From ABCs to BYOD

Security 7 Award winner Phil Scrivano heads a BYOD program for the 17 public schools in Los Angeles County, securing network access from kindergarten on up.

This article can also be found in the Premium Editorial Download: Information Security magazine: 2013 Security 7 award winners revealed:
Philip Scivano

As chief technology officer of Las Virgenes Unified School District (LVUSD) in Los Angeles County, I keep up on IT trends across industries. Over the past year, I've seen many articles debating the benefits and risks of enabling bring your own device (BYOD) in the enterprise. It may come as a surprise, but for my school district this debate is old news.

Today the district provides wireless connectivity across our 17 public schools, enabling every student and teacher, from kindergarten up, to use personal devices in the classroom. (This BYOD program is distinct from the Apple iPad rollout in the Los Angeles Unified School District.) By welcoming these devices, we've been able to adopt a technology-rich curriculum aimed at giving our students the skills to succeed in today's world and beyond. Along the way, we addressed the same security concerns that plague organizations across all industries, as well as some that are specific to education.

CIOs contemplating BYOD programs can identify with many of the challenges we faced, including how to enable our 11,500 K-12 students and 650 teachers to bring a variety of mobile devices to school and get a quality, secure connection. It's a scale similar to that of many Fortune 500 companies, and we had to rebuild our network infrastructure to make sure it was up to the task. We reconfigured the firewall, all VLANs, access control lists, server infrastructure and replaced every network switch in the district with a Layer 3 Gigabit Ethernet device. This all had to be accomplished before building a Wi-Fi infrastructure.

Philip Scrivano, Chief Technology Officer, Las Virgenes Unified School District

  • Former management analyst for California's Fiscal Crisis and Management Assistance Team, evaluating technology directors throughout the state; conducted studies for seven county offices of education, 54 school districts and two junior colleges.
  • Lead forensic technology investigations at more than 40 schools across the state.
  • Early supporter of technology in the classroom: As an educator, Scrivano used the Apple IIe in his sixth grade classes.

Teachers also had to have confidence in the network before they would buy into using personal devices in their classrooms. In the words of one teacher: "I'm not going to make a lesson plan that depends on technology unless it's reliable." When a single day of teaching costs our district $400,000 and when thousands of our students now take nationalized testing online, a robust network is a very sound investment.

We needed strong security controls, but we couldn't afford to hire additional IT staff to police our students and their devices. This meant we needed a policy engine that would automatically identify every user connecting to the network, whether a student, teacher, administrator or guest, and give them access to appropriate resources for their user type -- but nothing else. The policy engine also had to identify every device, associate it with the user and ensure that it was free of malware before allowing it on the network. Ultimately we selected a network access control (NAC) system from Bradford Networks to provide these capabilities. We also use an Internet content filter from Nomadix, and only credentialed LVUSD staff can decide which sites are allowed.

For district-owned devices, we are deploying AirWatch mobile device management. We use WPA2, 801.2x and Microsoft Active Directory combined with our NAC system to onboard all devices. This ensures that security is applied to every device connection and that the user is placed on the appropriate VLAN and security profile.

We also designed a simple on-boarding process suitable for the entire LVUSD community. All students are allowed to bring up to four devices to school -- even kindergartners. Students register their devices once a year, which they can do from home so parents can help younger students.

Outside of work

Plan B: Always! I am a change agent and life-long learner. When my work is done, I move on to the next exciting challenge.

Security hero? Kenneth S. Rosenblatt, author of High-Technology Crime: Investigating Cases Involving Computers

Two things people don't know about you: I like to read more than watch television, and I have found 900 geocaches. 

How you unwind: I ride my Yamaha FZ1 and crew foredeck on ocean racing sailboats.

What keeps you up at night? My four children

Now, whenever Julie Smith turns on her Windows, iOS or Android device, our NAC system knows that it belongs to Julie Smith in group Student and Sixth Grade; verifies that her device is safe and gives Julie instant access to grade-appropriate resources. If the device is compromised, it's quarantined until she updates her software using a link provided. Julie's user group, the resources her group can access and the security requirements for her devices are all defined using the security policy engine and then enforced automatically.

We can also detect inappropriate or dangerous activity and take immediate action. For example, if the content filter detects cyberbullying or threats, the software can identify the owner of the device, take the device off the network and alert the principal in real time. We know that parents want a safe school environment for their children and we take that responsibility very seriously.

Our school district now has a rich new environment where students, parents and teachers are much more engaged in the learning process. One example that comes to mind: the student from Iraq whose grades have gone from Cs to As because he can simultaneously translate the teacher's lectures on his iPad. Another is the social studies teacher whose students fact-check her in real time and get extra points if they find a mistake. Still another is the fourth grade class where students blog about what they learn and parents respond with comments -- and guess what the dinner conversation is about that evening? These are just snapshots of how our BYOD program is changing the way our students learn every day.

I believe that by integrating technology into the curriculum, we'll be able to demonstrate that we have the brightest students in the world here in the United States. BYOD is at the heart of it, and even on a scale like ours, the security concerns are manageable without additional staff. The result is a new learning environment to prepare our students for the challenges and opportunities that await them.

This was first published in December 2013

Dig deeper on Network Access Control Basics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close