Tuesday 30 June 2015

Web Filtering for the SaaS School - Part 2

In a previous blog we saw how functionality required from a modern web filtering service has now expanded beyond the simple on-premise server installation that fulfilled this role a decade ago and proposed that SaaS is now in a position now deliver a better solution than an on-premise server.

Instead of just looking at the current options and then tabulating up the pro’s and cons (other sites do this so much better) let’s play a mind game and list all the things we’d like from a filtering solution in a perfect world and see where that leaves us.

  • The system must be able to interpret encrypted traffic. Ideally this would be without the overhead of deploying local certificates or any local configuration but if this isn’t possible the device management should be simple and non-invasive.

  • The service should not have any hard limits and should be capable of scaling up and down on-demand.  The solution should operate the same way for a 10 user installation as a 10,000 seat install and the migration between the two should be seamless without any hardware or licensing breakpoints.

  • The solution must be fault tolerant across the whole product range and be backed up with SLA which guarantees at least 99.9% uptime.

  • The solution must be simple to install and provide a trial option.

  • The service must have the option for ‘remote’ operation to protect 1:1 devices outside of the schools network.

  • The filtering policies and reporting tools must be accessible from any location or device without VPN assistance and have a multi-site capability that comes as standard.

  • Policies must be driven from an existing student/group database without any data re-entry.

  • All software, firmware and product updates must be applied automatically without any local user intervention. A configuration backup will also be made automatically and held off site as part of the service.

  • Licensing is simple, based on user or device with no up-front installation costs and with the option of short term contracts.

  • There should be no requirement to provide third party hardware, software or licensing to support the service.

  • The service should not increase the quarterly power bill but if does it must display an exciting set of flashing lights and be finished in a bright primary color to give the impression of modernity and general funkiness.

Now the question is - how many of these requirements are likely to be fulfilled by an on-premise filter?

Of course the requirements are skewed in favour of SaaS and they could have been summarised in a much simpler list;

  • easy administration through a web console.
  • automatic updates and patch management
  • elasticity on-demand
  • subscription licensing model with no barrier to entry.
  • remotely hosted with built-in fault tolerance.
  • SLA implicit with service.
but that doesn’t make them any less more desirable with respect to content filtering.

The final takeaway is that the move toward secure communication has fundamentally changed the playing field.

What used to be a simple function of running a lookup on a web address has now become a processor intensive operation that will only ever increase with time and the most efficient way of doing this is in the cloud were the unit cost of those processor cycles is far cheaper than the on-premise fixed capacity server. 

SaaS Options.

There are a number of companies that can offer web protection as a true SaaS service with no on-site component.

GoGuardian has developed a service that focuses specifically on the education Chromebook space.

Securly offers a comprehensive package specifically for education that covers a range of clients types. Interestingly they recently announced the possibility of SSL decryption without configuration files which would provide a clean sweep of the “wish list”.

At same time the standard players such as McAfee and Symantec have caught the trend and are now offering a SaaS option as part if the product line.

And of course there's always the option of the brightly coloured box if you like that 'retro' feel.

No comments:

Post a Comment