We have had a case recently where it would have been helpful to see the internet history of an employee on his/her laptop and iPad/iPhone. These devices, of course, are most used outside of our network on campus.
I really don’t want to have to put every device on a VPN for all connections; pretty sure that would slow the device down considerably. Maybe not; I suppose it depends on the service.
What would you guys recommend for this situation? Is there a good, not too expensive service that would proxy these devices? Or perhaps a DNS service that tracks history?
For computers, I am a huge fan of ActivTrak which isn’t cheap, but works exceptionally well.
For mobiles… If we are doing anything we typically just provide content filtering by way of the MDM enforcing Apples “family” filter, or for kiosk style applications perhaps a whitelist regime.
For you to get a full tracking per-user across all of their activity you would need to setup a global http proxy and then build profiles for your computers and mobile devices, and push/enforce them with some combination of system center and MDM.
You’d talk to someone like iBoss for that I’d imagine.
We moved from Covenant Eyes to Barracuda Web Security Gateway this year. We are very happy with it. We have the in-line setup at our main campus, web agents at our regional campuses and all laptops (regardless of campus), and are finalizing the MDM solution to have it proxy traffic for church owned smartphones and tablets. Nice thing about the MDM side is it can proxy the entire phone/tablet, not just a particular browser made by the particular vendor.
For the first time, this will protect all church owned computers/tablets/smart phones on and off the network, seamlessly to the end user. Prior to Barracuda, we only had accountability on computers anywhere.
Thanks for the ideas.
I’ve been talking with Zscaler about doing a web filter/proxy solution for around 80 users. They use a virtual tunnel connection that allows you to have basically your UTM device in the cloud.
Its somewhat expensive but I think probably worth it for what it could offer us. Mainly that no matter if your device is on our network or at home or anywhere, the traffic is filtered real-time with little delay. Also, we get a log of who is going where and when on the internet.