School Gives Students Secure Web Access to Needed Applications
PDM Group of Institutions uses Cisco Web Security Appliance to manage network bandwidth for rapidly growing student body.
The PDM Group of Institutions (PDM), located in Bahadurgarh, near Delhi, India, provides primary, secondary education as well as higher education and operates 14 different institutions that offer high-quality technical, business, engineering, and medical education. The main, 95-acre campus is home to more than 15,000 students and 1200 faculty members. The institution’s mission is to contribute to society through the pursuit of education, learning, and research at the highest level of excellence – and that excellence is driven by technology.
Chitresh Lather, CEO of the PDM Group of Institutions, has seen many changes in the past 19 years that PDM has operated. A long-time Cisco customer, PDM built its organization using Cisco® networking technology across its campuses. PDM also provides its students with the opportunity to remain connected to the outside world via its unified wireless communication network. With over 100 access points providing uninterrupted wireless Internet connectivity, the campus is one of India’s most advanced technical campuses.
“Our different institutions are covered by 10 gigabits of fiber-optic cable, which connects Cisco switches, routers, LAN controllers, and firewalls. It’s a lot of bandwidth – which is required for the digital learning that goes on today,” said Lather. “Both teachers and students use iPads in the classroom for teaching.”
In addition, PDM has a bring-your-own-device (BYOD) policy that allows faculty and students to connect personal PCs, tablets, and smartphones to the network. This policy means IT needed to be able to control access and web filtering so that the PDM network could handle the additional traffic.
Security Solution
In 2013, PDM implemented the Cisco Web Security Appliance (WSA). The WSA combines Advanced Malware Protection, application visibility and control, acceptable-use policies, insightful reporting, and highly secure mobility on a single platform.
“With more than 10,000 students accessing the network each day, we needed a deep level of granular control,” says Saurabh Seth, network administrator. “There were many students who wanted to access social media – which is, of course, acceptable. However, we didn’t want them using our bandwidth to play Internet games,” says Seth.
Seth continues, “The granularity of the URL filtering makes our job easier. For instance, we give our students the ability to access educational videos on YouTube, but not the capability to comment on those videos. It’s a simple option like this that helps us keep bandwidth in check.”
Like students everywhere, the students in the college of engineering and computer science are naturally curious and had found ways around earlier security protocols. And BYOD only exacerbated that. “The WSA has transfer and redirection, which allows us to decide which files should be blocked, which should be allowed, and where traffic should redirect to,” says Seth. “It also has very good control around encrypted traffic.”
Seth cites the WSA’s ability to control encrypted traffic. This can be a blind spot for IT, and with thousands of students accessing the network each day, the potential for subverting both security and performance is a real concern. “The WSA has good control around encrypted traffic, and it doesn’t impede bandwidth.”
In addition, the WSA allows the IT staff at the PDM Group of Institutions to set restrictions on file size. “This is really helpful to us,” says Seth. “It saves our network bandwidth, because we can restrict downloads to 100 MB or even 80 MB.”
The IT team at PDM appreciates the real-time threat intelligence embedded in the WSA. The Security Intelligence Operations (SIO) team at Cisco delivers early-warning insights and vulnerability analysis with some of the industry’s largest collection of real-time threat intelligence: 100 terabytes of security data daily, 13 billion daily web requests, 150 million endpoints, and 1.6 million deployed security devices.
“The SIO team is constantly updating our web appliance. It protects us completely and offers us very good control over malware and security issues,” says Seth.
The Cisco Wireless LAN Controller also helps PDM control its network performance. “If we let them, students might connect three or even four devices to the network at one time – PC, iPad, smartphone, tablet. But with the Wireless LAN Controller, says Seth, “it’s easy to set policy and allow the students to connect only one device at a time, saving network performance. It’s an unnecessary connection, really. At a single time, a person can really only operate one device, so it’s not a hardship.”
(Read More about the business results here)