By Jacob Mutisi
Zimbabwe’s education systems have been transformed as a result of Covid-19. Education has changed dramatically, with a distinctive rise of e-learning, whereby teaching is undertaken remotely and on digital platforms.
The majority of Zimbabwe’s educational institutions have developed web-portals that allow the interaction between the tutor and the student. Recently, we scanned through the Bulawayo Polytechnic and the Mutare Polytechnic web-portals and we have identified some insecurities that need urgent attention.
Most Zimbabwe web-portals are designed for their functions and there is no security provision to protect both the system and the users, with the increase in cyber attacks, this is no longer enough. An educational web portal is a website that provides users with access to information from various sources in a single location.
Web-portals act as gateways that connect the users to the resources that they are looking for with as minimal hassle as possible.
Zimbabwean developers are brilliant when it comes to the development of these portals, with the majority of our educational institutions adopting the use of local portals versus those that are developed abroad.
All portals have a provision where the user has to login and go through an authentication process and the portal connects the user to all of the applications the educational institution provides.
The end-user who is either a lecturer and/or the student is a primary driver in designing the ideal portal; it needs to balance between security and usability to provide the best user experience possible while securing sensitive data.
Designing this ideal portal is different for every organisation and considers numerous factors, especially security, compliance, design, and integration.
Following our scan on the Bulawayo Polytechnic web-portal and the Mutare Polytechnic web-portal an average developer is able to enter the web-portal system without a username and password as either a student or a lecturer.
This kind of vulnerability allows students to temper around with the system. In some cases students can even change their grades or do anything with the respective system that has a long-term repercussion on their education.
To address security, an educational institution should first consider Access Control List (ACL) management, and content verification.
More importantly, there is a need to ask the question,”What security features does my educational web-portal need?”
Security should never be an afterthought when integrating a portal into your environment.
The choice between various security methods is the choice of improving user experience versus enhancing security measures.
To secure sensitive data, your educational web-portal should be a place where the worlds of the public portal and private portal collide into a single, seamless experience.
Securing sensitive data through a portal requires a new series of questions, in particular on how to access that data. Having a main goal of improving user experience means that streamlining application access is a priority.
The technology sector is a continually evolving community of applications and services that exist to improve every aspect for the end-user. Typically, web-portals provide a variety of options aimed at convenience and while that is a great service to users, security should never be an afterthought.
As more educational institutions migrate to work from home and a digital environment, establishing a web portal that is user-friendly and secure is a large leap in improving the overall digital experience.
If you have questions or need advice please do not hesitate to contact me +263772278161 or email email@example.com
- Mutisi is the CEO of Hansole Investments (Pvt) Ltd and the current chairperson of Zimbabwe Information & Communication Technology, a division of Zimbabwe Institution for Engineers.