Catch a clue from an EDU: Universities that get security right
In these days of consumer gadgets and mobile access, corporations can learn a lot from how universities deploy multiple layers of security.
Computerworld - Professor Corey Schou was working in his school's library when he realized his computer was picking up a particularly strong Wi-Fi signal.
Normally that would be welcome news. But Schou knew that spot was usually a dead zone, which meant something was probably amiss. So Schou, a professor of informatics at Idaho State University, set out with some of the school's IT workers to solve the mystery.
Turns out a young man in a nearby coffee shop was causing trouble. "He was running an access point and broadcasting without credentials on the same address as the university's access point, and people were logging in," Schou says.
Fortunately, the offender didn't access any protected information. That's because Idaho State, like a number of increasingly tech-savvy institutions of higher learning, had gone beyond deploying routine security systems, such as email filters and firewalls, and had adopted better, smarter and quicker ways to detect and repel would-be hackers.
Universities have no choice but to be on the forefront of IT security, Schou says. They simply have too many user constituencies to serve, too many different types of sensitive data to protect, too many computing and handheld platforms to support, and too many people trying, either for sport or for ill intent, to break down the their digital defenses.
Higher ed, hackers' dream
Typical educational institutions house a treasure trove of material -- from HR records and student files to research data, much of which is proprietary and some of which may even be classified if it's related to work done on behalf of the U.S. government. They also have financial data, such as credit card numbers from students, alumni, parents and visitors. And if they have health clinics, as most colleges and universities do, they have medical records, too.
Moreover, would-be hackers aren't just attracted to all of that valuable data. Some have their eyes on the vast and powerful computer systems that universities maintain -- infrastructure that they can use (and have used) for their own purposes if they're smart and stealthy enough.
"At any given time, I'll have 30 or 40 folks doing things [on our network] that might be moving toward antisocial. They're looking at what I've got, seeing what's open," says Schou, who serves as Idaho State's security adviser and as the associate dean of the college of business.
This all happens in an IT environment that's typically supporting tens of thousands of devices of all makes and models, with a mandate to be as open as possible to facilitate communication, cooperation and collaboration.
It's not surprising, therefore, that breaches happen with some regularity on university campuses. According to data analyzed by Application Security, a database security company, there have been 435 reported breaches that affected 8.5 million records at U.S. institutions of higher education since 2005, the year that the Privacy Rights Clearinghouse and other organizations started tracking such events.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts