Catch a clue from an EDU: Universities that get security right

In these days of consumer gadgets and mobile access, corporations can learn a lot from how universities deploy multiple layers of security.

1 2 3 4 5 Page 3
Page 3 of 5

Like their counterparts in corporate America, leading IT security officials in higher education are thinking beyond their department walls in a search for solutions. They're elevating security to the executive level of risk management, where they can assess risk, assign differing levels of security access, and develop user policies that work with the technology-based safeguards they deploy.

Pitt: Establish zones of trust

Jinx P. Walton, director of computing services and systems development at the University of Pittsburgh, sums up her approach by saying, "It's always going to be a combination of various tools, processes and education. It's layered security models."

At Pitt, Walton deploys a number of technologies and sets policies that are standard in IT security. For example, she uses intrusion-detection and antivirus tools. But she has also implemented more advanced strategies to keep university data and infrastructure safe.

One she calls "zones of trust." Starting in 2007, Walton and her staff started looking department by department, unit by unit, at what work was done by whom. IT first determines what kind of information is required for the work conducted in each zone and then sets up networks and firewalls that ensure that workers can access only the information they need.

Depending on the job, access requirements and the sensitivity of the material, some of a worker's data may be stored on servers while other information is kept on a workstation.

The zones also protect employees' own work, Walton says. "These firewalls work in a two-way fashion: protecting the user from accessing information that he doesn't need to have access to, and supplying the required level of security for the work that the individual does," she explains.

A history professor, for example, wouldn't need -- and therefore wouldn't access to -- servers that store confidential student data, such as financial aid records. "His firewall zone might not open to the secure sites that we have open to the university's own network," Walton explains, adding, "Nothing's wide open anymore."

Penn State: Adopt authentication and encryption

Other institutions of higher learning are creating similar high-tech partitions.

Pennsylvania State University, for example, has set up an ePay virtual work environment to handle payments made to the college by credit cards. Employees who handle credit card data must do that work in a virtual space partitioned off from other applications, explains Kathleen R. Kimball, senior director of security operations and services at Penn State.

Employees access the virtual ePay environment from their regular computers by simply hitting an onscreen icon. "It switches you into the environment where you can work [securely] with credit cards. The credit card information is segregated from other [data]," Kimball explains.

Penn State IT workers built the virtual network to support the ePay workstations two to three years ago to comply with Payment Card Industry Security Standards Council guidelines, but Kimball says she has seen more uses of this type of setup. "This might be something for regular computing for sensitive university data," she says.

1 2 3 4 5 Page 3
Page 3 of 5
Shop Tech Products at Amazon