iPads have a prominent place in the K-12 ecosystem. While we often see the higher grades go with Chromebooks as the 1:1 device of choice, lower grades typically go with iPads due to its tactile interface. Educational apps minimize the need to type while fostering learning.

With many schools choosing to send these devices home, both the CIPA law and pressure from the local parent community forces schools to provision their iPads with some form of filtering. Apple’s architectural limitations have thus far allowed only 2 options. Both of these have their own limitations.

Safe Browsers

This approach requires uninstalling Safari and installing a specialized browser that filters web traffic. The approach suffers from the following limitations:

App traffic is not filtered.

Hyperlinks on any webpage tend to use Safari as the default browser.

Removing Safari breaks a number of Edu critical apps such as docs and drive.

In other words, Safe Browsers are simply not an option for a school or district trying to ensure that their taxpayer dollars spent on devices will move the needle on student achievement.

Proxy

Apple provides the option to push out a global proxy setting via MDM. This would mean that every byte of data from the iPad would need to be routed through the designated proxy. This approach has the following downsides:

Most proxy solutions are hardware appliance based. When the device leaves the network, the traffic is forced back through the appliance which is usually installed on the school’s network. By definition, this requires the school to become a 24/7 ISP for at-home traffic!

Even those proxy solutions that are cloud based like Securly’s often see Apps “break” because many cloud based services simply do not like to see their App traffic be proxy-ed. These services need to be constantly exempted from PAC files as the school runs in to them.

Many Firewalls tend to block proxy traffic out of the box. To address this, schools often need to maintain a running proxy whitelist on their Firewall.

The Holy Grail of iPad Filtering

Thanks to months of diligent R&D + recent advances in iOS 10, Securly is able to introduce the first proxy-less off-site filtering solution for iPads that is not a safe browser. The solution involves provisioning the iPad with a lightweight DNS setting – as a result of which ~1% of the device’s traffic is selectively proxy-ed. This includes App traffic. Securly is also able to avoid proxy-ing all of the traffic.

For more updates and product releases, subscribe to our newsletter:



