As many of our school districts are looking at implementing Microsoft’s Threat Management Gateway, now is as good a time as any to put a few thoughts together:
With the penetration of 3G handheld devices in hands of many high school students and staff, some districts are rightly questioning the effectiveness of ANY content management solution in an environment where a personal device cannot be monitored. That said, school districts are obligated by CIPA and (in our case) state law to do something in an effort to prevent access to inappropriate material.
At this point, it gets difficult for many districts. Depending on the expectations that have been set over years of content filtering and management, classroom teachers and administrators often expect the technology department to stop any inappropriate access from occurring. Technology leaders know that this is not possible. With time, opportunity and motivation, virtually any filtering solution can be defeated or bypassed. If the expectation has been set from the beginning that these matters are handled in the classroom, then the changing landscape of devices and methods of access may not have a huge impact on the prevention of inappropriate access since it would still be attempted and dealt with at the classroom level.
As our districts are considering Threat Management Gateway, I’ve noticed a few things that are worthy of note. First, the URL filtering is a subscription-based add-on that is referred to as the “Web Protection Service.” This service provides subscriptions not only to URL-based categories but also to malware filtering. Issues with malware have become very important to our technical staff due to time spent cleaning up infected devices.
Note also that SP1 enabled certain features such as URL override and reporting enhancements, including a detailed “user activity report.” My first reaction is that these enhancements should have been in the native product rather than a Service Pack, but the fact remains that they are now included and that’s a positive development.
In fact, I think that generally sums up my initial thoughts about TMG. If a school district is simply trying to meet the letter of the law and wants a solution that can filter URLs based on categories and can potentially help with malware, TMG might be a fine solution. Some districts have paid for much more expensive and elaborate solutions that allow for robust reporting and real-time monitoring of particular users. I’m not trying to slander the TMG product and imply that it cannot do these things, but there’s a reason that these other companies charge a premium and I can only assume that it’s due to some advanced features, perhaps ease of use, etc. If you desire some of these advanced features, other products may fit your specific needs.
I’m inclined to compare this market to the old debate of VMWare and Hyper-V in the virtualization market. VMWare was earlier to market and has a strong reputation in this market. Microsoft’s Hyper-V offering was later to market and, at least initially, might not have had all of the features that the VMWare suite had. At the time, one could market higher cost for higher quality while the other marketed a lower-cost product that provided all of the features that many customers might want. I think this is how I would currently categorize TMG. It provides many of the features (if not all) that many customers in this market desire.
At any rate, all of this is subject to change but it’s what was on my mind at the moment. This and 50 cents would have bought you a soft drink several years ago. 🙂