Network World - Boston College's IT department has gotten absolutely religious about securing data, three years after a big breach made headlines. So it might seem only fitting that the school's new data center resides inside a former chapel on land acquired from the Catholic Archdiocese.
Boston College in 2005 suffered a data breach of a departmental server that had stored on it the records of tens of thousands of college alumni -- a searing episode that left a "never again" feeling among school administrators and IT staff. When the school decided to build a new data center two years ago, the opportunity arose to start from scratch to develop a more secure IT environment. (Listen to a podcast on five data breach warning signs.)
The 2005 breach, which exploited a rogue server, called into question whether the school should continue allowing academic departments to set up servers pretty much as they wished in the decentralized manner so common in campus settings.
Boston College decided to centralize the majority of its departmental servers in the new facility with more physical security than could be found in the surrounding academic buildings, and it began implementing stricter security policies, including requiring VPN access.
"There was a strong push from upper management to centralize data to minimize the risk," says Joe Harrington, Boston College's director of network services. "By instituting all this policy change and VPN protection, we've made it less likely this would happen again."
Today the new data center -- which still keeps the old stained-glass windows from its days as a chapel -- houses two rows of Cisco Catalyst 6513 switches for redundancy, says Tom Borel, senior network engineer at Boston College.
The backup system resides where the altar used to be. About 75 departmental servers are kept in a physically locked room; about a third of them are virtualized IBM machines running VMware software. IBM also consulted on the data center, which took two years to finish and is double the size of the college's previous data center.
A Cisco ASA firewall stands guard at the network entry, while a Nortel VPN server requires students and faculty who are allowed access to the servers to authenticate.
Any servers that remain at departmental sites across Boston College campus locations are regularly audited, and a firewall-based DMZ was constructed for each of them, Borel says. The school has also deployed Enterasys Networks' Matrix N-Series switches at three campus locations for identity-based authentication of devices.
So far, the college has avoided a repeat of its data breach fiasco. While there are no absolute guarantees in security, there's a cultural change that has the college's IT group exerting greater oversight on network-related activities in departmental groups.
Free Insider Guide
Rising salaries boost IT optimism, though not everyone is feeling upbeat. Our survey of 4,000+ IT workers shows who's riding the wave and why. Use our interactive tool and compare your own paycheck. Read more...
Copyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
