After taking a second look at a recently posted case study about Los Angeles Unified School District’s new 1:1 computing initiative, I counted over fifteen references to security and policy compliance. While a heavy emphasis was placed on an optimized learning environment, so was the idea of secure enterprise-class mobility.
To be successful, the team at LAUSD knew that rolling out over 30,000 tablets would require a number of unseen technical accommodations, such as easy user access, guaranteed user safety, data security and the ability to efficiently monitor and manage everything across a district that covers 720 square miles.
Luckily they worked on a plan and followed some simple ideas for what they’d need from a secure network access solution:
Contextual-based policies – this would allow LAUSD to differentiate access based on a user’s role (student, teacher or administrator), location (school or classroom), or device type (school-issued or personal). Dynamic attributes versus static context pulled from an active directory or database was a must as users would constantly be moving throughout the day. One example from the story talked about creating a policy that would limit user-owned devices to Internet-only access while district-issued devices would have access to various internal eLearning resources as well. A similar policy could be used to differentiate student and teacher access from the same room using device attributes and location.
Secure device connectivity – over time, LAUSD will move to an active directory for student access, so securely authenticating the new iPads was a key requirement. A simple way to introduce and use certificates without asking kids to remember logins and passwords was big. Because teacher accounts already authenticate against an active directory, the solution also needed to support multiple authentication methods and identity stores. The solution had to fit the districts needs and not the other way around.
User and device compliance – with kids accessing the network from anywhere within a 720 square mile radius it would be difficult to control the websites being visited. So LAUSD needed to ensure that only compliant devices were given network access when back on campus. Policies that leverage device profiling and posture assessment data would ensure that the iPads were adhering to compliance requirements while on and off campus grounds, before and during an active session. No bad apples.
The district’s size, scalability and adherence to a multi-vendor model may be unique but their goals can essentially be used as best practices for any size organization. Aruba’s ClearPass solution allows for the onboarding of popular operating systems, integration with device management solutions and consistent enforcement of policies regardless of which vendors Wi-Fi and wired infrastructure exists.
Make sure you take a look at the LAUSD case study to see how you can secure your network access project - http://www.arubanetworks.com/pdf/solutions/CS_LAUSD.pdf