Campus (IT) Security: not so idyllic!
Being an educator has never been easy, but being an IT professional within an education environment can be downright challenging. We have been getting a great response from our customers at major Universities in the US, and it’s easy to see why. In this post, I’ll share what we know about the IT security challenges within a higher-education context, and through analogy, describe our approach to solving many of these challenges.
For starters, in a College or University environment, there are usually distinct IT organizations for each faculty or department, and each of these areas of the overall IT environment are often administered by their own teams that have requirements and constraints unique to that discipline or department.
This scenario is accompanied by an overarching and centralized IT body that services the campus as a whole, however it is common to see this central IT department act more an enabler and policy maker than an actual implementer of the various IT systems required by each of the different faculties or departments. An analogy could be made that this central IT body is akin to the United States Federal Government in Washington, D.C., and each faculty or department is its own State, with its own set of facilities, resources, and responsibilities.
Similar to the role of State Government in the United States, each faculty can have its own budget and task force which they use to meet the specific needs of that particular group, yet all of their activity must operate within the framework of the central IT department’s overarching policies and protocols. Just like in the United States, this can lead to each region to seem similar on the surface, yet have very different laws and approaches to situations. Each State, for example, has its own transportation infrastructure, yet rules can vary dramatically: try to get out of your car in New Jersey and pump your own gas and you’ll see what I mean – pumping your own gas is illegal there!
This fragmentation can mean that educators and their IT departments get a tailored set of solutions, yet overall, the institution as a whole must handle a much higher degree of complexity. Take a look at our previous posts to read our take on what high complexity can mean for security (Hint: security gets really tough!). In a large University, there can be a dozen or more faculties, multiple administrative offices, alumni organizations, research facilities, and even entire hospitals, which all must be policed, interconnected and federated by a centralized IT department.
We often see each of these IT ‘regions’ administered and maintained nearly entirely separately from one another. This leads to some wasteful duplication of effort, but more importantly, it opens up the entire organization to serious consequences of potential human error, which can inevitably occur during the course of configuring or maintaining these inconsistent and dispersed departments.
Interestingly enough, our analogy can be useful here as well – there are some structures that are very intentionally put into place by the Federal Government in the United States that can be learned from and applied to the context of our IT challenge in higher education.
Next time you are at a border crossing or in an airport in the United States, you’ll notice that the security staff are quite different from the police force of the State that you are in. These areas are federally administered, and have their own sets of rules that are determined and enforced by the Federal – not State – Government. The United States cannot leave these critical functions to the discretion of each individual state – that would result in a fragmented and inconsistent set of rules and would be a security and manageability disaster.
This is a loose analogy: The United States Government has very few meaningful resource constraints, which makes it very different from most Colleges, Universities, or Enterprises.
Colleges and Universities do not have the luxury of currency printing presses! They also don’t have aircraft carriers or militaries or vast global economic influence! For many of these education institutions, it can be next to impossible to get appropriate staff and resources to be as secure as possible within their IT environments.
In our ongoing work with major Higher-Education Institutions on both coasts of the United States, we have been very effective at providing an IT solution that provides the same value to the fragmented and inconsistent IT environment within higher-education that the federal jurisdiction and administration offers to critical points within the United States. Analogously to federal airports, military bases, border crossings, and key government buildings, IT departments have virtualization controllers, data and file transfer systems between them and external partners, and highly privileged assets.
Up until now, it has been prohibitively expensive for most organizations to get this degree of consistency, visibility, and control at enough of these critical areas of their IT environment to keep bad guys out. The cost has largely been a result of the large time commitment and ongoing expertise required to staff and administer what is needed, but that is beginning to change.
At Skyport, we strongly believe that there should be a way to build a compute resource that IT can centrally administer, is trusted and secure by default, and runs in a way that minimizes any room for human error. We build a compute environment that has a strong set of security technology built into the environment itself, and we set it up so that it automatically patches and updates itself, keeps a consistent security stance to what is set by the central administration, and provides full visibility and audit capability regarding what has happened in the software running on it.
The intention is to give the central IT force of a College or University the ability to create trusted control points within their environment. Typically, the most relevant point (which is where we are getting the most attention and positive feedback from our current University customers) has been in the DMZ, where software must be able to communicate both internally within the organization and externally to the internet or to outside partner organizations.
Our product is cheaper than using your scarce IT workforce to individually configure and maintain your DMZ software infrastructure, and has a level of security built into it that sets it in a league of its own.
Universities may not have printing presses, aircraft carriers, or global economic influence the way the United States Government does, but they can finally put the principles behind their approach to security to use using Skyport’s Skysecure servers for their critical and valuable IT needs.
Read more education-specific info here, and register for a demo here, if you’re interested in learning more.