Securing BYOD and 1:1 Network Access in Primary and Secondary Schools

Edtech that fails to work properly in primary and secondary schools inhibits learning rather than enabling it. Disparate technologies must come together seamlessly to elevate the classroom experience for teachers and students. Security is one key piece of the puzzle that schools can overlook in the rush to provide Chromebooks, iPads and other shiny objects for screen-based learning.

How will schools secure personally identifiable information (PII)?  What is student data, and where is it, so schools can ensure student data privacy? Under-staffed and under-budgeted IT teams (or the math or science teacher instead!) often struggle with how to get students, faculty, staff and visitors on the network quickly and securely.

Schools may use insecure methods for BYOD and guest onboarding due to lack of awareness about the security pitfalls of default methods for providing network access. (Just to be sure we’re clear—onboarding is the process by which a device gains access to the network for the first time). We detailed the shortcomings of these default methods in a recent blog entitled “What’s Wrong with PSKs and MAC Authentication for BYOD?”

Security-aware schools these days increasingly seek out a secure onboarding solution. Numerous schools have deployed Ruckus Cloudpath software to get 1:1, BYOD and guest users on the network and increase security. In case you’re not familiar with it, Cloudpath Enrollment System is a SaaS/software solution for delivering secure network access for BYOD, guest users and IT-owned devices. Why is Cloudpath software so popular in schools? Let’s consider a few of the reasons.

Device volume and diversity: Reliable network connectivity is a baseline requirement in schools, but first you have to get devices on the network. Users are bringing more devices, and more types of devices, than ever before to school. Cloudpath software onboards those devices with easy, self-service workflows that remove the need for IT intervention, letting schools accommodate ever-increasing numbers of diverse devices.

Simpler Authentication: During the onboarding process for BYOD or 1:1 users, students or teachers connect their devices the first time using existing network login credentials from directory services like Active Directory or LDAP. The Cloudpath software prompts the user to install a digital certificate on the device as the basis for network authentication going forward. The user does not need to enter their password again to connect to the network—the device authenticates in a way that is transparent to the user, and every connection is secure. That makes for a great user experience.

Massive Onboarding Events: Students all arrive at the same time when the school year begins, creating a huge wave of new devices that require network access. It’s not just students—teachers and administrators also arrive at school at the same time. The holiday season creates another wave of new devices. Graduation brings everyone together, including family and guests. Unless the school has a way to simplify getting online, users may inundate IT with helpdesk requests. Users may also post negative comments on social media or school review sites. Cloudpath software reduces the burden on IT by making it easy for users to self-provision their devices for network access.

Student Data Privacy Concerns: Schools take very seriously their responsibility to ensure data privacy for students. Government entities also require that they do so with regulations like FERPA (the Family Educational Rights and Privacy Act). Data privacy requires a solid foundation of data security, and digital certificates are a key element of a layered defense. Cloudpath secures every connection with powerful encryption for data in transit over the air using the WPA2-Enterprise security protocol—the safest and best method for delivering secure Wi-Fi access. The Cloudpath system also performs an up-front IT security posture check with remediation. You can define and manage policies for role-based access control—so that users only get access to the network resources appropriate to their role in the organization. These and other features enhance data security and help to ensure data privacy.

Technology Integrations: Cloudpath software integrates with any third-party offering that can consume its APIs. It interoperates with next-generation firewalls, web content filters and mobile device management products to further enhance security and improve user experience. Two Ruckus technology partners whose products are especially popular with schools are iBoss and LightSpeed Systems. Cloudpath works with their web filtering products to let them filter encrypted content, which helps schools achieve CIPA (Children’s Internet Protection Act) compliance. Cloudpath Enrollment System also uniquely integrates tightly with Chromebooks to enable single-tap onboarding.

As you can see, Cloudpath Enrollment System is a great fit for primary education—so it’s no coincidence that schools have embraced it so wholeheartedly. One final attribute to consider: it’s fully vendor agnostic, so you can deploy Cloudpath software with your existing wired/wireless infrastructure.

As a next step, you can view this video that highlights what Cloudpath software can do for schools. View our customer case study for Fairfax County Public Schools. Or watch our “Securing Chromebook Classrooms Made Easy” webinar with Lightspeed Systems. When you’re are ready to take the next step, feel free to request a product demo.

Ruckus Networks
Ruckus Networks

Simply better connections.

No Comments Yet

Comments are closed