“Bring Your Own Device” Challenges and Solution for Schools
A BYOD, Bring your own Device through a NAC approach to network security allows the IT department to unify and enforce endpoint security technology (such as AV, web filtering, host intrusion prevention, vulnerability assessment, user authentication), and enforce it against guest devices and students who bring their own device to school. BYOD has become a hot button within today’s schools due to the growing nature of 1:1 programs and the real budget challenges with traditional 1:1, where schools buy every kid a laptop or iOS device. The new cost cutting trend is for schools to consider having students bring a device from home and use it in the school network. This brings up the need for a school to have other functional security components such as mobile device management, which helps teachers control what apps and web filtering policies that can be available and enforced to iOS devices, web filtering, and intelligent AV, that can prevent infections with a hybrid AV scan. An online learning platform is also essential for a successful BYOD roll out in school systems.
A NAC for BYOD (Network Access Controller) is a piece of hardware that provides a security gateway for newly connected machines. The NAC can provide flexibility to select and use policy modules needed to satisfy the requirements of their security plan and enforce them across the network. Machines connecting to a BYOD NAC are managed by the compliance and security policies that already exist. If non-compliant, options can be given to become compliant or machines are rejected and denied access to the resources of the school. If the BYOD NAC approves a connected device, polices will run on the end user machines like mandatory named AV, web filters, anti-spyware, Microsoft OS patches, as well as registration and authentication. Other policy modules include peer-to-peer file sharing, access points, and power management. Custom policies can also be created based on the existence or non-existence of file types, registry settings, services, and processes on endpoint devices.
Dangers of BYOD without a NAC Devices from home non-managed usually contain ample amounts of viruses and vulnerabilities. When introduced into a network and given trusted user status to access network resources these BYOD devices become BYOID (Bring your own infected device) machines launching bots, viruses and all sorts of chaos that requires network IT admins to spend time fixing and troubleshooting. Successful BYOD implementations usually start with a good BYOD supported web filter, a good stand alone AV enforceable at all times, an online learning platform, and finally a NAC solution that can allow non-managed and non-owned devices to become managed when on company / school resources.
Allows non-organization owned devices to connect with less worry of security breaches, viruses and open policy. It’s also very easy to use and implement and enforce compliance with policies in place.
Policy Enforcement Flexibility
This NAC Solution supports academic freedom by providing flexible enforcement options that can be determined by campus location or user identity (i.e. faculty or administrative staff, students, or guests) based on the philosophy of the institution. We understand that every organization has its own policies, procedures, and beliefs. We won’t dictate policy standards, but instead will help you in developing security policies that reflect your culture.
Nac systems should operate independent of existing network infrastructure but be capable of interjecting and enforcing unified policy. This freedom allows network administrators the ability to run their operation without having to consider switch compatibility, configurations or port settings. This significantly eliminates complexity and constant management found with other solutions.
Speed to Deployment
Good NAC enforcement can be daunting with many competitive solutions. BorderLAN can supply functionl NAC for BYOD quickly by using pre-known policies allowing installation in minutes and full deployment in hours. Engineers can provide best practices which accelerates the full deployment time.