Klein ISD Enhances Security with SSL/TLS Decryption
Sixty-three percent of K-12 educators use technology in the classroom daily with laptops and computers being the most commonly used.
It should come as no surprise that schools with the heaviest focus on technology–like those that make up the Klein Independent School District (ISD) in Texas–are starting to turn an eye towards cybersecurity.
The school district, with a rise in encrypted traffic, was increasingly at a risk of hidden attacks. When its growing need for SSL/TLS decryption was overloading their existing cybersecurity infrastructure and impacting user experience, it turned to A10 Networks for help.
Klein ISD has a mantra: “Every student enters with a promise and exits with a purpose.” Among the things that Klein ISD is known for, educational innovation is at the top.
Just some of the ways that Klein ISD reimagined primary education was with personalized learning, smart classrooms and a flexible yet challenging curriculum.
When it comes to technology, all intermediate and high school students had their own Chromebooks or Windows tablets. That meant more cloud applications and digital content were being used and consumed daily.
The district also employed connected IoT devices for things like school security, thermostats and irrigation.
As their facilities and curriculum increasingly focused on the use of technology, the rising volume of encrypted traffic started creating issues, particularly, putting a big strain on the district’s security infrastructure due to decryption. Performance degraded significantly, and the students and staff noticed.
“It got to the point where we had to turn off SSL/TLS decryption on the firewall because it was negatively impacting performance,” said Chris Cummings, director of IT at Klein ISD. “We lost out on the app-based filtering policies and metrics that were available in our next-generation firewall.”
The digital transformation of schools presents new opportunities for educators and students, as well as for cybercriminals. Most internet traffic is encrypted today (nearly 100 percent across Google products and services), and that allows criminals to hide their attacks in legitimate traffic to deliver ransomware and other malware, or capture personal information.
In these situations, you want to be able to have access to a solution that offers a ”decrypt once, inspect many times” approach, where your entire security infrastructure can be augmented to inspect encrypted traffic with higher accuracy. It’s far more efficient than having different security functions do their own encryption.
With A10 Networks Thunder® SSL Insight® (SSLi) solution, Klein ISD had access to dedicated SSL inspection that created a secure decrypt zone. Traffic is decrypted once, but inspected as needed, which centralizes the demanding work of SSL/TLS decryption and helps maintain optimal application performance.
A10 Thunder SSLi intercepts and decrypts encrypted traffic and forwards it to the firewall, IPS or content filtering system. Once the traffic is inspected, Thunder SSLi re-encrypts it and forwards it to the intended destination.
As an additional layer of security to better protect students from malicious content on the internet, Klein ISD also used the company’s URL filtering service. This service reduced risks by blocking access to inappropriate content and malicious websites. With the URL filtering service, the district was able to meet a variety of federal mandates as well, including Children’s Internet Protection Act (CIPA).
In conjunction to Thunder SSLi, the A10 Harmony® Controller was able to provide the Klein ISD IT team centralized management and rich analytics about anomalies and threats. With Harmony Controller, multiple Thunder SSLi devices could be configured centrally, while the dashboard provides rapid troubleshooting and rich analytics.
As a result, Klein ISD was able to protect 53,000 students and 6,500 staff against cyberthreats. They now decrypt all content for inspection without compromising application performance. They’re also able to proactively adapt controls and policies based on new visibility into anomalies and threats while maximizing their investment into the existing security infrastructure.
“Having a secure decrypt zone with Thunder SSLi lowers the chances that our security infrastructure will miss an attack,” said Cummings. “Our students and staff are better protected, and encrypted attacks are not something they should worry about. We provide them with computers, internet and Wi-Fi, and we take ownership of the experience from end to end.”
For more on how A10 Networks is helping organizations like Klein ISD, see the full case study here.