Story image

Securing the digital student: BYOD, IoT and beyond

18 Jul 16

Just as you get your head around securing your school’s network in the face of all of the added risks when you let students and staff use their personal devices at school – the Bring Your Own Device (BYOD) phenomenon – up pops another, much bigger ICT shakeup.

Called IoT, or the Internet of things, this rapidly growing sector is the Internet-enabling of everyday items – automobiles, TVs, home security systems, fridges, air conditioners and heaters and a wide variety of electronic sensors. Each IoT device is, in effect, a node on the network much like a BYOD device. Which means that they need to be secured. But how exactly do you secure the staff’s break room fridge?

“Today’s students are connected,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “For better or worse, students spend hours and hours on their smartphones, laptops, Xboxes and other networked devices. But they also use them at school. To connect to lessons, interact with teachers and to do their homework. So on the one hand your students connect to the world at large – and that includes IoT - through their personal devices. Yet they can use the same devices to tap into your school’s network. While not a huge issue right now, as the threat landscape expands, your school’s network becomes a much larger target.”

The rise of IoT and BYOD means that malware can sneak into your school’s network, bypassing the traditional firewall. “The firewall is great for protecting against intrusions, hackers and viruses that attack your servers and gateways,” explains Khan, “but all of these extra IoT and BYOD devices that can access your network are not necessarily protected by the firewall. Add to that the number of applications, which may or may not be secure, on each of those devices. To tackle these issues, schools and their ICT service providers need clear security visibility across the entire network to view and detect threats and abnormalities in the flow of information.”

Develop user-profile security policies

The first step is to define your user-base. Ideally you’ll have security policies that account for different profiles of user groups such as students, staff, guests, etc: who they are, what they regularly need access to, where they are physically located, what devices are they using to access the network and what applications they need to access. For example, admin staff will likely need different information and applications than year eight students. By creating and enforcing these detailed user profiles by your security infrastructure, you can limit hacker’s access to resources and the damage that could result from the misuse of legitimate credentials to access unauthorised information. 

Create trust zones

Within the network, your network administrators can segment physical segments that create secure areas for users and sources to interact.  In these designated areas, people can share certain types of information and access certain applications and data. Any communication between these trust zone can be protected by an internal firewall, enforcing the user-profile security policies and deploying a range of advanced security services to detect and protect against threats and hackers.  Deploying these internal segmentation firewalls provides visibility into the internal network traffic which in turn gives you more control over your security.

Consider a security ‘blanket’

End-to-end security solutions offer a variety of benefits that protect schools from unintended gaps in security. These fabric-based solutions enable the various elements to share information and detect threats from inside or outside the network. Another benefit is the ability to run a single, consolidated reporting view across the breadth and depth of the network so that you have intelligent, actionable information.

“Which leads us back to the IoT fridge,” says Khan. “With all of these connected students, staff, devices and apps, protecting each and every node can be overwhelming. The best you can do is set a policy to regulate network and data access and enforce it. If indeed a breach occurs, ensure that you can limit the damage.”

“To adopt this inside-out approach, you don’t have to entirely redesign your network,” concludes Khan. “The tools are readily available and can be implemented via upgrades to your firewall. What was once complex and costly can now be achieved in a seamless, cost-effective, strategic approach. You can’t stop people from connecting, downloading and, yes, introducing malware into your network. It’s just not possible. But what you can do is reduce the risks. Give us a call at Ingram Micro and we’ll show you how it can be done.”

For further information, please contact:

Andrew Khan, Senior Business Manager
Email: andrew.khan@ingrammicro.com
M: 021 819 793

David Hills, Solutions Architect
Email: david.hills@ingrammicro.com
M: 021 245 0437

Hugo Hutchinson, Business Development Manager
Email: hugo.hutchinson@ingrammicro.com
P: 09-414-0261 | M: 021-245-8276

Marc Brunzel, Business Development Manager
Email: marc.brunzel@ingrammicro.com 
M: 021 241 6946

Royole's FlexPai: So bendable phablets are a reality now
A US-based firm called Royole is delivering on that age-old problem of not being able to fold up your devices (who hasn't ever wished they could fold their phone up...)
Hands-on review: Having fun in Knowledge is Power: Decades and Chimparty
They don’t revolutionise social video gaming, but they are enjoyable enough to occupy you during a wet weekend. 
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
Tile's Mate & Pro Bluetooth trackers land in NZ
If your car keys (or your tablet) have disappeared into the void at the back of the couch or if you left them somewhere in your car, retracing your steps to find them could be a thing of the past.
Government still stuck in the past? Not on GovTech's watch
What exactly is GovTech and what’s been happening in our capital city?
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.
Hands-on review: The iPhone Xs
The iPhone Xs is a win that brought numerous new and exciting features to the market.
How much does your Amazon Prime Video subscription really get you?
For our NZ$8.90 per month, the average cost per title is US$0.00126 - but we only really get a choice of 416 TV shows and 4321 movies. Choice is a little bit limited compared to other countries.