Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Today’s schools and students need tomorrow’s cybersecurity
How Boston Public Schools built an RFP for CIPA content filtering
Today’s Speaker
Geri Conley Network Security Coordinator
Boston Public Schools
• Birthplace of public education in America:
• First public school (1635); oldest school system (founded in 1647)
• 120 schools with approximately 57,000 students and 11,000 staff
• Always assessing new technologies and best practices in efforts
for continual improvement
About Boston Public Schools (BPS)
Growing issues with incumbent content filtering vendor
• Product hadn’t kept up with the market or BPS’s needs
• Controlling social media use (e.g. YouTube) and P2P file sharing
(e.g. BitTorrent on SSL) was a problem
• Equipment upgrade was needed, but testing revealed issues:
• Using WCCP & BPS network, could not meet need for
authentication to AD
• Complicated & difficult to create custom block pages
• Hard to streamline handling of teachers’ content review requests
• System management issues exacerbated by poor quality
tech support
BPS’ Situation
Incumbent vendor had become ‘fatigued’
• Multiple ownership changes
• Revolving door w/ account managers
• Tech support guidelines changed and moved to area with inexperienced
technical support
• Shifted focus away from K-12 market
BPS’ Situation (con’t)
• When content filtering solution contract came up for renewal, IT staff
decided it was time for full assessment & review
• Started process by doing its homework, researched vendors & solutions:
• Checked their websites, online reviews, customer ratings, etc.
• Reviewed reports from analysts & market researchers
• Reached out for input from peers & contacts in other systems
A Fresh Look at Vendors & Solutions
BPS staff routinely monitors tech developments in areas relevant
to its operations.
The IT & Networking team led the development
of the RFP using a methodical, detailed process
• Developed very detailed RFP with strict criteria
• To qualify for consideration, vendors had to:
• Adhere to all of the City’s contractual requirements
• Meet BPS’ set of mandatory functional &
support requirements
Designing the RFP and Evaluation Process
Designing the RFP and Evaluation Process
Assembled an evaluation team of 6 senior staff
• All members would review & score qualified RFP responses
• Features, technology & support were the most critical elements
• Cost was also an important factor, but secondary
• Split RFP into 2 sections: technology/support and costs
For starters, solutions had to:
• Meet all CIPA requirements
• Include satisfactory monitoring and reporting capabilities
• Integrate with the BPS's current data network infrastructure
• Block Page minimum requirements
Products also had to meet 11 mandatory requirements covering:
• Content filtering and network security features
• Technology (interoperability, flexibility, and scalability)
• Implementation assistance & ongoing technical support
RFP Details – the “Must-Have’s”
Job #1 – Provide a complete, best-in-class Web content filtering system that:
Automatically blocks and filters certain types of Web traffic, including:
• CIPA-prohibited types (obscene and other harmful content)
• Coverage for all ports & protocols
• URLs, images, HTIP, SSL, web proxy streaming video and audio
• Internet radio, and peer-to-peer file sharing
Detect and mitigate Web-based malware
• Wide range of attacks types & prevention approaches
Provide a customizable block page, including:
• User name and IP address
• Listing of blocked URL and rationale
• Link to page for submitting content/page review requests
• Log-in link for users who want an authenticated policy
Main Requirement – Content Filtering
Additional, non-negotiable requirements:
1. First-rate reporting capabilities
• Solution needed to provide robust but easy-to-use reporting capabilities;
• Unified, system-wide reporting
• Fast, easy & thorough CIPA compliance report production
• Automated production of scheduled reports
• Easy ad hoc and custom report production
1st
Mandatory Requirement Details
2. Provide dependable, high-quality technical support, including:
• Direct support with 24/7/365 availability
• Ability to troubleshoot and resolve issues with:
• System problem or operational disruption
• Running during upgrades, patches and bug fixes
• DB retention, back-ups & system maintenance
3. Transparently monitor, manage, and report on traffic and bandwidth to
and from the organization
4. Vendors needed proven track record in content filtering:
• In operation for more than 5 years
• Success with similar customer(s):
• Infrastructure with 68K+ users and 210K+ devices
5. Capacity and Scalability -- Solution had to support:
• Minimum of 40K IP addresses accessing the internet daily
• Multiple IP subnets w/varied policies & permissions applied to each
Mandatory Requirement Details
6. Using pass-through technologies -- Solution could be:
• An inline, standalone appliance, or
• Integrated with Cisco Firewall and security systems appliance
7. Interoperability -- Solution had to be compatible with:
• Cisco firewalls
• All Cisco switching equipment
8. Implementation assistance -- Vendor had to provide upfront & ongoing support
• Send experienced installation specialists on-site to:
• Set up communication lines, services, and test all functions
• Fully support BPS migration from existing solution, including changing routes
• Provide adequate knowledge transfer, support, and training to BPS' IT staff
• Be available to consult on/help with any deployment issues or questions
Mandatory Requirement Details
9. Authentication support required for the following:
• Windows 7 and 8, and Active Directory
• Macintosh OSX clients
• Chromebooks
• Other mobile devices
• iPads, iPhones, Android tablets & phones, etc.
• Any major OS’s released during life of contract
10. Remote management – Had to have browser-based management with:
• Access password-protected
• Concurrent users enabled
• Configuration settings that could be backed up
• Manually and automatically
Mandatory Requirement Details
All Committee members had full vote & equal say
• Members represented their constituents’ perspectives
• District admin., teachers, IT, Legal/Compliance, etc.
• Produced RFP scoring system that all agreed to
• Held series of review meetings, and all vendors’ responses were discussed at length
• Voting (on features, technology & support) resulted in 3 vendors selected as finalists
• Driver at this stage was thoroughness of the RFP responses
• All three finalists conducted demos and Q&A sessions
• Separate, secondary consideration of costs pared it down to 2 finalists
Gaining Buy-in and Finalizing Selection
The quality of the solution and the people!
• Final choice came down to:
• The quality & capabilities of the iboss solution
• The iboss people who stood behind it
• In addition to answering every RFP question thoroughly, iboss representatives:
• Provided transparency during the demo
• Gave honest & frank answers to tough questions instead of attempting to mask
or gloss-over things
• Customer references were:
• Accessible for calls – BPS didn’t have to move mountains to contact them
• Actual users – Staff members in other districts who actually use are familiar
with the product and its features
Why iboss Won
A smooth migration from legacy SWG and phased implementation
of the iboss Distributed Gateway Platform
• BPS received great support from iboss all through the process
• Terrific content filtering implementation
• Easy policy creation & automated enforcement
• New custom block pages much easier for all involved
• Especially teachers looking for reviews & explanation
• Administrators dealing with all the blocked content alerts
• Better filtering and controls stopped unauthorized downloads and P2P file sharing
• Eliminated related problem of handling copyright violation notices
Results Since Making the Switch
• Implemented a better, stronger authentication regimen
• Stronger identity check, more permission layers
• Successful roll-out of iPad support and Chromebook support w/Google Apps
• Key for offsite device monitoring
• Easy creation of local user accounts is very helpful
• After-school programs
• Temporarily enabling access for parents and other non-BPS users
• CIPA audit – iboss reporting made the exercise fast, painless & successful
• Operationalizing other features on an ongoing basis
Results Since Making the Switch
Here are some of BPS’ guiding principles going into this process:
• Make the process inclusive
• Ensure all stakeholders’ interests are represented
• Have internal experts drive development of the RFP
• Staff people closest to system & district’s needs
• Include both mandatories and ideal-to-have
• Disqualify any vendor that can’t meet all mandatories
• Focus on capabilities first, pricing secondary
Lessons Learned in the RFP Process
Some other advice and tips from BPS
• Beware of RFP answers that have a generic or cut ‘n paste feel
• Beware or vendor references who are difficult to reach
• Or who don’t actually use the solution’s relevant features
• Insist on a demo so you have a chance to interact directly with the vendors’
people.
• Do they seem open and honest? Or something less than that? Are they giving you
frank and unguarded answers? Or not? Trust your instincts here.
• Ask about tenure of support people
• You’ll be working most closely with them
• Short stints and high turn-over is a major red flag
Lessons Learned in the RFP Process
About iboss
The first and only Distributed Gateway Platform with:
• Built-for-the-cloud elastic, node architecture that uniquely solves the
challenge of securing distributed organizations
• Cloud gateways to secure remote offices and mobile workers without
data backhaul
• Optional local gateways that can be used as drop-in replacements to
secure data at HQ without restructuring the network
• 100% SaaS subscription pricing model – no appliances to buy or
manage
About iboss
Redefines the way cybersecurity is delivered
and managed in the cloud and on-premise
• Revolutionary architecture
• Immediate return on investment
• Deeper security
The iboss Distributed Gateway Platform
Over 5 Million
Students Secured
Across the Most
State Contracts
Unsurpassed Scalability
and Innovation
Secure more large
schools than any other
EDU focused solution
Proven deployments
with over 1 million
devices and 40+ Gbps
More integration
flexibility than any
other solution
Backed by more
patents than any other
EDU focused solution
The Most Trusted Name in EDU Cybersecurity
VALUED CUSTOMERS
Founded in 2003
Product Launched in 2009
200+ Employees Across 7
Global Offices
107% 5 Year Compound Annual
Growth Rate (CAGR)
#3 Cybersecurity company on
Deloitte Technology Fast 500
100+ Patents & Patents Pending
INDUSTRY RECOGNIZED
COMPANY OVERVIEW
FINANCIAL BACKING
A Goldman Sachs portfolio company
Questions?
Redefining the way Cybersecurity
is delivered and managed.
Please visit www.iboss.com for more information