Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

BYOD for school system

This thread has been viewed 3 times

  • 1.  BYOD for school system

    Posted May 19, 2016 03:48 PM

    Hello,

    We have CPPM.  Users onboard to BYOD as as part of that process certificates are installed for connectivity to the BYOD network. Users authenticate one time using their AD credentials for the registration process. We have posted documentation for users with various device examples for registering, Complete with flashy screen shots and everything :-)  Feedback from some folks indicate that the registration process is simply too cumbersome and "takes too long" and is too "complex".  

     

    1) Some folks don't want to authenticate and install certificates on their device, they think we are watching them.  I know we can't fix this paranoia specifically.  But try to make them understand the certificates are a way that you don't have to keep reauthenticating on your device (ie put in your username and password repeatedly) is a good thing.

     

    2) Some folks claim the one time authentication process is just too darn difficult and they either give up before they even begin or can't get thru it.  Is there a way to dumb things down?  

     

    3) We might eventually expand BYOD to elementary schools, and the thought is that the current registration process might be too difficult for younger folks to handle.   

     

    We would like to continue to have visibility / accountablity for users and not just have a wide open network.


    So what would be a happy compromise, a way to be diplomatic to the concerns?  Are there other options than what we do now?

     

    A more seamless registration but still have that accountability piece that CPPM helps provide?

     

    Thanks for ideas!
    Sarah

     

     

     

     

     



  • 2.  RE: BYOD for school system

    Posted May 23, 2016 08:20 AM

    Personal opinion here and not technical expertise:

     

    1. Education is key. Explain to the users why it is better for them to onboard. Additional security, they don't need to keep logging in etc etc. It may be cumbersome but it is something they only have to do once (or once per year) to get network access.

     

    2. Offer some sort of technical clinic or workshop. A time during the day, probably at the start of term, when people can come with their devices and onboard. IT staff are on hand to help and educate the users.

     

    3. If you are pressurised and need to revert back to some captive portal access, try to retain onboarding and look at the ways that this could provide additional network access on top of what other users may get. Maybe onboarded users can access specific internal servers where users who use the captive portal can't.

     

    Just some thoughts based on discussions I've had with educational institutions.

    Best of luck!