Security Threats | Viewpoint
Higher Education's Top Five Network Security Threats for 2011
The game has changed in higher education network security--the proliferation of embedded devices from gaming consoles to kiosks, the skyrocketing adoption of social media, as well as a slew of other evolving technologies are forcing higher education institutions to 'step it up' when it comes to safeguarding the network. In 2011 we'll see even more threats, and in new environments. And, amid slashed budgets, CIOs and IT pros in the education sector need to figure out how to keep the network running with less resources.
In 2011, there are five key threats that most higher education institutions will face. In fact, you may already be seeing the impact of these on your campus. At Franklin and Marshall, we’ve found that our advanced Network Access Control (NAC) system can help stave off each one. You may be thinking, "NAC? Isn’t that just standard lock-and-block?" While that used to be true, a new generation of advanced NAC solutions are much more intelligent than their predecessors, recognizing different types of users and devices and flexibly applying policies in order to adapt to evolving networks.
With that said, the five threats are:
1. So Many Mobile Devices, so Much Risk. Students are enthusiastic and early adopters of technology, and new devices are popping up on campuses across the country. From iPads to new Android phones, new intelligent devices are launched daily with upgraded versions of operating systems that are ripe for infection and ready to infect your network--it is only a matter of time. You know you need to support these devices, but how do you allow them to connect while maintaining complete visibility and control?
NAC solutions that have multiple components that enable the identification of each connected device, scan each device for threats (including out-of-date anti-virus or anti-spyware protection), and then provide access based on device and role are essential to success. The capacity to do this over multiple network infrastructure components (like Cisco and Alcatel-Lucent components) is also essential in a higher education environment. Our NAC solution helps us to tackle network access control on all fronts and also impede new threats born from the mobile computing explosion as they occur.
2. Viruses Spreading through Social Media. Social media like Facebook, Twitter, and YouTube are here to stay, and college and university students will remain among the biggest users. This means that in spite of a host of malware that can spread like wildfire through social media sites--think the "hilarious video" attack on Facebook earlier this year--it will be virtually impossible to permanently block access to social media on a college or university campus. Quickly identifying which devices are infected is essential to maintaining network security and protecting crucial data.
3. Virtualization--from Desktops to Servers. Gartner reports that 80 percent of enterprises have a virtualization strategy. This is no surprise; virtualization holds promise for enterprises of all types--including those in higher education--that would like to realize significant savings on hardware and management, implement a green strategy, as well as take advantage of the move to virtualized desktops.
As more and more users move to virtualized environments, more threats arise. Higher education institutions need to remember that hosted virtualized desktops (HVDs) should be viewed in the same way as traditional devices, posing the same, and some new, threats as any connected device. We should be setting the stage now, before adoption explodes, with network security solutions that support virtualized desktops. Adoption of HVDs is on track to increase rapidly through 2012. Ensure that your chosen NAC and other network security infrastructure has the capacity to look at an HVD the same way it looks at a PC or a gaming console.
On the server side, virtualizing infrastructure on products like VMware can accomplish many objectives to "go green" and save on costs of hardware and administration. In 2011, look for network security solutions to be more commonly deployed on virtualized infrastructure, and be sure to select solutions that can support that move.
4. Embedded Devices Become the Norm. As tablets and mobile devices with WAN and WiFi become ubiquitous, the embedded connectivity in nearly every other type of hardware is making tracking, monitoring, and managing enterprise productivity easier. Technology ranging from the medical equipment to on-campus kiosks in dining halls and libraries are now connected to the network, facilitating collaboration and communication across college and university campuses. The "green" trend is helping to spread the use of embedded devices--think blinds that automatically raise or lower to optimize heat during different times of the day. This level of embedded connectivity will mean a host of new "headless" devices at risk for viruses and even more threats for the network.
In 2011, look for mass adoption of embedded or "machine-to-machine" devices that promise more access for students and greater productivity for faculty and staff, but plan to incorporate access security that ensures these devices are secure and operating efficiently to deliver required up-time and protect critical data.
5. Consumerization of IT. Higher Ed institutions are no strangers to unprovisioned devices coming on campus, but the consumerization of IT has made the problem even more difficult to manage. As users increasingly adopt their own devices for professional use, higher ed institutions will see more network security threats. In fact, the consumerization of IT is driving the need for network security solutions that can cover multiple types of devices and infrastructure components. Respond with security solutions that identify any consumer-adopted device, scan for threats and deficiencies and then provision access or automatically remediate problems--regardless of the type of device or location.
Greg Schuman is a network analyst at Franklin and Marshall College, working with the institution's Bradford Networks NAC solution.