Sarasota County Schools Expand Mobile Access Without Compromising Security

Cisco ISE helps a Florida school district secure both enterprise and users’ own devices.

When Sarasota County Schools started experimenting with a bring-your-own-device program, students, faculty and administrators were able to connect to the district’s guest network. So, problem solved? Not exactly.

“Students and staff aren’t really guests,” says Joe Binswanger, IT director for the Florida school district. “The guest network was just a straight tunnel to the internet. It was very vanilla, very locked down, very filtered.”

The internet connection was useful for some basic tasks, but it didn’t allow for access to student and staff folders, instructional resources and other district resources that require a user to be logged in to the network.

As a result, users weren’t able to unlock the program’s full potential. Only district-issued devices could tap into the district’s learning management system and collaboration tools. Teachers couldn’t use their own devices to distribute quizzes and tests, and students couldn’t use their own devices to take them.

“We wanted staff and students to log in to the network and get the resources they needed, without being seen as just a guest,” Binswanger says. “Before, it was kind of black or white. You either had district-owned devices, or were on the guest network. We needed some gray area.”

The challenge was to find a way to allow student- and staff-owned devices onto the network without compromising security.

Management Tools Boost Secure Access

Al Nelson, a security solution architect at CDW, says personal devices present a greater security threat than district-owned devices, even when users don’t have malicious intent.

“When you issue something, you have more control over that device,” Nelson says. “You’re maintaining the anti-virus, paying attention to any alerts that come out, addressing them, installing anti-malware. You have a higher level of trust for a device you’re in charge of maintaining, versus something that someone brought from home that may have malware on it.”

Binswanger wanted a solution that would let the district grant access to student- and staff-owned devices, but in a way that gave district staffers the visibility to monitor activity and respond immediately if a problem emerged. He and his staff consulted with CDW, which presented three different options for the district.

Binswanger ultimately opted for the Cisco Identity Services Engine (ISE) security policy management platform, implementing the solution in spring 2014.

Other tools like Google Management Console and GoGuradian software can add admin options for educators as well, so that in addition for IT making sure the network is secure, teachers can make sure that students are staying on task. Experts say that device management at the classroom level can help teachers feel confident to incorporate mobile devices into their lessons.

“These tools can empower teachers by letting them see what students are doing and redirect the class at a moment’s notice,” writes CDW•G learning environment advisor Joe McAllister on EdTech.

For Saratoga Schools, Cisco ISE has solved a lot of problems, Binswanger says. Nelson says one of the chief draws of Cisco ISE is its simplicity: from quick out-of-the-box setup and self-service device onboarding, to the way it functions as a “single source of truth” for all connected devices.

“You have one central location for all your security policies instead of implementing them on each device,” Nelson says. “In the past, if you wanted that level of security, you would have to manually configure each switch, controller and firewall. As time goes on, people make changes that impact security, and they might not even realize it.” 

For more on Sarasota County Schools' mobile security work, check out the CDW case study.

bokan76/Thinkstock
Jul 14 2017