Oct 21 2014

Schools Take a Creative Approach to Mobile Security

Some districts run mobile devices over segmented virtual LANs, while others opt for the most cost-effective tools.

Sometimes, school districts need to seek out inexpensive management tools because their budget covers only the bare necessities.

That’s certainly true of Battle Ground Public Schools in Battle Ground, Wash., where Network Support Technician Michael Clark uses Cisco Meraki’s mobile device management software to support roughly 2,400 tablets.

Clark says Meraki MDM lets the Battle Ground IT department assign and revoke applications from the app stores of the major platforms, reset PIN codes and remotely wipe lost or stolen tablets as long as they are registered on the district’s network.

While Battle Ground Public Schools explored other mobile management tools, it decided to stick with Meraki’s service because it meets their current needs and is free.

“We decided it was more effective to pay the $100 support fee to Meraki in the event we needed it, but we haven’t had to yet,” Clark says.

Of course, as more mobile devices join the network, Clark expects he will eventually need to deploy a more robust MDM solution that can scale across hundreds, if not thousands, of new users.

Chris Silva, a Gartner research director, says software makers have done a lot of work to tie together many of their security offerings. “When organizations go with an existing security vendor or adopt a bundled suite of mobile management tools, they may find some preferential pricing or that the MDM and mobile application management features are included,” Silva says.


Increase in the number of mobile malware samples found by McAfee Labs in the past year

SOURCE: McAfee Labs, “McAfee Labs Threats Report,” June 2014

Separate but Equal

Todd Hindmon, executive director of technology for the Douglas County School System in Douglasville, Ga., says the district has taken a hard look at available MDM software and features and for now, at least, has passed on the technology.

“We haven’t found the perfect solution that can manage to the scale we need with 35 sites and 24,500 students,” he says.

The district runs its school-issued tablets and students’ personal devices on two separate virtual LANs. Cisco’s Identity Service Engine (ISE) performs network authentication on the students’ personal devices.

“In the long run, we do want to do MDM, but our biggest challenge is price,” Hindmon says.

Five Mobile Security Must-Do’s

Gartner Principal Research Analyst Dionisio Zumerle offers IT managers these tips for locking down mobile devices:

  1. Ask users to opt in to basic enterprise policies and be prepared to revoke access controls in the event of changes.
  2. Require that device passcodes include length and complexity as well as strict retry and timeout standards.
  3. Specify minimum and maximum versions of platforms and operating systems. Don’t allow models that cannot be updated or supported.
  4. Enforce a “no jailbreaking” rule and restrict the use of unapproved third-party app stores. Devices seeking privileged access should be disconnected from sources of business data and potentially wiped.
  5. Require signed apps and certificates for access to the organization’s email, virtual private networks and Wi-Fi.
Azman Jaka/ThinkStock Photos

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.