By Jeff Paine, vice president of marketing, Pica8.
There’s a revolution sweeping the world’s biggest data centers: open switching. Look inside the top seven web-scale companies, and you won’t find the big networking incumbents. Instead, you’ll see “white-box” switches (or, in many cases, open “brite-box” switches produced by vendors like Dell EMC) that can run open, Linux-based network operating systems from multiple vendors.
What do these companies know that the rest of the industry doesn’t? That there’s no law dictating you have to use proprietary network devices and management software. And that, by leaving the proprietary world behind, you can simplify your network and radically reduce your costs.
This secret is now spreading to organizations in every industry, including education. Colleges and universities have experimented with open switching in research labs for years, but until recently, it just wasn’t feasible for the larger campus network. Now, the last barriers to open access networks have disappeared. University IT departments are starting to realize that the status quo for campus networks is a choice, not an imperative, and there are compelling alternatives to consider.
Seeding the Open Network Revolution
Most colleges and universities use the same aging, proprietary campus network infrastructure they’ve had in place for years. After all, when these networks were built, the big names in networking (Cisco, Juniper, Extreme) were the only options. Despite massive shifts in the devices and applications that have come to rely on access networks in the intervening years, surprisingly little has changed. To the point that most university IT departments just accept these networks’ inherent disadvantages as the price of doing business. Disadvantages like:
High costs, especially for proprietary network management software and automation frameworks, which can run to more than half a million dollars annually
Antiquated three-tier architectures that can’t keep pace with demand for more capacity at the edge and create a sprawling network that’s a nightmare to deploy and manage
Inefficient high-availability mechanisms like Spanning Tree, which strand half the available switch ports and bandwidth in the network
For several years now, the hyper-scale web companies have used open networks to address all these issues. White-box/brite-box solutions can do the same things as brand-name devices (and use the same underlying hardware) with far more architectural flexibility, at a fraction of the price. Until recently though, there were gaps in these solutions that kept open switching relegated to data center networks (or, on college campuses, to the lab).
Tulane University works with Digital Defense, Inc. to increase the security of the data and personal information of more than 16,000 students, faculty and staff. Tulane was struggling with reports that provided large amounts of static and extraneous data, which then had to be distilled into something actionable.
“In higher education, we have the unique challenge of walking a very fine line between providing a secure environment for our students, faculty and staff, while being careful not to be the internet police and block valuable research,” said Hunter Ely, assistant vice president, information security and policy officer at Tulane University.
The Tulane security team discovered a customizable vulnerability scanning and management tool able to deliver reports that provide actionable intelligence, allowing the team to move quickly on remediation issues and help protect the sensitive data of students, faculty and staff.
“Digital Defense helps us identify and remediate critical issues with clear and concise reports supported by a team of knowledgeable experts,” said Mark Liggett, senior security analyst at Tulane University.
Thanks to a vulnerability scanning technology (Frontline VM) Tulane experiences fewer false positives, which saves time, and Frontline VM does not take weeks of training to get new people up and running. This means more members of the security team can use it and have role-based access to the data.
“The data from Frontline VM is distinct without having to go into a lengthy description, and the critical issues are very clear – the big things do not get lost in the shuffle,” said Liggett.
“We work hard to ensure our clients are receiving the data they need to make their environments secure, and also provide security savvy support to assist in rapidly remediating security vulnerabilities that our solutions uncover,” said Larry Hurtado, CEO of DDI. “We understand that higher education institutions like Tulane face a unique set of challenges, and we work hard to support them in keeping the information in their community protected.”
Higher education institutions in the US and abroad are increasingly becoming the target of cyberattacks. Reliance on digitized student records has given cybercriminals multiple avenues to access student information.
To accommodate the student, employee, and research needs, most higher education institutions maintain relatively open, accessible networks and systems. This presents a conundrum for schools: how to balance security needs while facilitating academic activities.
The risk to individual students is high: a breached student record delivers a comprehensive view of a student’s life including personal demographic data, academic records, financial information, and in some cases, even confidential medical data. Compounding these risks is the fact student records are retained for years after they leave the institution.
Students are often the source of potential data breaches. They need to be educated on cybersecurity hygiene principles including the risks with using old and outdated software programs and sharing login credentials with friends and other students. Another risk is downloading sensitive data to personal devices that are typically less protected than institution-owned computer systems or connecting personal devices to the school’s network.
Once connected to the school’s network, each of these personal devices pose additional vulnerabilities to the institution’s systems and many authentication solutions can only run on certain devices or devices that have certain technologies (like biometrics). Even if a school has robust security measures in place, the number of access points introduced by individual devices may unintentionally expose sensitive data.
Tools4ever, one of the world’s largest providers of identity governance and administration solutions and services, announces that it will exhibit at the 2020 TCEA (Texas Computer Education Association) Convention and Exposition. TCEA will be held Feb. 3-7, 2020, at the Austin Convention Center in Austin, Texas.
The annual event is one of the largest, most widely respected events in the country, where education professionals gather to share their vision for the future of education. Tools4ever (Booth #1258) will conduct live demonstrations of its cloud-based identity management solution, HelloID, which is used by hundreds of schools, colleges, and universities throughout North America.
HelloID represents the next evolution in Tools4ever’s 20-year effort to improve and increase the usage and support for education technology in the classroom. HelloID provides administrators and educators with the solution they need to ensure secure access to learning environments, educational devices, and self-guided service and technical support.
The robust cloud platform, HelloID, also enhances students’ learning experiences in and outside of the classroom by providing them the ability to continuously maintain or gain access to their learning portals and devices—at any time, from any connected location.
“The TCEA event is something Tools4ever looks forward to at the start of each new year. Coming back to Austin, TCEA 2020 looks to be a great event to learn and share more in advancing technology to empower staff, students, administrators, and parents—both in and out of the classroom. We are excited to be part of TCEA 2020, including sharing our latest cloud developments with HelloID,” said Peter LaChance, Regional Education Manager for Tools4ever.
The Texas Computer Education Association was founded in 1980 and is known for being the largest state organization devoted to the use of technology in education. The TCEA Convention and Exposition sees more than 8,000 attendees and 450 exhibitors converge each year to share their passion for education technology during five days full of content, insight, and actionable ideas.
Conference information—such as keynote speakers, the full agenda, and registration—is available here: https://convention.tcea.org
Penn State’s official all-in-one mobile app, Penn State Go, is now available to download in the Google Play Store and Apple App Store. Penn State Go delivers single sign-on access to features including Canvas, Penn State email, shuttle bus tracking, campus maps, grades, class schedules, tuition bills via LionPATH, LionCash+, library services, Starfish academic advising, and more.
As part of Penn State Go’s launch, students will be able to curate their experience by selecting a specific Persona (user role) from the currently available choices—University Park, World Campus, and a unified Commonwealth Campus. Planned future updates to the app will allow for specific Commonwealth Campus Personas. Additionally, students can keep informed and connected to what is happening at Penn State by opting into specific channels to personalize the types of messages they wish to receive.
Penn State Go is a university-wide initiative that brings together various units and departments to collaborate on its development to improve the student mobile experience. “Aligned with Penn State’s Strategic Plan priority of ‘Transforming Education,’ Penn State Go will help achieve Penn State’s vision for One Penn State 2025 by providing a seamless student experience and online access to processes across all Penn State campuses,” said Nick Jones, executive vice president and provost.
Student feedback played a significant role in developing a comprehensive mobile platform for Penn State. Discussions with University Park Undergraduate Association (UPUA) and other groups began in early 2019 and provided insight into what Penn State Go features were essential to ensure the app’s success.
Students were also engaged through online surveys to prioritize the desired features and suggest a name for the mobile app. “Penn State Go is going to be a great addition to the Penn State community. As a student, it has everything compiled into one application, and that makes finding everything a lot easier,” said Sarah Jordan, a sophomore in education and UPUA facilities committee vice-chair. “My favorite feature is Starfish because it makes it easier for me to contact an advisor. The overall aesthetic of the application is welcoming as well.”
Lucy Security works with many K-12 districts across the country to help build cybersecurity awareness and protect against phishing attacks (most ransomware attacks start with a simple phishing email.)
Below are some comments from Colin Bastable, Lucy CEO, about the types of trends and issues he sees and what K-12 IT departments can do to protect their employees, pupils and district resources from clever cyber attackers.
According to Colin Bastable, CEO of security awareness training firm Lucy Security:
Education: an easy target for cyber attackers
K-12 school districts range from fewer than 100 employees to several thousand. Some have tiny budgets, and some have more significant resources, but they all struggle with vulnerability to cybersecurity attacks. Just this week, CNN reported that a Texas school district lost $2.3 million to an email phishing scam. Unfortunately, this news is just the latest in an ever-increasing trend of cyberattacks targeting K-12 schools.
According to the K-12 Cybersecurity Resource Center, more than 752 cyber incidents at K-12 schools have been reported since January 2016, resulting in loss of productivity as well as much-needed funds.
Common K-12 cyber scams
One common scam is the Gift Card Scam, where an email purporting to be from the school principal or a head of department asks an administrator or assistant if they can buy some $100 gift cards. Often, this might be during a break, such as Thanksgiving, when the school staff are unlikely to meet.
Once the admin has the cards, they email a reply (to the fake email address) saying “I have them” and the thief asks them to scratch off the security number and send pictures of the cards, “because I need to get the gift to the students today.”
Another common attack is to send a change of bank deposit details to the school payroll staff.
These are quite simple attacks, yet extraordinarily successful. More sophisticated attacks involve BEC (Business Email Compromise) attacks, like the gift card scam, but involving hundreds, thousands and millions of dollars in losses, where the imposter asks for urgent payments to be authorized.
Ransomware attacks are also prevalent in K-12 and local governments, causing multi-million-dollar losses and billions of losses worldwide.
By Chris Wessells, senior higher education strategist, Dell Technologies.
A university CIO is responsible for myriad responsibilities related to improving and maintaining technology and services in support of institutional goals. Still, to do that effectively, the job goes far beyond what many typically consider as part of the role.
Hiring engineers and IT specialists? That’s part of your requirements, in addition to protecting personal information of students and faculty, ensuring there is a high-performance infrastructure, as well as providing effective systems and IT services to meet institutional requirements.
A CIO needs to have a variety of skills to succeed, including being capable of managing people and change while also considering financials, managing a budget, balancing technology responsibilities and keeping cybersecurity top-of-mind.
Having served as a CIO at prominent four-year universities in the United States, I learned that in addition to the responsibilities outlined above, the role of a CIO is an ever-changing position that requires constant evolution and adaption to meet the needs of a heavily technology-driven community.
Some of the most important lessons I learned include:
1) Relationships are as important as technology
I quickly learned that building relationships with executive decision-makers was crucial to the success of institutional initiatives. Building bonds with business unit leaders from facilities management to public safety to athletics can be as essential at the relationships with the provost, deans and academic department chairs. That is, the CIO should cultivate and maintain healthy relationships at all levels of the university, which can lead to allies in digital transformation efforts.
Being connected with students is equally important. I found having a student technology advisory committee was an excellent way to listen to student needs, gain insights on how to improve IT services and build trust with the student community.
Building a strong IT leadership team also enables CIOs to form better relationships on campus that will assist in implementing new academic and administrative initiatives.
2) Enforcing shared governance is a must
One common CIO mistake is dictating change without receiving input from others on campus. This is why shared governance, placing the responsibility, authority and accountability for decisions on those who will use the technology, should be a top priority. Shared governance with the academic community is essential to being successful.
Higher education CIOs should be shifting responsibilities from operating technology to more strategic governance responsibilities. Students and faculty are the primary constituents that require technology and services from a campus IT organization, so naturally, CIOs should consider their requirements when assessing and implementing new solutions. For example, before purchasing new classroom instructional technology, it is crucial to consult faculty on those matters; and include faculty in pilot projects and testing. This approach often leads to better decisions that are made collaboratively, rather than having IT simply dictate decisions from a technical standpoint.
Question: What are some tips and guidance for educational entities to ensure the safety and security of their IT data. What steps can and must IT leaders in schools, colleges and universities take to protect their back end data and information, and what should they be most aware about the current threat landscape?
Educational institutions are especially have unique challenges because of the large variety of different end-points that are brought into their environments. It is critical that the IT data is segregated from the networks that can be accessed by these un-managed end-point devices (such as personal mobile phones/laptops etc.). Once the IT data is isolated from the internal unintentional harm, the infrastructure security posture needs to be hardened by modern and thorough unified threat management (UTM) system.
The key tip is to keep these UTM systems up to date and current to avoid new threats. For easier consumption of UTM services, a cloud delivered UTM can be leveraged either instead of or in conjunction with on-premise based UTM solutions. In either case, considering a managed UTM solution should be considered as this will provide the security that the organization needs without significant IT effort, but rather receiving the benefits as a managed service.
Schools are especially prone to ransomware attacks, due to the combination of weak security protocols, out of date computer equipment, and a lack of skilled staff. Digital infections can spread among school computers much the same as biological germs spread among students. Security is unfortunately quite a lot like a treadmill – it never stops. You can never arrive at a state of solid protection, because what was good enough yesterday won’t be good enough tomorrow. New vulnerabilities are continually being found. The need to invest in basic online hygiene is constant.
The best security leaders have given up on implementing perfect protection, focusing instead on Digital Resilience. It’s not possible to stop every attack, but it is possible to plan ahead for how you will withstand and recover from attacks. This requires detailed knowledge, ahead of the attack, about your whole network, so that you know how to recover when any part is damaged.
Schools plan for many different kinds of disruptions – extreme weather, earthquakes, etc. What all schools have in common is they are online, and this means planning for an online disruption is mandatory. A good way to start is by mapping out the school’s network of resources, to understand what depends on what.
Sivan Tehila, director of solution architecture, Perimeter 81
Cyberattacks are becoming more and more frequent and sophisticated. While at the same time, many organizations are adopting cloud-based infrastructures. This is why cloud accounts are being targeted more than ever. The easiest way to hack into your cloud environment is by exploiting the cloud account credentials. As well, there are many different types of threats for cloud environments, such as cryptojacking, insecure APIs (application programming interfaces) and more.
However, insufficient Identity accesses are the best vulnerability for an attacker to exploit. This is why we will probably see a high demand for identity providers and single sign-on capabilities and especially Zero Trust remote access solutions.
Response from Roger Sands, CEO and co-founder, Wyebot.
Traditional teaching methods are being replaced with eLearning initiatives, smart boards, and 1:1 computing. This tech-forward education is leading to a new, tech-friendly environment that is more complicated than finding room in the budget for new laptops, Chromebooks or iPads.
IT Administrators and schools as a whole need to understand how new devices will impact an existing network, and what work needs to be done to ensure the network grows along with, or faster than, the new eLearning demands.
Today, there are an endless number of devices connected to a school network, including personal devices, classroom devices and school-wide IoT devices, like thermostats, printers and security systems. Each device is unique: some will be only 2.4GHz compliant; some will support higher spatial streams and data rates; some will be used frequently, others only rarely.
Regardless, they will all compete for airtime and impact the performance of the overall network if the proper systems and protocols are not in place. To ensure optimum network performance, schools should:
Provide, and enforce, a BYOD policy. At the very least, schools should limit the amount of personal devices students and staff can use, if they allow them at all. To avoid personal devices from slowing down eLearning initiatives, IT Directors should move personal tech to services that are 2.4 GHz only, while the eLearning activities are on 5 GHz.
Monitor and identify all devices on the network, and what they are doing. Tools that offer device fingerprinting and recognition support 100% network visibility, so IT knows exactly what the network is supporting, and how it needs to grow. It also allows IT to efficiently identify which devices experience problems and how best to resolve any issues. Ideally, the tool will also give historical data on each device, which allows for quick resolution to those pesky intermittent issues.
As IT directors optimize their networks for eLearning initiatives, it’s important that they look ahead and plan for the future. IT Directors should be looking three to five years ahead, and build a network that will support future needs. By defining network needs early, schools will ensure they’re prepared for what’s ahead, while still maintaining the budget.
Response from Samir Tout, professor of information assurance, School of Information Security and Applied Computing, Eastern Michigan University.
In the last decade, we have witnessed a shift in the IT landscape with the rise of cloud computing, mobile devices and the Internet of Things (IoT). As a result, a new era has begun—one that brings along promising infrastructural enhancements, albeit with new challenges to the modern enterprises, including educational institutions. This necessitates that IT leaders at schools and universities perform a thorough analysis of how this will impact their systems, networks, and most importantly their data.
Educational institutions produce a massive amount of data about their students and staff. Such data constitutes a luring treasure trove for hackers who may launch advanced attacks against various layers of the school/university systems. IT leaders at these institutions must pay attention to key measures that are still common even to a great degree to the modern IT landscape.
If established, these measures would mitigate or possibly eliminate the risks of potential intrusions. They include: system hardening, secure perimeter architecture, anti-malware and endpoint defenses, strong encryption, establishing and adopting security policies, and applying information security principles such as least privilege, separation of duties, and role-based access control.
Furthermore, one of the most forgotten yet important measures is security awareness training and professional development for the staff that maintain the institution’s infrastructure. This has become even more vital with the advent of the modern IT landscape mentioned above, as staff members must stay up-to-date or otherwise risk being ill-equipped to properly maintain the infrastructure and its hosted data.
IT leaders must set strategic goals that embrace the above measures as part of the fabric of the institution. This means, among other things, that they include them in their strategic plan, allocate proper budgets for them, and support them with resources and, when necessary, expedited approvals.