To one degree or another, security is an issue at any workplace. Whether it’s the Mom & Pop convenience store hoping the third shift kid doesn’t walk out with his pockets full of Tic Tacs, or the Wall Street investment firm guarding its information from leaks, security is a valid concern. That being said, it seems as though security has become the go-to boogeyman for organizations that do not wish to step out into any new technologies. Learning technologies are no exception.
Learning technology systems – be they LMS, LCMS, LRS, or any other Learning-based acronym – do often contain sensitive information, including personal data for users of the system as well as the actual content. While your boilerplate sexual harassment training may not be a potential security threat, instructions on how to create the perfect sandwich just might be. Pharmaceutical companies very often have training that includes proprietary information about their products. The same is true for manufacturers, healthcare companies and a myriad of other industries.
As time has gone by and learning systems have become more sophisticated, those concerns have been essentially mitigated. However, we have been dealing with a crop of newer technologies that are causing many of the same (and new) concerns. Let’s take a look at some:
Mobile learning: “You mean we’re going to let them access this material anywhere? On a device they might lose?”
In our most recent Mobile Learning Survey, organizations cited security as the number one challenge for deploying mobile learning, with half of companies saying it is a challenge to either a high or very high extent. It ranks higher than bandwidth issues, content creation and even cost. The truth of the matter is that a smartphone or tablet is not really that different than a laptop with regards to security. Author Kate Kerrigan lost an entire book by leaving her laptop in a cab. This stuff happens all the time. If the systems being accessed have proper security protocols in place (passwords, etc.), a lost phone should not be an issue. In fact, Minnesota just signed a bill into law requiring the ability to remotely “brick” mobile devices in the event of loss or theft. This would seem to make a smartphone more secure than a laptop. True, a phone is slightly easier to lose than a laptop, but given the death-grip most users have on their devices, it’s probably not that much easier.
Social learning technology: “You mean they can share this stuff? With anybody? On Twitter?”
The democratization of the Internet has always carried with it a sense of loss of control, and social media technology greatly exacerbates that feeling in many organizations. Just like the music and publishing industries lost control and had to change the way they operated, the learning function is going through a similar change. More and more learning is ending up in the hands of the learners themselves as people connect with one another and share their expertise. Unfortunately, organizations have been slow to keep up and initially met this change with resistance.
The key here is to separate actual social technology platforms (Facebook, Twitter, etc.) from social technology concepts (discussions, content rating, expert directories, etc.). Social media technologies haven’t truly brought any new security concerns into the learning world as much as they highlight existing ones. It’s still all based on people’s behavior. People shouldn’t share sensitive information, whether they mail a letter or send a Tweet. The risk comes when you rely on third party technology. Making sure that security is baked into any service-level agreements is a great place to start.
Cloud-based platforms: “You want me to put my data where?”
In my eyes, this one carries a bit more weight than the others in that you really are asking an organization to let go of their precious data. I feel this is an issue that will soften over time as people get more comfortable with the idea. Security is a huge concern with cloud providers. As an example of the times we live in, cloud-computing darling Box hired former Yahoo Chief Information Security Officer Justin Somaini as Chief Trust Officer. Cloud computing providers have the same levels of security that most companies would find on their own servers, if not better. Companies need to just get used to the fact that the data is not behind their doors. In the meantime, many are opting for private cloud solutions, which is a hybrid of a cloud and behind-the-firewall solution. Companies are basically creating their very own clouds on their own servers, which seems to defeat the purpose. Look at it this way: Salesforce has been pure cloud for some time, and people seem to be very comfortable using it.
Most organizations need to stop the hand-wringing and simply come up with strategies that work within their own security requirements. There are companies that, based on their industry or the work they do, will never be able to explore these technologies to their full potential. But if the U.S. military can lead the way in mobile learning, there’s not many reasons private sector companies can’t follow.
–David Wentworth, Senior Learning Analyst, Brandon Hall Group