Technology in the education sector, particularly for K-12 schools, often poses unique challenges not seen in business or enterprise organizations. The iPad is a great example. As we noted yesterday, BYOD is generally not a good idea for school environments. That means effective iPad deployments are typically managed by schools and education IT staff.
There are plenty of stories out there about schools moving forward with one-to-one iPad deployments (we’ve run two this week – one about the massive iPad investment by San Diego’s school district and one on East Alton’s decision to lease iPads instead of buying them). One-to-one initiatives, in which each student gets his or her own device for use in class and at home, are generally considered a much more effective and ideal model than when students sharing devices during to school hours.
One-to-one programs, which were first established for laptops, can be challenging because such programs need to take into consideration that the iPads will be used at home. One area where this creates problems for schools is the need to comply with filtering regulations.
Although Internet content filtering isn’t required by U.S. federal law, the Child Internet Protection Act (CIPA) does tie certain types of funding for technology to “an Internet safety policy that includes technology protection measures.”
Additionally, many U.S. states have their own laws and regulations when it comes to Internet content that can be viewed using school technologies. Most require just the adoption of policies around Internet use, but some explicitly mandate filtering solutions. Many also describe filtering as applying to any and all school-owned or managed technology regardless of how or where that technology is used.
In general, filtering isn’t a problem for schools as they can easily install a filtering mechanism like a proxy server at the point(s) of their Internet connection(s). That works quite well for computers and devices on school grounds (desktop notebooks, iPads, and anything else). It doesn’t handle use of school technologies off campus, however. With one-to-one laptop programs, that isn’t a big problem – simply use on-device filtering options.
iPads, however, are a different story. Apple’s iOS sandboxing requirement for apps limits the ability of third-party developers to implement on-device filtering options that mirror what can be done on a Mac or PC. Proxy settings are technically an option, but the likely use of an iPad on multiple networks outside of the school’s network can make it difficult to implement them effectively.
At this point, there are two approaches that schools can take to comply with these kinds of regulations. The first is to invest in an alternate iOS browser that include filtering capabilities. With a so-called safe browser installed and configured, Safari can be blocked using the iOS Restrictions feature. Any web access from the alternate browser complies with filtering laws. Certain other content restrictions can also be enabled for built-in iOS apps like YouTube. The problem is that a number of apps include built-in browsers that won’t be impacted by this approach. That presents a challenge to app selection and management, but may not be a deal breaker.
The other, more effective, option is to configure a VPN connection on each iPad, set it to apply for all Internet traffic, and make it mandatory for all Internet access off campus. That’s not difficult to do with mobile device management. When an iPad isn’t on the school’s network, it automatically connects to the school network via VPN and all traffic is routed through that connection and thus through the school’s filtering solution. The challenge here is that it will increase the load on the school network and Internet connectivity. More information about this approach can be found in Mobile Iron’s 23,000 Students, 7,000 iPads & iPhones webinar.
Not all schools will need to meet these requirements by law or by policy, but even schools that aren’t required to do so may still choose to, anyway.