Sarasota County Schools’ bring-your-own device program hit a bit of a snag when it came providing a network that was both accessible and secure.
With the help of the Cisco Systems' Identity Services Engine (ISE) security policy management platform, IT director Joe Binswanger and CDW security solution architect Al Nelson were able to create the accessible network the district needed.
Cisco ISE added these four key benefits to the district’s network.
Nelson cites many practical benefits to an attractive, user-friendly interface, even for IT staffers with deep tech knowledge. “You get that one place to log in, and you see alerts if things are no longer configured to best practices,” he says. “It’s a big time-saver. It’s not just easier to use or friendlier to look at — it’s a necessity.”
Binswanger says ISE also gives his staff a better overview of the district’s network. “We can analyze use at the building level and proactively look at whether we need to adjust capacity,” he says. “We can begin to address performance before a school even realizes there is any type of performance issue.”
“The user interface for ISE is far more user-friendly than solutions we’ve had in the past. This, hands-down, has the best user interface that we’ve had, in terms of both simplicity and usability,” he says.
In Sarasota, the impact of Cisco ISE goes beyond making life easier for the IT shop. Because students and teachers are able to instantly log in to the network and access their applications and stored files with a single sign-on, teaching and learning can happen with little to no lag time.
“A high school science teacher told me that it used to take several days to get through student presentations with a class” because network access and authentication were so complicated, Binswanger says. “Now they’re able to do it in one class period. They’re able to spend more time on instruction and learning and less time trying to get access to the resources they need.”
Cisco ISE offers authentication, authorization and accounting capabilities in a single solution, meaning organizations can identify and grant access to devices, then create comprehensive activity logs for each.
Nelson likens authentication to “looking at a driver’s license” — a function that proves the identity of the person (or device) in question. Cisco ISE not only validates a user’s credentials, but also profiles the associated device.
“Before, you weren’t able to determine what types of devices were being used,” Nelson says. “If a user had an authentication account, they could log in with any type of device. You just didn’t have the visibility.”
Not long after Sarasota County Schools implemented Cisco ISE, officials used the product’s alert system and management console to catch a student running port scans on the network in an attempt to steal user credentials.
“Through ISE, we were able to identify the user, the devices he was using, and the access point he connected to without alerting him to the fact that we were watching,” says Binswanger. “When we walked in, he kind of had that deer-in-the-headlights look.”
Tracking devices have potential applications that extend beyond network security and into physical security, Binswanger says. “We can watch as a student travels through campus, as they disconnect and connect to different access points.”