Budget cuts, tuition up, resources tightened...How can a university cope with IoT & rising expectations with all these “chopped” ingredients?
I am a self-professed foodie and like to watch cooking shows. I marvel at the way chefs can take a wide range of ingredients, deliberately apply techniques that often seem difficult, and make something amazing!
Coincidentally, I have noticed that same level of mastery in the IT departments of universities. Just like those intrepid chefs, the CIO and team have to work with a diverse mix of factors to support the business strategy of the college. For Internet of Things (IoT), read the latest chef fascination or trend; for budget cuts, read any ingredient no chef wants to cook with; for resource tightening, read the chef must use only a hand whisk and a blunt knife. I think you get my point.
This view was validated at a number of events I attended in the last few months. At the Association for College and University Technology Advancement (ACUTA) annual conference in San Diego the main topics aligned with the view that IT is becoming even more strategic, and even more important to student satisfaction and success. Unfortunately, this direction is hampered by lack of budget and lack of resources. Many sessions discussed the importance of continued professional development, ways to find funding, and optimizing resources in need of supporting the IT demands of faculty and students. The overarching theme was the need for better understanding by executives of cyber security, and the rapid escalation of threats brought on by the race of each college to be competitive.
University IT knows security is vital
The keynote at ACUTA was given by the former Bell Labs head of cyber security / former White house CIO, Carlos Solari, now CIO of Mission Secure Inc. His delectable session was a journey through the threats and solutions that many CIOs have lived through in IT. The universities know this too well as they have experienced most of the consequences of new hacks, virus or breaches ahead of the majority of companies. It’s the nature of education environments that creates this breeding ground for hacking.
The most important message was the proactive steps that Colleges need to make, especially if they are supporting the explosion in smart connected devices as part of their university strategies (including BYOD, IoT, online virtual services, even EDTECH). Carlos called this the Third Wave of threats. See The Internet of Things: Security by Design.
I took this to indicate that although universities have been building solid IT security foundations (for example firewalls, access control), more resources need to be applied to "wave 3” threats (internet of things, smart connected devices) that are appearing in the higher education space.
In fact, the internet of things is far more evident in universities than you might think. Not just smart phones and laptops and STEM devices (robotics, computing kits, 3D printers) but lots of sensors have been enabled with IP capabilities like irrigation systems, washing machines, geo-fencing services, RFID tagged equipment, dorm room motion sensors, security systems, refrigeration equipment in the kitchens…even cooking equipment is Bluetooth and WLAN enabled for remote access!!
So in addition to worrying about student and faculty mobility, the need to support cloud learning applications, and the complexities caused by the crisscrossing of digital footprints with social media, CIOs now have to add IoT to the list. If IoT wasn’t on the university’s IT strategy menu, it needs to be, and quick!
I also attended this year’s INTEROP 2016 in Las Vegas, and was lucky enough to see Arthur Brant, Director of Infrastructure at Abilene Christian University (and new President of ACUTA) present on “Is your network ready for Internet of Things?” You can view his Interop presentation here: http://presentations.interop.com/events/las-vegas/2016/conference-presentations
He made some excellent points about what you need to consider when every device is IP connected, carrying a MAC address, an IP stack and the ability to transport information across the network. One great point is that IoT is made up of not only connected devices, but of smart connected devices. This difference needs to be understood – however unthreatening a device, gadget, or capability is, there is still a potential threat that needs to be considered.
Those Raspberry PI kits or programmable robots are a way in, a weakness to exploit for any hacker. They can punch holes in the security of a network with their natural open source roots. Like a fleck of egg yolk in a meringue base, the smallest element can cause a catastrophe in the kitchen.
This type of threat isn’t news to a university. In fact, recent studies show that education organizations top the lists for cyber attacks: Higher education actually comes out at 105% above the national average in terms of cost per breach. (See this IBM report and articles)
What is the best practice? The best recipe?
So what’s the right balance? How do universities adopt the innovations that students, faculty and stakeholders demand without compromising security? Offering the highest IoT security without compromise could deliver the learning environment that they demand.
First, there needs to be a realization by the executive level of a college on the repercussions of a breach through lack of action. Many states are looking to bring regulations to penalize and fine organizations for any data breach or incident that occurs under their watch.
The best chefs get inspiration and guidance from reading cook books. So too should the CIO and their team. A great source of information is found in a detailed whitepaper by Katie Beaudin that covers the overall context of a data breach, the effects of a breach and the steps to regulate higher education.
What are the right steps for building the right network to help cut the threat?
There is no one size fits all magic solution, no out of the box product that fixes everything, protects everything, and makes this issue disappear. As a vendor, we look to develop architecture that will help an IT department deliver a strong level of defense, while enabling the latest innovations. The range of cyber security features and technology that are supported inherently in the equipment itself are ones that should be at the foundation of the university network.
The recipe is simple but effective, inherently increasing the security of the IP network as a whole:
- Policy management, user network profile and virtual network profiles
- Unified Access capabilities (wired and wireless connections seen as one environment)
- Seamless integration with security tools (Firewalls, AAA, 801.x, etc.)
- Secure operating code and software diversification (See CodeGuardian)
This “Cyber Infrastructure” is now necessary for every university. They must protect against breaches and attacks without stopping progress with education technology for student success.
What is a cyber infrastructure?
Over the coming weeks we will be making recommendations on how to build the new cyber infrastructure for universities, one with faculty and students at the heart, and one that is protected to the highest level. We will be introducing the concept of software diversification, the use of virtual containers across the network, using Intelligent Fabric (iFab), Unified Access (UA), Software Defined Networking (SDN) and networking standards such as Shortest Path Bridging (SPB).
You can imagine a top kitchen using “containers” to organize ingredients, keeping them fresh, avoiding cross-contamination, ensuring the best flavor and outcome of any recipe. The CIO needs to use these same strategies to protect the elements that make up a successful university IT environment.
See the latest information on the latest technology steps we and our partners are developing.
What will you cook?
Like the dishes chefs produce under pressure, it’s the recipes selected and the experience to execute the right techniques that will lead them to success. Every CIO in every higher education institution will need to leverage that approach for a safer future. Bon Appétit!