When I first started in education IT, I could already see the multi-device world coming. The iPhone 3GS had just been released, and the iPad was rumored to be coming soon. At the same time, I also could sense enterprise networking moving to cloud services. Google was making headway with its Google Apps for your Domain product with schools, and the days of running onsite servers seemed to be coming to a close. A few years later, as everything moved to “apps,” I began to see a new trend. Security was moving away from the network and more to the device and corresponding apps. At the time, I called it “zero trust” networking, and I think it still remains supreme today.
About Making The Grade: Every Saturday, Bradley Chambers publishes a new article about Apple in education. He has been managing Apple devices in an education environment since 2009. Through his experience deploying and managing 100s of Macs and 100s of iPads, Bradley will highlight ways in which Apple’s products work at scale, stories from the trenches of IT management, and ways Apple could improve its products for students.
If you worked in an enterprise environment pre-iPhone, you probably remember sitting down at a Windows XP computer, logging in through Active Directory, and then opening up Outlook/Excel/Word. IT departments were in control. They would often set your computer wallpaper and Internet Explorer favorites.
Once the iPhone came out, it began to forge a world where the users were in control. The first step was C-level executives demanding IMAP enabled on their Exchange servers (iPhone OS didn’t support Exchange until 2.0). I believe that this showed Apple a shift was happening in the enterprise. For the first time, users were dictating the device, and how it was interacting with the network.
As time went along, users began to have more control of their devices. Between the iPad and BYOD, end-users weren’t being handed cheap Windows laptops. They were using iPhones, iPads, and MacBook Airs. The era of the user had begun. Along with that, security in the enterprise had to change with it. No longer could administrators count on devices needing to be blessed by IT. With iOS, there was no Active Directory sign in screen. Users had their own accounts for the App Store and could install whatever they wanted.
As this model began to spread, I began to rethink how K–12 networks should look. I realized that apps had caused us to need a zero trust network model. When it came to end-user device security, I needed to assume the device was on a network I didn’t control. Our security had to move to the apps.
Instead of onsite servers with AD login, we had apps for their own login system. Instead of assuming all of the devices on my network were IT-approved, I began to assume they weren’t. Instead of focusing first on my network security, I focused first on the device and app-based security.
My goal was to allow my users to access all of their documents and data regardless of where they were located. I made sure our devices (through mobile device management) had proper precautions, and I made sure our key apps were following proper security methods.
On the flip-side, I knew devices on my network would not always be managed by me (through our guest network), so I knew I needed to take precautions to protect my network. BYOD and guest devices likely only need access to the general internet, so I immediately VLAN their connection off and funnel them straight to the internet. These devices can’t access any internal resources like printers or have visibility into other devices.
If we really think about how the iPhone and iPad changed the world, one place you have to consider is how it changed the enterprise. It took IT departments from the gatekeepers of technology to the enablers of technology. For anyone that remembers having a Windows XP laptop that ran Microsoft Office and IE 6, we owe Apple a lot of gratitude.