Securing the digital student: BYOD, IoT and beyond
Just as you get your head around securing your school's network in the face of all of the added risks when you let students and staff use their personal devices at school – the Bring Your Own Device (BYOD) phenomenon – up pops another, much bigger ICT shakeup.
Called IoT, or the Internet of things, this rapidly growing sector is the Internet-enabling of everyday items – automobiles, TVs, home security systems, fridges, air conditioners and heaters and a wide variety of electronic sensors. Each IoT device is, in effect, a node on the network much like a BYOD device. Which means that they need to be secured. But how exactly do you secure the staff's break room fridge?
"Today's students are connected," says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand's largest distributor of Fortinet's cyber security solutions. "For better or worse, students spend hours and hours on their smartphones, laptops, Xboxes and other networked devices. But they also use them at school. To connect to lessons, interact with teachers and to do their homework. So on the one hand your students connect to the world at large – and that includes IoT - through their personal devices. Yet they can use the same devices to tap into your school's network. While not a huge issue right now, as the threat landscape expands, your school's network becomes a much larger target.
The rise of IoT and BYOD means that malware can sneak into your school's network, bypassing the traditional firewall. "The firewall is great for protecting against intrusions, hackers and viruses that attack your servers and gateways," explains Khan, "but all of these extra IoT and BYOD devices that can access your network are not necessarily protected by the firewall. Add to that the number of applications, which may or may not be secure, on each of those devices. To tackle these issues, schools and their ICT service providers need clear security visibility across the entire network to view and detect threats and abnormalities in the flow of information.
Develop user-profile security policies
The first step is to define your user-base. Ideally you'll have security policies that account for different profiles of user groups such as students, staff, guests, etc: who they are, what they regularly need access to, where they are physically located, what devices are they using to access the network and what applications they need to access. For example, admin staff will likely need different information and applications than year eight students. By creating and enforcing these detailed user profiles by your security infrastructure, you can limit hacker's access to resources and the damage that could result from the misuse of legitimate credentials to access unauthorised information.
Create trust zones
Within the network, your network administrators can segment physical segments that create secure areas for users and sources to interact. In these designated areas, people can share certain types of information and access certain applications and data. Any communication between these trust zone can be protected by an internal firewall, enforcing the user-profile security policies and deploying a range of advanced security services to detect and protect against threats and hackers. Deploying these internal segmentation firewalls provides visibility into the internal network traffic which in turn gives you more control over your security.
Consider a security 'blanket'
End-to-end security solutions offer a variety of benefits that protect schools from unintended gaps in security. These fabric-based solutions enable the various elements to share information and detect threats from inside or outside the network. Another benefit is the ability to run a single, consolidated reporting view across the breadth and depth of the network so that you have intelligent, actionable information.
"Which leads us back to the IoT fridge," says Khan. "With all of these connected students, staff, devices and apps, protecting each and every node can be overwhelming. The best you can do is set a policy to regulate network and data access and enforce it. If indeed a breach occurs, ensure that you can limit the damage.
"To adopt this inside-out approach, you don't have to entirely redesign your network," concludes Khan. "The tools are readily available and can be implemented via upgrades to your firewall. What was once complex and costly can now be achieved in a seamless, cost-effective, strategic approach. You can't stop people from connecting, downloading and, yes, introducing malware into your network. It's just not possible. But what you can do is reduce the risks. Give us a call at Ingram Micro and we'll show you how it can be done.
For further information, please contact:
Andrew Khan, Senior Business Manager Email: andrew.khan@ingrammicro.com M: 021 819 793
David Hills, Solutions Architect Email: david.hills@ingrammicro.com M: 021 245 0437
Hugo Hutchinson, Business Development Manager Email: hugo.hutchinson@ingrammicro.com P: 09-414-0261 | M: 021-245-8276
Marc Brunzel, Business Development Manager Email: marc.brunzel@ingrammicro.com M: 021 241 6946