Implementing BYOD with a Managed Service
Many K-12 school districts are recognizing that implementing a BYOD policy is an effective approach to providing their students and faculty with the opportunity to enhance the education process by leveraging 21st century technology. However, it can represent a big cultural change for the learning environment as well as a challenge to IT professionals. Download this whitepaper to learn how Impulse Point’s Safe•Connect mobile device management solution enabled BYOD initiatives, real-time reporting and an enhanced end user experience for both faculty and staff at three K-12 school districts.
BYOD, Brown-Bagging, PODs…..
Whatever You Call It, It’s All About Learning
Today’s school environment is well-connected. Web access is pervasive – anywhere there is a signal, students can be found accessing data from their phones and tablets. These mobile devices embody the blending of technologies (applications, tools, readers, etc.) that very easily lend themselves to education and enhanced learning and a rapidly growing trend involves using these personally-owned mobile devices in school.
- Microsoft says that over half of all searches are performed on mobile devices.
- For every baby born, 30 new smart phones are activated.
- A Pew study says that one-third of the teens in the United States text at least 100 times per day.
- 75% of students between the ages of 12 and 17 own a cell phone or smart phone.
- The number of smartphones will reach 194 million by 2015, more than half of the projected population in the US.
- Mobile users watch 3 hours and 37 minutes of video on their phones per month according to Nielsen.
To BYOD or Not to BYOD?
The Bring-Your-Own-Device (BYOD) trend is gaining momentum nationwide with much support from parents and students. Project Tomorrow , a national education nonprofit group, reports that 60-70 percent of parents of K-12 students would be willing to buy a mobile device to support learning. And 56 percent of high school students say that it would make it easier to learn if they were allowed to use their own mobile device at school.
For districts, it all comes down to a business decision. Can we afford to do it? Can our students afford for us not to do it?
The combination of budgetary requirements, parental expectations, and potential security issues can make it a tough decision.
What’s Needed to Safely BYOD
- Wireless Access. Smartphones, iPads, and tablets – the mobile devices being used by students function wirelessly. Hard-wired connections are great for library and lab environments, but as more students bring their mobile devices onto campus the need for wireless access will continue to increase.
- Visibility and Assessment. With all these mobile devices connecting at different schools and administrative locations, your district will need to know exactly who is on the network and what kind of device they are using. Are the people accessing the network authorized to do so? Are they accessing only areas of the network that you want them to? What kind of programs are they running? Do they have current virus and spyware protection? Is there something on the mobile device that could take down your network.
- Centralized Management. Managing from a central location is the best use of manpower and consistent control of access to applications and student and administrative portals. Being able to manage and control access to your district network is the most important aspect of implementing a BYOD policy and protecting students while enhancing their learning capabilities at the same time.
- Real-Time Identity for Mobile Devices. Knowing who and what is on your network is important. Obtaining that knowledge in real-time is even more important.
We Know Education and How to Handle BYOD
SafeConnect was originally designed for use on college campuses. And since the beginning, the product has been upgraded and enhanced with direct feedback from its users. We can help you provide the right balance of access and security that’s right for your District.
- Real Time Solution. SafeConnect checks a user’s system prior to granting network access as well as on a continuous basis in real time. This provides two significant benefits; users who become non-compliant are isolated immediately. This is inherently more secure because users are not allowed to remain on the network for extended periods. In addition, the user experience is superior because only those users out-of-compliance with security policies are impacted.
- No Changes to LAN/WAN Required. SafeConnect is network switch hardware and software vendor independent and integrates into the existing network architecture. No forklift upgrades. No switch manipulation.
- Compatibility with Wireless Access Points. SafeConnect is Layer2 network device independent and agnostic, which allows the system to manage public or privately addressed sub-networks and VLANs whether their topology is wired, wireless, or VPN.
- Messaging Capability. School campuses need to quickly notify students and faculty in the event of an emergency situation. SafeConnect can broadcast an emergency message on-demand to everyone whose computer is authorized to access the campus network.
- 24/7 Proactive Maintenance Support Services. The SafeConnect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse provides continuous (24/7) proactive monitoring and support that includes hardware and software problem determination and resolution support, as well as upgrade protection to future software functional releases. Daily policy configuration remote backups are included which enables Impulse Point to restore and deliver a replacement system within 24 hours.
- Ease of Implementation. The SafeConnect system is designed for remote customer setup and implementation. By leveraging our managed services capability, we can routinely install a system in less than an hour. The solution can be deployed in a phased-in approach (by IP address/range, subnet, VLAN) across wired, wireless, and VPN infrastructures as required for a non-disruptive transition.
- Out of Line Solution. SafeConnect is implemented as a true “out-of-line” network device. The SafeConnect Policy Enforcer Appliance sits out-of-line with the core network and fails open—presenting no single point of failure, performance bottle-necks or maintenance-related or scheduled network outages. In the event of a failure all existing and new users to the network are unaffected and have uninterrupted access to network resources.
- Directory Services Integration. SafeConnect utilizes directory services infrastructure (i.e. LDAP, MS Active Directory, RADIUS) to authenticate end user devices. The system can also apply identity- or role-based policies and enforcement rules based on how a user is defined within the directory system (student, employee, guest, vendor, etc.) Users who cannot be authenticated can be quarantined or blocked from accessing the network. SafeConnect also features a Single Sign-On (SSO) authentication capability that could allow existing AD managed users to maintain their existing login process user experience.
- Managing Devices Connecting Via Hubs. SafeConnect was designed to enable safe network access to authorized users regardless of the connection. It is common for users to introduce small multi-port hubs on the network as a way to increase connections. These hubs provide convenience butat the same time allow malicious users to operate undetected. SafeConnect solves the potential security issue associated with hubs while maintaining the benefit of increased access. The SafeConnect system can detect the presence of a Network Access Translation (NAT) device and require it to be placed in bridge mode. This allows the system to identify, authenticate and assess the security of the devices connected to a hub.