Imagine an organization where employees are given several consecutive months of vacation every year. It sounds like a dream, but in the era of BYOD, it could also be an IT exec's worst nightmare.
Erik Greenwood, CTO of the Anaheim Union High School District (AUHSD), which consists of 21 California schools and 33,000 users with network access, says the end of summer vacation used to mean the beginning of malware season.
Faculty members would spend summer break leisurely browsing the web, freely clicking on links, opening email attachments, and only rarely updating their software, Greenwood says. As employees and their devices came back to school, they often brought viruses with them.
One virus strain forced a complete re-install and upgrade of the district's email suite. In another case, the district's IT department had to "isolate and bring down subnets to try and triangulate the virus," Greenwood says.
Each case meant his department had to work an extra "couple hundred hours, easy," he says. "There's an opportunity there that was lost where we could have been working on other projects," Greenwood says.
Greenwood turned to network access control. "We had a particular strain where our anti-virus was having real challenges addressing the outbreak," Greenwood says. "And we got to the place where we saw network access control as a necessary piece of infrastructure, not only for the staff piece, but we were looking for it with the incoming students bringing their own device."
And security wasn't Greenwood's only concern. He recalls multiple cases in which rogue devices brought down the district's network. One school flat out ran out of IP addresses to assign its devices. In another case, a rogue device on the network began acting as a DHCP server, competing with the district's actual DHCP server and distributing IP addresses of its own.
The district deployed a network access control solution from Bradford Networks and customized it to address its unique situation. The school district's network now sees traffic from more than 12,000 of its own devices, from PCs to printers, and needs to accommodate a fluctuating number and variety of devices brought from outside.
Greenwood says the initiative began at the application layer, and later evolved to include communications apps. The project involved setting policies and restrictions on who can access the network with what devices, what types of content users are allowed to view, and so on. In an ever-changing mobile market with new applications and content delivery formats, Greenwood says he prefers to begin with tighter regulations and expand them to accommodate user needs as they arise.
"As we continue to grow, we have all of these systems that are competing for bandwidth," Greenwood says. "And that's kind of been the thread, trying to grow our network, and that continues to be the challenge."
Sign up for CIO Asia eNewsletters.