Roman Samborskyi/Shutterstock.com
a dramatic rise in the amount of these applications over the past five years, however, as the rapid adoption of cashless transaction systems has enabled the student to accrue expenses for everything from food, to laundry, to supplies and even tuition.
Depending upon the amount of academic research being done by a college or university (and who is funding it), there may be entire departments with their own servers, protocols and compliance needs. Some will be tightly managed, others less so. These days, much of this work has moved from an on-premises setup to hybrid data centers, or even to a full cloud setup.
In addition to what’s used by professors and staff of the school, there’s the student body, which brings in everything from gaming consoles, to connected devices, to the entire spectrum of patched and unpatched Macs and PCs to the network. That doesn’t even begin to mention the amount of mobile devices that each student, employee and professor has connected to the school’s systems. Estimates put each person at connecting at least two devices to the network, with the total number of devices being 2X that of workstations and per- sonal computers. These devices come in all shapes and sizes, repre-
By Mike Spanbauer
The Importance of Visibility
Preparation to securing your campus environment
sent several different generations of hardware and software, all with their own levels of security.
In an enterprise environment, the technology managers can dictate what is brought in and allowed to connect, and what isn’t. In the col- lege environment, this simply isn’t possible. Recognizing and prepar- ing for this fact is the first step in protecting your campus network, applications and systems.
Technology (and Security) Knowledge Varies Wildly
Another important thing to remember is that all of a college’s con- stituents - students, visitors, researchers, professors and employees – bring with them incredibly varied levels of technology understanding and experience. Some may have a high-level of knowledge and will be very secure in everything they do, and others, less so.
Sometimes an action by an ignorant insider can represent a more significant threat than a sophisticated attacker. Someone who down- loads an application, a movie or music that they think is “free” in fact ends up infecting the device and exposing the rest of the environment to an attack. Or, the threat could originate from the person that doesn’t ever update their device or PC, or the professor that opens every email they receive regardless of the sender.
It is often said that university campus networks make for the best security soak sites. A college campus is a microcosm of the real world, and just like the real world, understanding of technology usage and effective security measures vary widely.
Defending the Campus Attack Surface
Once the expansive potential attack surface is understood, it’s time to take the correct steps to protect it. There are several key strategies to have in place in order to best use time and resources, and provide the maximum protection possible.
There is never a way to protect against everything, or to predict every problem, but by focusing on understanding the environment and being prepared if there is an issue, one can ensure they are in the best possible position to succeed.
Planning. The most important aspect of operating a successful security organization at a college or university is to actively plan for as many potential situations and threats as feasible. An administrator needs to model regular activity, and crisis activity, down to the minu-
JULY/AUGUST | 2021 campuslifesecurity.com 27