Trendspotter | Feature
A New Frontier in Security
IT's job is to find security strategies that enable mobile and social apps.
For more than a quarter-million students each year at the Los Angeles Community College District, mobile devices and social software are critical tools for success. That's because these are often students' best and sometimes only ways to connect with peers, instructors, and education resources. In a recent interview, CT asked LACCD CIO Jorge Mata to discuss how institutions need to adapt their security strategies to encompass--and embrace--these tools.
Campus Technology: What is the impact of social software and mobile technology at LACCD?
Jorge Mata: Social media and mobility represent incredible promise at LACCD and in higher education in general. It is about going where the students are: The customers are there, and that's where you want to have your message. You want to join the dialogue, because the big conversation that uses these tools is going on 24/7, and it's going in every direction.
CT: What are the usual expectations about security relating to mobile and social media?
Mata: I think there is a tendency on the part of some administrators, once issues of security are brought up, to try to stop the conversation--it's often the first reaction. But as I always tell my boss, "If you only want me to tell you to stop, you are paying me way too much." IT departments and professionals should be in the business of how: How do we leverage social software and mobility? How do we make it safe? How do we allow the right things to happen?
A lot of older security technology has been very black and white--either "yes, you can do it," or "no, you can't." But the amount of content is so overwhelming now, that the minute you say no to one thing, you create a detrimental effect on another. For example, your institution may have a course on social media that actually teaches and requires the use of social software tools that you might have blocked in another context. You can't take a draconian approach in higher education. To me, blocking is a manifestation of failure--a sign that I've not been able to do my job. Again, I'm really in the business of how, and that's where I should put my efforts.
CT: Are social software and mobility dramatically changing the way you approach security?
Mata: Absolutely. In the past, user interactions were siloed, as in one person talking with a particular application. With newer, mobile technology and social media, you are suddenly looking at thousands of conversations that are happening simultaneously. This is overwhelming to traditional security, to legacy tools. We need to use security tools that are appropriate for this new environment, tools that will let you find that one element within thousands of concurrent sessions that may be an attack--find it and then surgically remove it.
That's what's new in security strategy: technology and security professionals looking more at the behavior and dynamic nature of interactions. This is not something that we did in the past. If you have chosen to stick to your traditional tools, you are already in trouble. Instead, you now need to use leading-edge security technologies--tools that can be driven by policy, that recognize identity, that work with mobile and social applications and their subcomponents in ways that let you apply business rules. You can't just block applications anymore. Applications tied to a specific port that you can turn off are a thing of the past. You have to understand how to enable applications safely. We will all be going in that direction. It's just a matter of time.