The new normal requires the flexibility to provide education over distance. Supporting primary schools’ goals for today’s digital classroom can include secure mobile access, yet obstacles stand in the way of balancing security, access, performance and value. Best practices for effectively implementing a protected mobile learning environment include maintaining high security, connectivity, robust performance, and low total cost of ownership. This solution brief details practical steps to achieve those best practices.
Related Category: Security Operations
Type of Content: White Papers
As recent events have illustrated, students, staff and faculty are not always able to get to the classroom. But education must carry on. At times, learning can only take place over distance. Whether due to public health concerns, natural disasters (e.g., hurricanes, earthquakes, etc.), or other disruptors (e.g., power outages, safety lockdowns, etc.) schools need to ensure consistent access to resources, tools, communication and collaboration. Mobile access must be available for staff, faculty – and in cases where schools manage remote connectivity – for students as well. At the same time, schools need to ensure this access is safe, secure, compliant and reliable. Having a robust and reliable access security service has never been more critical. A key element of ensuring reliable mobile access is maintaining security updates, but maintenance can disrupt service and performance. Schools need to maintain a flexible learning environment without losing availability, but deploying a highly available service can be complex, costly and time consuming.
Providing mobile access opens an explosion of exposure points over a myriad of potentially insecure mobile endpoint devices.
Human fallibility and risky online behavior mandate that faculty, staff and students cannot be trusted to ensure the security of their own mobile devices.
Moreover, the array of threat types is expanding, deepening and getting smarter, including targeted ransomware, never‑before‑seen threats, memory‑based malware, side‑channel attacks and encrypted threats.
Ultimately, the security of your mobile network must match that of your wired network.
To be effective, schools must provide mobile end users with easy and secure 24/7 access to key academic and administrative resources in an agile, easy‑to‑use, cost‑ effective and scalable way. This requires a zero-trust posture regarding any mobile device attempting to connect with school resources, whether those resources be on‑prem or in the cloud.
Stay operational regardless of what tomorrow's headlines may bring.
Secure mobile access is a core component of a zero-trust approach to anywhere, anytime access. Schools must also secure access from these mobile endpoints with limited budgets and skilled staff resources. This means streamlining deployment, availability and support to lower total cost of ownership.
In addition to secure mobile access, best practices for a secure distance learning environment should also consider mobile endpoint protection, web content filtering for remote users, and securing the use of web and cloud-based applications.
The SonicWall Secure Mobile Access (SMA) solution enables anywhere, anytime access across hyper-distributed enterprises. This gives your school the agility to stay operational regardless of what tomorrow’s headlines may bring
The SonicWall SMA 1000 Series provides schools with comprehensive end-to-end secure remote access to school resources hosted across on-prem, cloud and hybrid datacenters. It applies identity-based, policy enforced access controls, context-aware device authentication, and application level VPN to grant access to data, resources and applications after establishing user and device identity and trust.
SMA utilizes a modern HTML5 file browser that provides users with an intuitive experience that is like popular public cloud file share services. This familiarity enables productivity with ease of use. SMA supports industry standard authentication methods that use RADIUS and Kerberos for campus-hosted applications, and SAML 2.0 for cloud-hosted SaaS applications.
The endpoint control feature for SMA allows schools to enforce granular access control rules based on the health status of the connecting device, based on the type of user (admin, faculty, student or vendor), device being used, application being accessed and location of access. To provide network file share access to remote users, schools can configure a dedicated network drive that is segmented from other part of the network.
SMA integrates with Capture ATP, a cloud‑based multi‑engine sandbox, and extends automated real-time breach detection and prevention capabilities beyond the traditional corporate perimeter. When the user clicks on the share drive, the HTML5 file browser allows the user to navigate the folder structure.
SMA provides a drag-and-drop experience to upload files into the network share drive. When the user uploads a file into a folder, the file is scanned by our cloud-based multi-engine Capture ATP sandbox for malware and zero-day threats.
The verdict is delivered in near real-time, and suspicious files are rejected.
Flexibly deployed as a hardened Linux appliance or virtual appliance in private clouds on ESXi or Hyper‑V, or in AWS or Microsoft Azure public cloud environments. It supports up to 20,000 concurrent connections with a single unit and scale upwards of hundreds of thousands of users through horizontal clustering.
SMA streamlines your school’s distance learning initiatives with:
Schools also have a responsibility – and often a regulatory mandate – to protect students from inappropriate and harmful web content. For example, in the US, to receive E-Rate funding, schools are required by law to install a content filtering solution in compliance with the Children’s Internet Protection Act (CIPA).
For mobile endpoints outside the firewall perimeter, the SonicWall Content Filtering Client addresses safety, security and productivity concerns by extending the controls to block harmful and unproductive web content. The client is either installed manually or automatically deployed and provisioned through a SonicWall firewall. In addition to providing IT administrators the tools to control web‑based access for roaming devices, the Content Filtering Client can be configured to automatically switch enforcement to the internal policy once the device reconnects to the network firewall. In the event an outdated client attempts to connect to the internal network to access the Internet, the connection is denied and the user receives a message with steps for remediation.
>> Download White Paper to continue reading.
In March, for companies across the United States, “business as usual” became business uncharted, as the novel coronavirus spread throughout the nation at an unchecked pace.
With customers demanding personalized experiences plus increasing cost pressure from competitors, bank executives are leaning on their IT departments to find agility and efficiency improvements.
Colleges and universities are increasingly dependent on cloud- based apps and mobile connectivity. Meanwhile, cyberthreats are on the rise, and compliance and security requirements are more stringent than ever. Universities must embrace a boundless network security approach. This brief examines critical network security needs for today’s universities and explores best practices for selecting an effective next-generation firewall platform.
Massive network traffic growth and changing business requirements can be a network security nightmare. Appliances can’t scale to meet unpredictable traffic peaks while upgrades can take time and resources to acquire, configure, tune, and operate. What’s needed? A hyperscale network security architecture offering flexibility and ease of use as business and technical requirements change. This is exactly what Check Point’s Maestro can do.
Let’s face it. Your organization is probably not doing all it could be to secure your users and IT resources. You know all about the high-profile hacks and exploited vulnerabilities, and you’re of course concerned. But security is not the only thing consuming your organization’s limited resources, and besides, you haven’t been seriously breached. So far, anyway.
As other companies have learned the hard way, hope is a valuable human trait, but it’s not a firm foundation for a security strategy. Fortunately, there are compelling reasons to focus on improving your enterprise’s security and steps you can start taking today to do so significantly.
As we learned from the Rightscale 2019 State of the Cloud Report from Flexera, cloud computing adoption is close to universal across organizations of all sizes: 94% of survey respondents reported that their organization uses the public cloud. We also see that enterprises continue to embrace hybrid and multi-cloud strategies (see Figure 1). Hybrid cloud adoption has grown from 51% to 58%, and multi-cloud adoption increased from 81% to 84% over the previous year.
Business agility, productivity, operational efficiency, flexibility, and profitability are undoubtedly the key drivers behind enterprise public cloud adoption. The public cloud allows compute-store-network resources to be acquired and deployed more rapidly. Once deployed, these resources can be scaled up or down as needed to meet demand.
Virtually every passenger car and commercial vehicle that has seats also has seat belts. And there is voluminous research that seat belts save lives and reduce crash-related injuries. For example, according to the U.S Centers for Disease Control and Prevention (CDC), “Seat belts reduce serious crash-related injuries and deaths by about half .”
A significant figure, given that CDC estimates that “More than 2.2 million adult drivers and passengers were treated in emergency departments as the result of being injured in motor vehicle crashes in 2012” and that “Nonfatal crash injuries resulted in more than $50 billion in lifetime medical and work loss costs” in that same year.
In Introduction to Cloud Security Blueprint 2.0 we discussed the basic concepts (Shared Responsibility model, Zero Trust) as well as the advanced challenges that must be addressed by a modern cloud security architecture. Those challenges include increased attack surfaces, diminished visibility, dynamic and ephemeral workloads, automated DevOps processes, excessive privileges, and multiple cloud environments.
Cloud security is often more complex than on-premises security and must consider the shared responsibility model between cloud vendors and cloud users, and the additional threat vectors introduced by each new cloud service. Check Point CloudGuard Network Security provides cloud customers with the same threat prevention technologies as their on-premises security solutions and the same user interface, enhanced by cloud benefits of increased efficiency, better scalability, compliance automation, and improved agility.
Taking the deep dive into what your systems, services and apps are really doing. Observability has been called everything from a trendy tech buzzword to a “monitoring-on-steroids” must-have. The truth is more involved — especially given the increased complexity of the modern infrastructure and the undisputed need for better monitoring higher in the stack, and deeper in the system.