Category Archives: education

You and You and You are the Weakest Links (in the information security chain)

Over the last twenty years or so as an Educational Technologist, I’ve visited literally thousands of schools. When I first started, my point of contact was the ICT (Information and Communication Technology) Network Manager. Nowadays, it’s almost always a member of senior leadership. I don’t flatter myself that I’m more important than I used to be. It’s simply that technology in most schools is now integrated in teaching, learning and operations from top to bottom. It’s strategically important.

Of course, with strategic importance comes a sharpened focus, not only on the benefits of technology, but on the issues and threats it introduces. Barely a week goes by without a story about the effects of screen time on children or the destruction wreaked by the latest malware. Where once upon a time, I could guarantee I’d find an administrator password on a sticky note in the office, initiatives such as Safeguarding and Prevent have ramped up the focus on safety and security in schools.

And yes, senior leaders are nervous. Apart from an unwelcome appearance in the media, if a school’s Safeguarding or Prevent arrangements do not meet requirements, then Ofsted is likely to place them in special measures.

As if that wasn’t enough, against a background of growing threat, hardening sanctions and shrinking budgets, the replacement of the Data Protection Act (DPA) with the EU’s General Data Protection Regulation (GDPR) is going to hit (mostly unwary) schools hard on the 25th May 2018. As of April 2017, only 43% of organisations were actively preparing for GDPR.

Whilst it’s true that the GDPR will bring more clarity and rigour to the discipline of information security, schools may well have more of a mountain to climb than most because they are Data Controllers with sensitive personal data on minors. It’s not clear from the legislation whether the appointment of a Data Protection Officer (DPO) will be mandatory for schools, but it would certainly seem to be sensible advice.

However, the main purpose of this post is not to bemoan the plight of schools but rather to point out an emergent weakness in this layered process of security hardening. It’s mandatory for schools to designate a member of senior management as a Safeguarding Lead. It’s also mandatory to appoint a Prevent Lead. With the advent of the GDPR, it seems there will be a DPO as well. To perform these roles effectively will require:

  • An understanding of the relevant regulatory environment
  • Experience of practical application in a school
  • A grasp of the technology landscape across the school and its supply chain

In the good old days (ahem), when I used to roll up to meet the Network Manager, usually I wouldn’t need to speak to anyone else. They were the Kings and Queens of their IT domains. Perhaps they lacked a strategic perspective on occasion, but at least there was one person who understood every piece of technology in the organisation and the implications of every change that was made.

I’m certainly not advocating a return to the past, but, going forwards, I think the increasing regulatory load is already leading to fragmentation in the security chain. In a world where one IoT device can become a gateway for a serious network incursion, it’s easy for knowledge to exist in silos which lead to Donald Rumsfeld’s infamous unknown unknowns.

My conclusion is that people are usually the weakest link in the security chain and, in this case, the weakness is exacerbated by an approach to safety and security in schools that is evolving in silos. I would simply advocate that domain experts with overlapping interests come together on a regular basis to educate each other and review their mutual challenges. Every school – every organisation – should have a Safety & Security Working Group that aligns and coordinates the work of all stakeholders.

How To Get Your #EdTech Business Off The Ground And Keep It There

rocket

I’ve worked in education technology (#EdTech) for many years now and over the last five years I’ve co-founded and run a successful company (Airhead Education) delivering a web desktop to schools (Airhead). We won a Bett award for ‘Innovation in ICT’ in 2015 and achieved it without investment from any external source. We’re debt-free and we’ve made a profit in every year of operation. No, we’re not Google yet but we’re making our mark in the education sector and we continue to listen and grow. It’s certainly not been easy, but it has been a lot of fun and as we start 2017, I’ve been reflecting on a few of my lessons learned.

I’ve seen technology products and services designed for education come and go (and usually turn up again, reinvented). Often I’ve seen the merit in the idea but the execution has been poor. Occasionally, both the idea and the execution have appeared to be flawed. The thing is, I don’t have an issue with either scenario. Ideas don’t just spring into life fully formed; they need to be shaped in the fire of trial, error and reflection. And of course the same applies to the execution of ideas in the form of products and services. The process of releasing, reviewing and revising is a basic principle underpinning continuous improvement. And I’m not even perturbed if individuals without education experience try their hand at EdTech. Sometimes the education crowd can’t see the wood for the trees. But there’s one thing you must do: survive long enough to learn the lessons you need to learn in order to build a successful business.

So if you’re going to invest your time, energy and creativity in developing technology for the education sector, you should be sensitive to the characteristics of the technology and education markets and what they mean for your business. For me, there are three particular EdTech business challenges:

    1. Rapid lifecycles – The pace of change in technology is rapid and and the lifecycle of most technologies is therefore short. Whether it’s software, hardware or the services that support them, rapid evolution of technology means a requirement to make changes just to stay functional and relevant, let alone to evolve with your customers’ needs. Developing, delivering, maintaining and scaling products and services is a costly endeavour which requires unerring financial and technological vigilance.
    2. Tight budgets – The majority of educational establishments are under constant budgetary pressure and, rightly, there is a tension between competing requirements for investment. Educational establishments should not be taking excessive risks with the deployment of technology because they simply cannot afford to squander their budget. The consequence of this is an ever higher bar for the effectiveness of education technology vershe price paid.
    3. Risk Aversion – Education establishments are intrinsically risk averse for a variety of reasons. Limited budget is one of those reasons but so too is the price of failure beyond just money. Organisational failure in an educational establishment ultimately hits the learner and so an ‘if it ain’t broke don’t fix it’ culture often emerges to protect the learner from excessive educational experimentation, including with technology.

So let’s be clear about what this means for the prospective EdTech entrepreneur:

  1. Deep pockets – You’re going to need deep pockets in order to get your business off the ground and keep it running when technology is changing apace. You will need to factor in the cost of ongoing technological development because without it, you run the risk of becoming irrelevant just as you’re gaining traction in your market.
  2. Realistic assumptions – Take a long hard look at your business plan in terms of market size, adoption rate and price point. Make sure that enough customers will actually pay the price you need them to pay in order to survive. Be pessimistic and enjoy a nice surprise. There’s no point in creating something that users love but which they don’t value enough to buy.
  3. Solid evidence – Test your product or service in MVP form (Minimum Viable Product) from the beginning and never stop soliciting opinions and analytics about its performance in order to create an evidence base for the efficacy of your creation. Whilst you may think you know how to solve a relevant problem, ultimately your customers need to agree with you and be prepared to recommend you.

Yes, I’ve learned a lot of lessons in the course of co-founding Airhead Education and no doubt there are many more to come. The truth is that I love what I’m doing and so it’s easy to get up in the morning and consistently spend time working out how to make Airhead better. As long as I can say that, I have the most important ingredient for success. Good luck in 2017!

It’s all about the (validated) learning

This week I’m listening to The Lean Startup by Eric Ries. If you prefer visual consumption, check out Eric’s  presentation to Google. If you like listening to books (like me), check out the Audible version. Whatever your preferred medium for consumption, and whether or not you’re interested in starting a business, I recommend that you engage with his thinking a little if you’re interested in learning in the context of change.

I should also state my personal interest. I’m currently a one third partner in a startup that’s sailing into uncharted waters (Airhead Education). We have a great idea (built around the concept of a cloud desktop for schools), great people (check out our technical guru, Jason Dixon’s blog) and, I think, the zeitgeist is in our favour. But we’re trying to bring a new technology paradigm to schools and that means change. We know about 10% of what we need to know to even build a meaningful business plan! There’s 90% (probably a lot more) to learn.

Eric begins his book by defining a startup as “a human institution designed to create a new product or service under conditions of extreme uncertainty.” This emphasis on ‘uncertainty’ is important. If I was to start a traditional grocery shop, I’d be walking a well-trodden path. There’s loads of explicit learning which I can access in order to understand how to make it successful. Most management theory is focused on this type of business where the idea and the customers are well understood. The keys to success are effective planning and efficient execution. But what if your idea is disruptive and visionary and you have no idea how your ideas and products will be received by customers, or even who your customers are? Traditional management theory falls down.

This is where Eric steps in. His thrust is that a new type of management theory is required under conditions of extreme uncertainty (sounds like Quantum Management Theory to me). He’s also keen to point out that, although this is the sea where entrepreneurs swim, it’s also vital for there to be a similar management theory for intrapreneurs (those who behave like entrepreneurs but in the context of a mature businesses). In fact, mature businesses are often very poor at innovating because the negative impact of failure is magnified. Even minor failures can reflect badly on the brand. Mature businesses are usually conservative for this reason.

I’m not going to provide a complete synopsis of Eric’s book but I wanted to pull out a couple of key points. In conditions of extreme uncertainty, one thing is for sure: you need to learn and fast. But is all learning equal? Most entrepreneurs fail a lot before they find success. You’ll hear them say things like, “Well, it was tough but I learned a lot.” What was it that they learned and was it worth learning? Perhaps at a personal level it was, but at the level of business, Eric argues that what would’ve been much more useful and timely to their venture was validated learning.

build-measure-learn-loop__largeValidated learning is achieved using the scientific method. That is to say, you build a minimum viable product (MVP) or even just a mock up, set yourself a hypothesis to test, and then get out there and start testing it with customers immediately. Don’t wait until you have a great product. Don’t guess who your customers are and what they need. Build it. Measure it. Learn from it. Refine it. Go back around the loop. But faster this time (time and money are running out, remember?).

The problem with most entrepreneurs is that they’re passionately attached to their vision and find it hard to pivot (pivot = a strategic change of direction with one foot firmly planted in validated learning). The problem with engineers and designers is that they’re perfectionists and feel that they will be judged by the quality of their output. A minimum viable product is a scary idea for them. The problem with investors is that while you have zero revenue and a great idea, you’re exciting. As soon as you make a penny in revenue, the questions start coming: why so little? The clock is ticking.

So as sensible as validated learning is, it’s quite a tough management philosophy for participants in the startup to embrace. There’s actually quite a lot of momentum in a startup. The potential for agility, yes, but the appetite for it? Not so much. You may have to accept a potential pivot (major strategic change) for each cycle of the process. You will certainly be constantly tuning (tactical change) based on new data. You will also be asking your customers to accept (and pay for) something less than perfect. But how else can you systematically and meaningfully evolve your product unless it’s by validated learning? OK, you may be lucky and come up with the perfect formula first time. Unlikely. More than likely the market is changing almost as fast as your product. It’s a race!

This management theory is particularly challenging for mature companies who are good at planning and execution but for whom innovation has become an aspiration rather than a reality. The idea of putting a MVP in the hands of their valued customers is very scary. The idea of pivoting every other day (read ‘acknowledge failure and learn from it’) is even more scary. But this is what learning looks like. Hard graft and lots of mistakes. Why would it be different for a big company than a startup?

Personally I think there are important lessons in here for organisational change as well as entrepreneurs and intrapreneurs. As was pointed out to me the other day, I talk a good game in terms of advocacy for educational change, but what about the ‘how’? The problem is, I think, that many education leaders (like entrepreneurs) become victims of a grand plan when in fact what they need is constant evolutionary change based on validated learning. I call this the paradox of incremental transformation. What is called for in schools is not one grand plan. In fact the grand plan creates an unhelpful momentum of its own. It is not about unleashing massive transformation but rather a constant series of micro-experiments to test hypotheses that form the granularity of the plan and could change the plan. The key is to become agile at validated learning. Perhaps it’s important to point out at this point that learners need to be participants in their learning. This is the reason why change imposed from above (or externally) is often met with resistance.

To achieve evolutionary growth as an organisation, leaders need to build a culture of support for  experimentation, failure, and in particular, advocacy for measurement and reliance on data to validate results. They need to be willing to react to validated learning quickly and implement change when it is proven to make a difference, even if the results are contrary to their expectations or wishes. The cycle of build, measure and learn is every bit as important to a school as to a startup.

2012 and beyond (part 2)

Here’s the second instalment of 2012 predictions from the Techmarketview team, this time from Georgina O’Toole and Tola Sargeant with a focus on the public sector tea leaves. My education-speak translation comments are in blue…

1. Government ICT strategy will languish as new CIO team is put in place: The search is underway for a new UK Government CIO [Chief Information Officer] (to replace Joe Harley by spring 2012) and a new UK Government Deputy CIO (position currently vacant). When in place, the new Cabinet Office team will face an enormous task with a myriad risks threatening to hamper the implementation of the UK Government ICT [Information & Communications Technology] strategy (not least the threat of a hiatus as the new CIO team finds its feet).

If you haven’t read the UK’s Government ICT Strategy then I can summarise it for you in a familiar phrase: “More for less.” The diagram to the left here represents the core themes. It’s the Government’s deep seated belief that technology can and will drive enormous efficiency and that a leaner public sector is one of the foundations of economic recovery. Whether or not you agree, their strategy is built upon this thesis and education leaders would do well to understand the big picture because the “common ICT infrastructure” is something that they will need to factor into their plans. The lack of a CIO at the helm is acting as a brake at the moment but expect the process to accelerate in 2012.

2. A peak in renewals will result in radical contract restructuring: 2012 is the start of two years in which we will see a peak in the number of contracts coming to their natural conclusion. Contracts will be radically restructured on renewal as UK Government moves from a vertically-siloed model to a horizontal model.

In part, this refers to the “common ICT infrastructure” and in part, the procurement strategy. The phrase  “horizontal model” refers to a more joined-up (across sectors) approach to technology procurement that  benefits from increased aggregation and improved competition. The common ICT infrastructure is part of the mechanism by which this can be achieved, i.e. standardisation. Again the key for education is awareness and planning. Cloud technology is an important element of the approach to scaling and standardisation and education leaders would reap rewards from understanding the direction of travel.

3. Megaplayers will retain lion’s share of major contract renewals: Leading suppliers have worked hard to support the UK Government ICT strategy and many have ‘come off the naughty step’. In times of austerity, and a propensity for low-risk options, organisations will stick with ‘the devil they know’ if there is sound reason to do so. Suppliers will likely find their wallet share from existing clients eroded but will have the opportunity to broaden their client base by offering successfully implemented horizontal solutions to a wider range of organisations.

In summary, big players like Capita have allowed the Government to renegotiate contract terms in recognition of the difficult economic climate. In return for playing ball with the Government, they will likely be treated as favoured partners and retain big contracts. I think there is truth in this statement but I’d also point out that “megaplayers” tend to be a little slow on the uptake and that significant shifts in the ICT landscape offer opportunities for more agile players to grab market share. Taken in tandem with the trend for consumerisation of enterprise IT, I think we’ll see the emergence of new names offering great value to education customers. As a general observation, if you’re an education customer taking services under contract from a company, now is a good time to negotiate better terms. It’s a buyers’ market.

4. Shared services will really take off: 2012 and 2013 will be remembered in the UK public sector as the period when shared services really took off. The trend towards ‘tower-based’ procurements will give departments and agencies more flexibility to buy from shared services centres in the future. The competition to be involved in the handful of hosting organisations that will eventually emerge as shared services centres will be intense.

This is all about efficiency. Aggregation drives efficiency and a shared service is a way of creating that aggregation. For example, if all the schools in an Authority choose to procure payroll services in one block, that drives down the cost-base for the service provider and means a keener price for schools. Over time the market for shared services will shake down to a “handful of hosting organisations” because the more aggregation, the lower the cost-base (up to a point). In my opinion, education leaders could save their organisations very large sums of money by collaborating with organisations with similar needs to procure shared services. It still amazes me how many education organisations run themselves as islands, trying to do everything in-house. It is not only expensive but it is a distraction from their core function: learning.

5. SMEs will establish beachhead in government shared services: SMEs  [Small and Medium size Enterprises] will have more opportunities as contracts are broken down, particularly where niche requirements, for example, security, are separated out and procured separately. The most successful suppliers will be those that focus on being best of breed in one or a handful of niche service lines that can be shared horizontally across multiple organisations.

This final point is linking together two of the previous ones, i.e. (4) shared services and (2) contract re-structuring. Successful suppliers are ones that add the most value for the lowest cost. Given that aggregation is one of the keys to efficiency, SMEs that focus in on elements of the technology where they not only add more value, but also leverage scale by offering that value horizontally across a variety of sectors, will find opportunities emerging as contracts come up for renewal and the Government’s “horizontal” strategy bites. If you are an education leader, my advice would be to analyse the way in which your organisation conducts its business (and business of education) functions. Use this analysis to work out whether you’re really better off doing everything in-house. A useful concept in this context is ‘opportunity cost’. This may be defined as “the cost of any activity measured in terms of the value of the best alternative that is not chosen.” For example, you may choose to manage your technology in-house because it is 15% cheaper than a managed service delivered by a 3rd party as measured in pounds/dollars. However the opportunity cost of not choosing a managed service is that you may find you/your staff are 25% more tied up in technology-related issues with a knock-on degradation in learning outcomes. This is just one scenario but one I have come across similar ones on a regular basis. Technology can be a distraction and my advice if you are an organisation in the business of education, is to shed distractions and focus, focus, focus on your core business: learning.