Catch a clue from an EDU: Universities that get security right
In these days of consumer gadgets and mobile access, corporations can learn a lot from how universities deploy multiple layers of security.
Computerworld - Professor Corey Schou was working in his school's library when he realized his computer was picking up a particularly strong Wi-Fi signal.
Normally that would be welcome news. But Schou knew that spot was usually a dead zone, which meant something was probably amiss. So Schou, a professor of informatics at Idaho State University, set out with some of the school's IT workers to solve the mystery.
Turns out a young man in a nearby coffee shop was causing trouble. "He was running an access point and broadcasting without credentials on the same address as the university's access point, and people were logging in," Schou says.
Fortunately, the offender didn't access any protected information. That's because Idaho State, like a number of increasingly tech-savvy institutions of higher learning, had gone beyond deploying routine security systems, such as email filters and firewalls, and had adopted better, smarter and quicker ways to detect and repel would-be hackers.
Universities have no choice but to be on the forefront of IT security, Schou says. They simply have too many user constituencies to serve, too many different types of sensitive data to protect, too many computing and handheld platforms to support, and too many people trying, either for sport or for ill intent, to break down the their digital defenses.
Higher ed, hackers' dream
Typical educational institutions house a treasure trove of material -- from HR records and student files to research data, much of which is proprietary and some of which may even be classified if it's related to work done on behalf of the U.S. government. They also have financial data, such as credit card numbers from students, alumni, parents and visitors. And if they have health clinics, as most colleges and universities do, they have medical records, too.
Moreover, would-be hackers aren't just attracted to all of that valuable data. Some have their eyes on the vast and powerful computer systems that universities maintain -- infrastructure that they can use (and have used) for their own purposes if they're smart and stealthy enough.
"At any given time, I'll have 30 or 40 folks doing things [on our network] that might be moving toward antisocial. They're looking at what I've got, seeing what's open," says Schou, who serves as Idaho State's security adviser and as the associate dean of the college of business.
This all happens in an IT environment that's typically supporting tens of thousands of devices of all makes and models, with a mandate to be as open as possible to facilitate communication, cooperation and collaboration.
It's not surprising, therefore, that breaches happen with some regularity on university campuses. According to data analyzed by Application Security, a database security company, there have been 435 reported breaches that affected 8.5 million records at U.S. institutions of higher education since 2005, the year that the Privacy Rights Clearinghouse and other organizations started tracking such events.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts