CIOs Speak Out on Bandwith, Malware, File Sharing
An effective chief information officer can be a bit like a superhero, but without the visible cape. Protecting information and ensuring the population can go about its day-to-day are all in a day’s work for these administrators. This spring, we talked with five campus CIOs to hear what is keeping them up at night and getting them revved to go in the morning. While we heard bandwidth is an ever-growing need (it’s like a teenager on a growth spurt), we also heard good news about the ability to use technology to inform the culture and learning of an institution.
Read on to hear what Raechelle Clemmons of St. Norbert College (Wis.), Kimberly Conley of Henderson Community College (Ky.), Timothy Kentopp of Voorhees College (S.C.), Peter J. Murray of the University of Maryland, and Joanna Young of the University of New Hampshire have to say about hot technology topics.
What steps have you taken to bolster your network to handle bandwidth demands from a wide variety of student devices? Do you have official policies as to what devices are allowed or not allowed?
Clemmons: About a year ago we moved from commercially getting our bandwidth, and we built an infrastructure to get a direct fiber connection to the state’s educational network. That’s a huge boon for us. We don’t manage by the type of file, but we try to make sure all of the traffic gets an equal share of the bandwidth, which is not as much of an issue now that we have the 1 gigabyte. We don’t limit what devices they are allowed to use. The only thing we do prohibit is students putting in their own networking equipment, like their own routers.
Young: We triple our Wi-Fi or even more each year—it used to be double. I really have started to think about this in the way you think about your plumbing or your siding; it’s become another piece of the physical infrastructure. If you don’t, it’s a negative differentiator. Parents ask us about it when they come visit the campus.
Murray: We upgraded our core network from 1 gigabyte to 10 gigabytes to handle the latent demand for bandwidth that has been showing signs of increasing steadily over the past few years. The increase has been due to an increase in devices used on campus, as well as increased data transmission across the network and to/from the internet. It’s a consumer-driven environment with students, faculty, and staff bringing these devices to our campus. While we try to be proactive, we do often have to react. From the security standpoint, we have that nailed down pretty well. Of course, we make adjustments when we get updates on software and hardware.
Conley: We spent a little over $100,000 on a project to put in a new wireless controller and access points so we were saturated. We run both a faculty/staff and a student wireless system.
Kentopp: We’ve been looking at solutions like Aerohive. It’s a good way to get additional coverage out for users at a lower cost and lower maintenance. As far as the back end goes, a couple of years ago, we split access into two dedicated circuits, so our students would be covered on one internet circuit and the faculty and staff would be covered on another. We saw this coming and bought additional bandwidth so we’d be more reliable.
How do you protect your network from malware or viruses that may be lurking on individuals’ devices?
Clemmons: All devices that hit our network have to be registered. If it’s a computer, it goes through a process where it looks for a number of things, and one of those is antivirus software. We’re at the beginning stages of thinking about and understanding protection around mobile devices. I’m starting to get spam on my mobile device, which wasn’t happening a year or two ago.
Young: As a chief information officer, that’s a constant journey. You have to have very good connections to your vendors in that space to make sure you’re keeping up with the latest and greatest. I have to say, where we’ve been putting energy has been in educating people. We educate our students when they come through the door with us, and every year, we have a strong focus in October, which is cyber-security month. People are more aware and careful.
Murray: Currently, we have our IPS configured to watch inbound as well as outbound traffic. Devices that appear to be causing issues are blocked, and the network administrator for the local subnet that the device is connecting to is notified so that he or she can resolve the issue. We are investigating a network access control (NAC) solution and implementing posture checking for all devices that connect to the wireless network or via VPN.
Conley: Currently, we’re using Cisco’s Clean Access, which is being phased out. Users have to be at a certain level of virus protection on their machine before they are allowed access to our network. We’re moving to NAC. That’s been our way of keeping things from getting to our network. We segment the traffic, too; that traffic never really touches our production network.
Kentopp: We have this wireless controller from Cisco, and it’s high-end stuff. It’s capable of DOD-grade, AES-encrypted, two-factor authentication, Wi-Fi access for segments of the population. If there are 50,000 new infections or exploits or malware every month, you’re blocking more and more and letting fewer things in. The whole concept of application whitelisting is the reverse of that. You have a narrow definition of what you’re going to allow. For example, our financial services office only really works with a dozen or so apps, [and] we’re going to allow those. We’re looking closer and closer to that as a concept. We think allowing access to highly defined applications and blocking everyone else is the only way we can manage threats in the future.
File sharing is a huge problem on campuses. How do you keep it under control? Do you educate students to the consequences?
Clemmons: Partially because we are doing rate-limiting and traffic-shaping, [students] can’t grab too much bandwidth or the process slows down a bit. And, when they register a device, they agree to a policy on file-sharing, and we have a specific procedure for addressing it. If we get a complaint, we know who it’s coming from because the device is registered. We can suspend internet access. They have to go through certain steps to get their access restored.
Young: We take that very seriously. If something bad does happen, of course there are formal ways you get notified about that. We had a very good process working with our student affairs as far as notifying students who allegedly did something maybe they shouldn’t have. We also work with them to sit with one of our security team, talk with them [about how] they can’t do this again. It isn’t just that we pass along information; we actually feel responsible as a university.
Murray: We manage bandwidth and policy enforcement with a hardware appliance. It is configured to block all peer-to-peer protocols unless someone can provide us with a legitimate business need for utilizing those protocols. To date, we have received no requests for a deviation and the number of complaints from the RIAA and DMCA diminished to almost zero infractions. We are required to educate students about the illegality of file sharing and we have a web page that educates them regarding this issue.