Comprehensive Security Is More Than Filtering

Hi, my name is Antony Binu Joseph, and I have been a Coppell resident since 1998. My wife & I have a 6th and an 8th grader at West – so a lot of changes coming up for us this year. I work for one of the larger global Systems Integrators, and my day job is develop the detailed technical solutions for the large & complex mobility projects we work on, and as well as to implement them.

It is with both of these lenses I would like to share my feedback on what I heard during the Technology update last Monday week. While there were a number of topics, I would like to focus on the following three:

  1. Filters vs Apps:
    Frankly speaking, we spent too much time talking about web filters and not enough quality time on applications and mobile device management. In my opinion, web filters are mature technologies with SLAs from reputable companies to protect you.MDM technologies, on the other hand, are relatively immature compared to what is available for desktops, and especially so for Apple mobile devices. Apple has been slow to open up their ecosystem to 3rd parties, and it has only been with the recent Device Enrollment Program updates that the MDM profile can actually be made mandatory as part of the device enrollment, and locked. Otherwise, you run the risk of having a student delete the profile immediately after they get the iPad and effectively disable any monitoring or any other policies in place.
  2. Network Management:
    Sam made a very valid point that many of the wireless complaints made were really “network issues.” I will leave aside the points as to how a misconfigured switch could have taken down a school network as that will get into all kinds of ugly questions about how IT changes are tested and implemented with the CISD. For example, how the recent Google Images blocking was implemented…Instead, let us talk about the growth in internet facing traffic. We did not have a discussion as to why that growth is taking place and whether the traffic is actually valid. That is, how much of that traffic is the Spanish class watching the Telenovellas during the class time as they were supposed to or was it really the other students catching up on their TV & movie watching during school time? BTW, I hear that Army Wives is quite popular in the high school, and with Netflix blocked, Hulu Plus and Amazon Prime work just great.I do not know what type of firewalls and other networking infrastructure the district has put into place, but with the right tools – eg: deep-packet inspection – and a few other changes, you could absolutely know what type of traffic it was and which iPad was doing it. You could even drop the invalid traffic… While throwing more bandwidth at the problem is easier, this is however, the type of network traffic engineering and shaping are standard operating procedures on the corporate networks.
  3. Application Management:
    One has to manage the applications and not have a free for all – ideally through setting up group profiles for similar users to make management & administration easier. For example, one for elementary students, another for middle school, and so on. That also means defining a closed set of applications that are appropriate for each profile.As a member of the Parent Technology Advisory board, I understand that CISD is proposing to block certain apps such as most gaming apps. While I don’t want to short circuit the discussion we will have Thursday night, this is a good start, but is a long ways away from being done. I believe the philosophical approach that CISD is taking is fundamentally flawed, and will leave you – the board members & administration – exposed to litigation should bad events occur. It is not a question of if, but rather of when. In my Sarbanes-Oxley world, I can assure that it will be hard to make the case for proper diligence when you have the already purchased the tools but chose not to implement it wisely.

Don’t get me wrong – I am a passionate proponent of technology, and work with my clients to develop the right business cases for their mobile projects. However, in those cases, I help to evaluate both the benefits and costs to ensure that the benefits do indeed outweigh the costs.

Thank you for your consideration, and I would be glad to talk further in more detail at a later time if you would like.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s