Secure Mobile Access Best Practices For Primary Schools

The new normal requires the flexibility to provide education over distance. Supporting primary schools’ goals for today’s digital classroom can include secure mobile access, yet obstacles stand in the way of balancing security, access, performance and value. Best practices for effectively implementing a protected mobile learning environment include maintaining high security, connectivity, robust performance, and low total cost of ownership. This solution brief details practical steps to achieve those best practices.

  • Published: 08-04-2022

  • Related Category: Security Operations

  • Type of Content: White Papers

  • Owner: Sonicwall


As recent events have illustrated, students, staff and faculty are not always able to get to the classroom. But education must carry on. At times, learning can only take place over distance. Whether due to public health concerns, natural disasters (e.g., hurricanes, earthquakes, etc.), or other disruptors (e.g., power outages, safety lockdowns, etc.) schools need to ensure consistent access to resources, tools, communication and collaboration. Mobile access must be available for staff, faculty – and in cases where schools manage remote connectivity – for students as well. At the same time, schools need to ensure this access is safe, secure, compliant and reliable. Having a robust and reliable access security service has never been more critical. A key element of ensuring reliable mobile access is maintaining security updates, but maintenance can disrupt service and performance. Schools need to maintain a flexible learning environment without losing availability, but deploying a highly available service can be complex, costly and time consuming.

Effective cybersecurity must include secure mobile access

Providing mobile access opens an explosion of exposure points over a myriad of potentially insecure mobile endpoint devices.

Human fallibility and risky online behavior mandate that faculty, staff and students cannot be trusted to ensure the security of their own mobile devices.

Moreover, the array of threat types is expanding, deepening and getting smarter, including targeted ransomware, never‑before‑seen threats, memory‑based malware, side‑channel attacks and encrypted threats.

Ultimately, the security of your mobile network must match that of your wired network.

Best Practices: Simple, safe and agile mobility

To be effective, schools must provide mobile end users with easy and secure 24/7 access to key academic and administrative resources in an agile, easy‑to‑use, cost‑ effective and scalable way. This requires a zero-trust posture regarding any mobile device attempting to connect with school resources, whether those resources be on‑prem or in the cloud.

Stay operational regardless of what tomorrow's headlines may bring.

Secure mobile access is a core component of a zero-trust approach to anywhere, anytime access. Schools must also secure access from these mobile endpoints with limited budgets and skilled staff resources. This means streamlining deployment, availability and support to lower total cost of ownership.

In addition to secure mobile access, best practices for a secure distance learning environment should also consider mobile endpoint protection, web content filtering for remote users, and securing the use of web and cloud-based applications.

Secure Mobile Access

The SonicWall Secure Mobile Access (SMA) solution enables anywhere, anytime access across hyper-distributed enterprises. This gives your school the agility to stay operational regardless of what tomorrow’s headlines may bring

The SonicWall SMA 1000 Series provides schools with comprehensive end-to-end secure remote access to school resources hosted across on-prem, cloud and hybrid datacenters. It applies identity-based, policy enforced access controls, context-aware device authentication, and application level VPN to grant access to data, resources and applications after establishing user and device identity and trust.

SMA utilizes a modern HTML5 file browser that provides users with an intuitive experience that is like popular public cloud file share services. This familiarity enables productivity with ease of use. SMA supports industry standard authentication methods that use RADIUS and Kerberos for campus-hosted applications, and SAML 2.0 for cloud-hosted SaaS applications.

The endpoint control feature for SMA allows schools to enforce granular access control rules based on the health status of the connecting device, based on the type of user (admin, faculty, student or vendor), device being used, application being accessed and location of access. To provide network file share access to remote users, schools can configure a dedicated network drive that is segmented from other part of the network.

SMA integrates with Capture ATP, a cloud‑based multi‑engine sandbox, and extends automated real-time breach detection and prevention capabilities beyond the traditional corporate perimeter. When the user clicks on the share drive, the HTML5 file browser allows the user to navigate the folder structure.
SMA provides a drag-and-drop experience to upload files into the network share drive. When the user uploads a file into a folder, the file is scanned by our cloud-based multi-engine Capture ATP sandbox for malware and zero-day threats.
The verdict is delivered in near real-time, and suspicious files are rejected.

Flexibly deployed as a hardened Linux appliance or virtual appliance in private clouds on ESXi or Hyper‑V, or in AWS or Microsoft Azure public cloud environments. It supports up to 20,000 concurrent connections with a single unit and scale upwards of hundreds of thousands of users through horizontal clustering.

SMA streamlines your school’s distance learning initiatives with:

  • Always‑On VPN
  • Single Sign On (SSO) using SAML Identity Provider
  • High Availability
  • Multi‑Factor Authentication (MFA)
  • Capture Advanced Threat Protection (ATP) sandboxing
  • TLS 1.3 Support
  • Flexible and Scalable Deployment
  • Centralized management
  • Low TCO

Mobile content filtering

Schools also have a responsibility – and often a regulatory mandate – to protect students from inappropriate and harmful web content. For example, in the US, to receive E-Rate funding, schools are required by law to install a content filtering solution in compliance with the Children’s Internet Protection Act (CIPA).

For mobile endpoints outside the firewall perimeter, the SonicWall Content Filtering Client addresses safety, security and productivity concerns by extending the controls to block harmful and unproductive web content. The client is either installed manually or automatically deployed and provisioned through a SonicWall firewall. In addition to providing IT administrators the tools to control web‑based access for roaming devices, the Content Filtering Client can be configured to automatically switch enforcement to the internal policy once the device reconnects to the network firewall. In the event an outdated client attempts to connect to the internal network to access the Internet, the connection is denied and the user receives a message with steps for remediation.

>> Download White Paper to continue reading.

Related White Papers: