2008 Campus Technology Innovators: Network Security

TECHNOLOGY AREA: NETWORK SECURITY
Innovator: Ohio Dominican University

After a security breach, and before a network revamp, smart university administrators and technologists forget what they've built to date-- on purpose.

A security breach certainly can make technologists reevaluate the way they organize a network, and that's exactly what happened last year at Ohio Dominican University. On the heels of one such breach, Data Network Manager and project lead Bob Zimmerman and technology gurus at ODU undertook a from-the-ground-up comprehensive review of the university's information security posture and openly discarded all preconceived or biased views of the institution's existing strategy. With each vendor partner, the technologists painstakingly analyzed failures and inefficiencies. They left no stone unturned. The result: a brand-new approach to information security.

According to CIO Mike Young, the goal of the exercise was simple: to achieve a holistic, "preeminent" information security program that would lock down school data in a multi-layered approach that empowered the true requirements to drive the selection of tools.

"We were able to turn a very negative situation into a positive, collaborative experience," says Young, who notes that the transformation took roughly 11 months. "We seized the opportunity to formulate a brand-new approach to security that would not limit our options based on previous investments and expenditures."

Ohio Domincan seized the opportunity to formulate a brand-new approach to security-- without limiting the options based on previous investments and expenditures.

The process of revolutionizing security at ODU hinged on the variety of vendor partners that came in to evaluate different aspects of the network. With representatives from consultancy P3 Strategic, ODU technologists spent the first few months of the process reflecting on the event that had occurred, and analyzing the forensics of the security breach. During this process, Zimmerman and his colleagues were conscious to not focus on blame; instead, they sought to understand present and future threats.

Next, the IT staffers worked with Jacadis consultants to develop short- and long-term security strategies including remediation, security awareness training, network monitoring tools, and quarterly penetration tests. ODU also worked with Acunetix, which detects and patches web vulnerabilities. Finally, ODU contracted consultants from TriGeo for on-demand event management, and turned to Qualys and Bradford Networks, to automate vulnerability management and cleanse user PCs as they are logged on to the campus network. Software from Anixis provided password policy enforcement.

At no point during the IT security infrastructure transformation, says Young, did he or his colleagues anticipate that the new system would work so well, so quickly. The results, he says, have been stunning, revealing that the institution has tallied 108 specific improvements spanning just about every aspect of security on campus. As by-products of these improvements, he adds, the automation of vulnerability management has saved the campus help desk countless hours of PC cleansing, and password resets have dropped from 50 percent of all help desk calls to 20 percent. Young maintains that security remediation efforts resulting from the reports coming from the high-end tools have allowed ODU to proactively correct deficiencies "expeditiously and comprehensively."

In addition to these direct benefits, the project has saved ODU staffers countless hours of administration time. More importantly, the holistic approach has positioned the school to pass just about any audit for compliance, and has catapulted the school into a formal risk-management program. Many ODU staffers now have the opportunity to take information security awareness training, incorporating a series of lectures and workshops designed to raise awareness about security breaches and help users prevent identity theft.

"Nobody takes anything for granted anymore," Young states emphatically.

The most unexpected benefit of the initiative was the way it inspired ODU technologists to launch a formal IT governance effort to establish policies that would reinforce all of the school's new security measures and improvements. Building on this success, the school has set its sights on the next milestone: ISO 17799 certification, involving the Code of Practice for Information Security Management. Stay tuned.

Featured

  • two large brackets facing each other with various arrows, circles, and rectangles flowing between them

    1EdTech Partners with DXtera to Support Ed Tech Interoperability

    1EdTech Consortium and DXtera Institute have announced a partnership aimed at improving access to learning data in postsecondary and higher education.

  • Abstract geometric shapes including hexagons, circles, and triangles in blue, silver, and white

    Google Launches Its Most Advanced AI Model Yet

    Google has introduced Gemini 2.5 Pro Experimental, a new artificial intelligence model designed to reason through problems before delivering answers, a shift that marks a major leap in AI capability, according to the company.

  •  laptop on a clean desk with digital padlock icon on the screen

    Study: Data Privacy a Top Concern as Orgs Scale Up AI Agents

    As organizations race to integrate AI agents into their cloud operations and business workflows, they face a crucial reality: while enthusiasm is high, major adoption barriers remain, according to a new Cloudera report. Chief among them is the challenge of safeguarding sensitive data.

  • stylized AI code and a neural network symbol, paired with glitching code and a red warning triangle

    New Anthropic AI Models Demonstrate Coding Prowess, Behavior Risks

    Anthropic has released Claude Opus 4 and Claude Sonnet 4, its most advanced artificial intelligence models to date, boasting a significant leap in autonomous coding capabilities while simultaneously revealing troubling tendencies toward self-preservation that include attempted blackmail.