very visible or intuitive. Even when we added the security investigations tool with Google Plus edition, it’s a lot of work to dig through and find what you’re looking for. With two people here, I don’t have a lot of time to spend hours looking for potential issues. ManagedMethods automates a lot of what we would have to do manually using Google’s investigation tool. It’s a huge time saver, so if you don’t have the insight or you’re understaffed, it’s a lifesaver.”
Rich was also made aware of a staff member’s open share file that had personal information in it that shouldn’t have been shared that way.
“These were two pretty huge issues that I wouldn’t have known about,” he says. “And in either of those situations it could’ve gotten out of hand. Nobody wants to go to the superintendent and say we’re gonna have a PR issue.”
Now, ManagedMethods is an important piece of East Prairie’s security stack. Chiuppi and his tech use it every day to see if anything risky comes up or looks suspicious. And if anything does cross their radar, they can dig down and confirm if it is or isn’t a problem—usually within minutes.
“It automates a lot of what we would have to do manually in Google Security Investigations. We really don’t have a lot of time, so I’d say it’s a huge time saver in terms of being able to see what’s going on,” Chiuppi adds. “The other benefit for us is that I can take a report and sit down with our admins and say, ‘Here’s the 300-plus extensions and apps that are now in use across students and staff. Are these SOPPA regulated? Which ones aren’t getting used?’”
All told, Chiuppi is adamant that ManagedMethods has been a net positive for East Prairie School District. Not only does it accelerate their security process, it also keeps students safe, which Chiuppi says is his number one priority.
“If somebody is considering ManagedMethods, it’s worth its weight in gold in terms of saving time. If you’re a small school, or even a big school district, I can’t imagine trying to monitor Google itself at a large level,” he says. “Do the trial and see what turns up. If you don’t have the insight or you’re understaffed, it’s a lifesaver. Nobody wants PR disasters. And if you can’t see what’s going on in Google, it’s a time bomb.”
To learn more about how ManagedMethods can help secure your district’s cloud environment, reach out to our team or schedule a free audit today.