24
Securing Personal Devices on Your Network Dennis Muley President, Impulse Point
Securing Personal Devices
on Your Network
Dennis Muley
President, Impulse Point
Anytime, Anywhere Learning
• Advent of Public/Private Cloud Computing Model
• Ubiquitous Availability of High-Speed Wireless
• Exponential Growth of Mobile Devices
Consumerization of IT
The Perfect Storm….
Anytime, Anywhere Learning
District-Wide Bring Your Own Device (BYOD) Personally-Owned Mobile Device Management
BYOD
Ownership
Co
ntr
ol
Guest
Managed
Anytime, Anywhere Learning
Business Drivers for BYOD in K-12
• Enhance Collaborative Learning Environment
• Subsidize Cost of 1:1 Student-Computing Requirements
• Support Centralized Application Portal (Cloud) Model
• Satisfy Student, Faculty, and Parent Expectations
Anytime, Anywhere Learning
HIED NAC Competitive Displacements “The Most Extreme BYOD Environment”
• Enhanced End User Experience
• Reduced Help Desk/Support Calls
• Increased Reliability/Availability
• Ability to Scale Enterprise-wide
• Centrally Deployed and Managed
• Managed Support Update Services
• Lower Total Cost of Ownership!
Anytime, Anywhere Learning
BYOD Solution Requirements
User Identity
Device Type Profiling
Device Ownership
User Centric Self-
Enrollment Automated Secure
On-Ramping
Real-Time Policy
Assessment
Dynamic Role-Based
Enforcement
Self-Guided Remediation
Anytime, Anywhere Learning
Safe•Connect BYOD Policy Management District-Wide - Wireless, Wired, Remote VPN
POLICY MODULE KEY FEATURES
User Authentication Authorizes network user access (AD, LDAP, RADIUS) - SSO Support
Guest User Management Automates guest user self-registration process via SMS/Text that can
restrict endpoint devices to Internet-only access role by time and date.
User-Centric Role Assignment Identifies role by user identity, device type, device and asset ownership.
WPA2 Enterprise - 802.1X
Device Configuration
Automates the user experience of “on-ramping” devices unto
WPA2 Enterprise/802.1X secure wireless and wired networks.
Acceptable Use Policy -
User Agreement Auditing
Displays organization’s acceptable use network policies and allows
user to accept policies prior to receiving network access privileges.
Anti-Virus/Anti-Spyware Manages compliance with anti-malware software policies.
Microsoft OS Patch Ensures that users are up-to-date with Microsoft OS patches
and integrated with existing patch management systems.
P2P File Sharing Prohibits use of non-approved applications such as P2P file sharing. (HEOA)
Rogue Access Point Manages adherence to Network Access Translation (NAT) device policy.
Broadcast Messaging Delivers on-demand emergency broadcast (desktop alert) messaging.
Custom Policy Builder
Ability to build custom policies or integrate with third party systems to
automate endpoint security policy acceptable standards.
Compliance Reporting Real-Time & Historical Reporting Dashboard and Data Export/Archiving
Anytime, Anywhere Learning
Device Network Access “On-Ramping”
Anytime, Anywhere Learning
Guest User Self-Enrollment
Anytime, Anywhere Learning
User Self-Enrollment
Anytime, Anywhere Learning
Device Self-Enrollment
Anytime, Anywhere Learning
Optional Approval Process
Anytime, Anywhere Learning
Comprehensive On-Ramping • Automated Provisioning For WPA2 Enterprise & 802.1X • Resolve Software Conflicts Affecting Wireless • Install Safe•Connect NAC Policy Key in one easy step
Cross-Platform Support
Built for Education Industry • Eases deployment concerns in multi-OS, unmanaged environments • Lightweight, uses Standard OS Components • Zero Dependency Approach
Xpress•Connect Secure Mobile Device Enablement
Anytime, Anywhere Learning
Real-Time & Historical Reporting Dashboard
Anytime, Anywhere Learning
Less hardware, integration and management complexity
Real-Time Endpoint Security Assessment and Enforcement
Integrates with existing IT Infrastructure and requires no
network upgrades/changes
No SLA impact on network performance or availability
Highly Scalable, Distributed Design (VMware Enabled)
Pre- & Post-Admission checks across wired, wireless, VPN
Vendor and Layer2 Network Independent (Non-Intrusive)
Out-of-line Network Design (Fails-Open)
Reduced Business Risk Lower Total Cost of Ownership
Equates to Faster ROI
Delivered as a Managed Service (Plug-and-Protect)
A Simpler, Smarter, Faster Way to Manage BYOD
Anytime, Anywhere Learning
SIEM,
IDS/IPS,
Application
Integration
Safe•Connect NAC Policy Enforcer
Remote/Home Users
User Registration
Non-Compliant Quarantined
Guest Restricted Access
Compliant Full Access
Pre & Post Admission Security Assessment
Remediation Web Sites
Securing the K-12 Data Center Cloud
School #1 School #2
Internet
WAN
Virtual Data Center District Office
Router
Authentication Anti-Virus Server Patch Server Stoneware
Wireless Network
Anytime, Anywhere Learning
Impulse Point K-12 Customer Case Studies
Anytime, Anywhere Learning
Challenge: Personally-Owned Devices aka BYOD
“We know Impulse Point Safe•Connect is the right answer for us
as we grapple with the increasing complexity of handling the
growing number of unmanaged and managed
devices connecting to the network.”
“Impulse Point’s expertise in higher education
environments has been invaluable as our K-12 world
starts to look similar and we find new ways
to tap into technology for learning.”
Marc Elliott
Director of Technology
Bethel School District, Washington
Anytime, Anywhere Learning
Challenge: Visibility and Control / Malware
“Our biggest concern was keeping anti-virus,
anti-spyware, and patches up to date. Additionally,
we were concerned about the possibility of
unauthorized devices being attached to our
network without a reliable and consistent means
of detecting and securing those devices.”
“Once Safe•Connect was deployed,
we were immediately able to see where
problems existed and get them corrected.”
Diane Driggers
Director of Technology
Berkeley County School District, South Carolina
Anytime, Anywhere Learning
Challenge: Ease of Deployment
“Deploying Safe•Connect was incredibly easy and
problem-free. We received the boxes and literally 20 or
30 minutes later we were up and running.”
“Our District was able to completely circumvent the
purchase of numerous new hardware and
the lengthy process and investment of client installation.
No weeks of training or complicated jargon to learn.
Within an hour, we were ready to go.”
Brad Bowers
Senior Network Engineer
Lexington District One, South Carolina
Anytime, Anywhere Learning
Challenge: Flexibility and Control
“What’s wonderful is that we have the control
to decide the conditions and levels of warning too.
It can be just a warning, a warning for a certain number of times,
or access lost immediately if there is an extreme situation.”
“With this warning flexibility, we don’t need to
disrupt our students and faculty unless it’s
necessary. They can continue
their work and learning.”
Richard Kassissieh
Director of Information Technology
Catlin Gabel School, Oregon
Anytime, Anywhere Learning
Challenge: Scalability and Service
“Safe•Connect is an amazing solution for K-12 school districts
and the challenges we face today. It doesn’t require much
training or an expensive consultant to help set it up.
The ease of implementation and peace of mind
with a truly secure network are incredible.”
“This is especially advantageous to educational institutions
that need high-scalability security and
diverse device network features,
despite thinly stretched IT teams and budget concerns.
It is a perfect solution for Lexington One.”
Jeff Salters
Chief Operations Officer
Lexington District One, South Carolina
Anytime, Anywhere Learning
Dell Connected Learning Infrastructure Enables Digital Learning Environments
23
Network Infrastructure
Information Portals
Applications
Core Infrastructure
Data Storage
Systems Management
Secure Access
Connected Classrooms
Home / Remote Users
Impulse Point’s Safe•Connect
Provides Secure BYOD
Access in Dell’s
Connected Learning
Infrastructure
Anytime, Anywhere Learning
Questions & Answers
